1.SQUID PROXY
BASIC
TRANSPARENT SQUID PROXY
CHILD SQUID PROXY
WITHOUT SQUID:
==============
ISP
|
|-----|SWITCH(Normal)|-----|---PC
|---PC1
|---PC2
SQUID PROXY:
=========
BASIC
TRANSPARENT SQUID PROXY
CHILD SQUID PROXY
WITHOUT SQUID:
==============
ISP
|
|-----|SWITCH(Normal)|-----|---PC
|---PC1
|---PC2
SQUID PROXY:
=========
use: To share the internet through out the network with filter
[ISP] (dhcp/static)
|
|
[eth0]
|
______
| |
| |
| |--->(cache saved in /var/spool/squid)
| | ........................
-------- |
| |
| |.........................
[eth1]--------[SWITCH]--|---[_]-->...{www.google.com}
|---[_]
|---[_]
|---[_]
Profile: It is use for to share the internet throughout the network with filter
Package: squid, httpd
Port: 3128(default )
Demons:squid
script: /etc/init.d/squid
Configuration file: /etc/squid/squid.conf
Related: ACL
Service type: system-V-manage service
To configure squid we Required:
-->PC with 2 NIC cards names eth0 and eth1
-->ISP (internet public IP address) dhcp/static 51.73.171.26 provide to eth0
check 3128 port is open or not
#netstat -ntlp | grep 3128
RULES in squid server
1. allow the network (eg: src )
2. Deny the website (eg: dstdomain)
3. Deny the Bad Words (eg: url_regex)
4. Time resoritation (eg: time)
5. password Auth for MD (eg: proxy_Auth)
STEPS to configure the SQUID PROXY:
========================
step 1. install squid ,http packages
#yum install squid* http* -y
step 2.Restart and enable services
#service squid restart
#service httpd restart
#chkconfig squid on
#chkconfig httpd on
3.To allow the Network
==============
go to squid configuration file, i.e,
#vim /etc/squid/squid.conf
1.search for word "http_port" it is the squid listens port 3128 defalt( use /http_port to search)
2.search for word "INSERT" add below line
acl mynet<rulename> src(keyword> 192.168.0.0/24
http_access allow mynet
save and exit
3. restart service
#service squid restart
4.To deny website
============
#vim /etc/squid/squid
#INSERT your own RULES:
Service type: system-V-manage service
To configure squid we Required:
-->PC with 2 NIC cards names eth0 and eth1
-->ISP (internet public IP address) dhcp/static 51.73.171.26 provide to eth0
check 3128 port is open or not
#netstat -ntlp | grep 3128
RULES in squid server
1. allow the network (eg: src )
2. Deny the website (eg: dstdomain)
3. Deny the Bad Words (eg: url_regex)
4. Time resoritation (eg: time)
5. password Auth for MD (eg: proxy_Auth)
STEPS to configure the SQUID PROXY:
========================
step 1. install squid ,http packages
#yum install squid* http* -y
step 2.Restart and enable services
#service squid restart
#service httpd restart
#chkconfig squid on
#chkconfig httpd on
3.To allow the Network
==============
go to squid configuration file, i.e,
#vim /etc/squid/squid.conf
1.search for word "http_port" it is the squid listens port 3128 defalt( use /http_port to search)
2.search for word "INSERT" add below line
acl mynet<rulename> src(keyword> 192.168.0.0/24
http_access allow mynet
save and exit
3. restart service
#service squid restart
4.To deny website
============
#vim /etc/squid/squid
#INSERT your own RULES:
acl mynet src 192.168.0.0/24
acl password proxy_auth REQUIRED
acl badsites dstdomain www.yahoo.com
acl badtime time 10:00-16:00 #(10am to 4pm)
acl badwords url_regex -i "/etc/badwords" #(create file /etc/badwords and write all bad words)
http_access deny badwords badtime
http_access deny badsites
http_access allow password
http_access allow mynet
To allowing users in bad time:===================
1.install a package htpasswd
#yum install http* -y
2. To allow user called bob
#htpasswd -mc /usr/etc/passwd bob
3. search for word called ncsa and write the following
auth_param basic program /usr/lib/squid/ncsa_auth /usr/etc/passwd
******************************************************
SQUID TRANSPARENT CONFIGURATION:=========================
Please follow these steps you will configure the squid with
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
save & quit
#vim /etc/squid/squid.conf
##--please enable this options--##
http_port 3128 transparent
acl our_network src 192.168.1.0/24
http_access allow our_network
cache_mem 16M
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
store_log /var/log/squid/store.log
cache_dir /var/spool/squid 200016 256
cache_mgr user@desktop7.example.com
visible_hostname desktop7.example.com
save and quit
#squid -z
#service squid restart
#then if u want to make it transparent kindly add rules to iptable firewall##
#iptable -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
##If you would like to redirect the all http traffic through the proxy without needing to setup a proxy manually in all your applications you will need to add some rules,,
#ipables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
#####......Note: eth0 is connected with your LAN switch.......##
CHILD PROXY CONFIGURATION:==========================
_________
| |
| |MAIN PROXY SERVER
| |192.168.0.254
| |
| |
| |
-------------
__________
| |
| |CHILD PROXY SERVER
| |
| |
| |
| |
--------------
#vim /etc/squid/squid.conf
##search word for cache_peer
##uncomment following line
SQUID TRANSPARENT CONFIGURATION:=========================
Please follow these steps you will configure the squid with
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
save & quit
#vim /etc/squid/squid.conf
##--please enable this options--##
http_port 3128 transparent
acl our_network src 192.168.1.0/24
http_access allow our_network
cache_mem 16M
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
store_log /var/log/squid/store.log
cache_dir /var/spool/squid 200016 256
cache_mgr user@desktop7.example.com
visible_hostname desktop7.example.com
save and quit
#squid -z
#service squid restart
#then if u want to make it transparent kindly add rules to iptable firewall##
#iptable -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
##If you would like to redirect the all http traffic through the proxy without needing to setup a proxy manually in all your applications you will need to add some rules,,
#ipables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
#####......Note: eth0 is connected with your LAN switch.......##
CHILD PROXY CONFIGURATION:==========================
_________
| |
| |MAIN PROXY SERVER
| |192.168.0.254
| |
| |
| |
-------------
__________
| |
| |CHILD PROXY SERVER
| |
| |
| |
| |
--------------
#vim /etc/squid/squid.conf
##search word for cache_peer
##uncomment following line
hostname type Proxy icp port options
cache_peer 192.168.0.254 parent 3128 3130 default
#service squid restart
No comments:
Post a Comment