Configuring Transparent Web Proxy using Squid 2.7STABLE9
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
By sabir_mustafa at 2011-01-21 11:56
DEPLOYING TRANSPARENT WEB PROXY SERVER USING SQUID 2.7STABLE9
It is expected that reader have at least 01 year of experience in Linux and have good command on terminal.
The purpose of this document is to provide a practical guide to the Linux professionals who desire to deploy a sufficiently secure and transparent squid in their infrastructure.
The squid RPM that is shipped with Linux is an easy start but for a system administrator this RPM might be insufficient since it will be lacking certain advance features like bandwidth control, transparent etc.
In this document we will download the squid 2.7STABLE9 from the www.squid-cache.org and compile it with the desired options.
Step 1:
• Download the squid 2.7STABLE9 from www.squid-cache.org.
• Copy the downloaded .tar.gz file in /tmp directory and perform following steps
a. Open terminal
b. Cd /tmp
c. Mv downloadedfilename.tar.gz squid27.tar.gz
d. tar –zxvf squid27.tar.gz squid27
e. Cd squid27
When you are in the squid directory, it is then possible to use “./configure” command to compile the squid in default mode. Since our goal is to compile squid with advance options therefore I had compiled the squid using the following options according to my needs:
I strongly suggest that you must use the command “./configure --help” and read the description of each switch before proceeding.
After the squid is compiled successfully you should see Configuration successful message on the screen.
Code:
Type make && echo “Make Successful”
Code:
Type make install && echo “Installation complete”
If all the messages appear correctly then the squid is completely installed. By default, squid places its files under /usr/local/squid path. Moreover the command “service start/stop squid” is not available in this mode. I shall write another small document on this topic but right now we have to know how to start and stop squid.
Before starting squid, we need to configure user permissions and cache directories. By the time squid is installed from source there is no “squid” user or group exists on the machine and you have to create them if you want to, however, the default user and group “nobody” can also be used to serve the same purpose.
To enable cache effective user type
vi /usr/local/squid/etc/squid.conf and search for the word “nobody”, the default user for the parameter “cache_effective_user” is “nobody” you can replace it with “squid” if you want.
After setting user, now search for “cache_dir ufs”. The default path and settings to this directory is “/usr/local/squid/var/cache 3000 64 512” on my machine. You can change the path and the settings as well but remember that these directories should be read and writable to the user “nobody or squid”.
Now since you have verified the physical path, it is time to set permission for the user. In my environment, I am using “nobody” therefore I shall perform command for this user.
Type “cd /usr/local/squid/var” and type “ll” to view the existing directories. There should be two directories “logs” and “cache”. If any of these is missing then you should create it manually by using the command:
Code:
mkdir dirname
Set the permissions on both folders for user “nobody”.
The squid shall create the necessary directories in the “cache” folder
After applying the above mentioned command, the basic configuration of squid is complete; we can now proceed for detailed configuration.
Start squid: /usr/local/squid/sbin/squid –D
To verify that squid process is running, type ps aux | grep squid. This command should display the squid parent as well as child process on the screen.
To verify the squid process has finished, type ps aux | grep squid. This time the command should not display the squid process.
Note:
Add following 03 lines to “rc.local” file. The first line shall start squid automatically and the other two lines will help accessing ftp sites without any problem.
Search the word “Safe_ports” and add following ports before the line “acl CONNECT method CONNECT”
Code:
acl Safe_ports port 995 # pop3 of gmail
acl Safe_ports port 587 # smtp of gmail
acl Safe_ports port 465 # smtp of gmail
acl Safe_ports port 993 # smtp of gmail
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop3
acl Safe_ports port 143 # pop3
c. Control bandwidth with delay pool
I am writing a very simple rule that will reduce the network bandwidth of the target ips. The rest of ips shall receive full bandwidth
Configuring iptables is important for transparent proxy setting. The further advantage is that messengers will be able to directly access internet without the need of proxy settings.
Code:
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart
Configure IP Forwarding
vi /etc/sysctl.conf
Change the value of “net.ipv4.ip_forward” to 1:
net.ipv4.ip_forward = 1
Save the file and type “sysctl –p” to refresh and apply new settings
Note:
In order to apply changes while squid is running, use the command
/usr/local/squid/sbin/squid –k reconfigure
The transparent squid is configured with outlook support and now you do not need to provide the proxy address in the client browsers.
Quote:
Author: Sabir Mustafa [RHCE, MCSA, OELACA (Oracle)]
Review by: Baber Zahoor
Number of machines: 01 [HP 8000 series desktop PC with 1024 GB of RAM]
Operating System: RedHat Enterprise Linux 5.4 [32-bit]
Web Proxy server: SQUID 2.7STABLE9 [Compiled from source]
# of NICs: 02
NICs configuration: eth0 [Connected to public interface (192.168.1.8)]
eth1 [Connected to private interface (10.1.1.1)]
I want to implement it in Ubuntu 11.04. Can you please point out the modifications/changes that are meant to be made while installation on ubuntu.
Thanks,
Regards,
Ashfaq
by wendllandfredri878 on Sun, 2024-01-07 05:13
Configuring a transparent web proxy using Squid 2.7STABLE9 involves several steps to enable transparent proxying. Firstly, ensure Squid 2.7STABLE9 is installed on the desired system. Then, configure the Squid.conf file, typically located in /etc/squid/ directory, with specific settings. Set the http_port to intercept requests transparently by specifying the proxy port and the transparent keyword: http_port 3128 transparent. Adjust ACLs (Access Control Lists) as needed, allowing or denying certain traffic. Also, ensure the firewall or network settings redirect HTTP traffic to Squid proxy port (3128 by default). Remember to restart the Squid service after making changes to Squid.conf for the configurations to take effect. This setup enables Squid to intercept and proxy HTTP requests transparently without requiring client-side configurations, enhancing network security and control.
by TB0ne on Sun, 2024-01-07 11:20
Quote:
Originally Posted by wendllandfredri878
Configuring a transparent web proxy using Squid 2.7STABLE9 involves several steps to enable transparent proxying. Firstly, ensure Squid 2.7STABLE9 is installed on the desired system. Then, configure the Squid.conf file, typically located in /etc/squid/ directory, with specific settings. Set the http_port to intercept requests transparently by specifying the proxy port and the transparent keyword: http_port 3128 transparent. Adjust ACLs (Access Control Lists) as needed, allowing or denying certain traffic. Also, ensure the firewall or network settings redirect HTTP traffic to Squid proxy port (3128 by default). Remember to restart the Squid service after making changes to Squid.conf for the configurations to take effect. This setup enables Squid to intercept and proxy HTTP requests transparently without requiring client-side configurations, enhancing network security and control.
Really?? What else did Chat GPT tell you? Did you notice that this thread had been closed for *TWELVE YEARS*, or that the latest version of Squid is 6?? No one is going to be using 2.7.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
I want to implement it in Ubuntu 11.04. Can you please point out the modifications/changes that are meant to be made while installation on ubuntu.
Thanks,
Regards,
Ashfaq
Reported.