HowTo setup a proxy for my home lan
I want to setup a Linux box with squid to act as a web cache/proxy server also controling access and restrict porno etc. to my LAN pc's.
I have 3 LAN pc's, and a DSL connetion to the internet
1) Do I need to install a second NIC to my Linux box?
2) If not (which I hope), what should the IP config be?
Def Gateway: 10.0.0.2 (DSL router)
Proxy server: 10.0.0.3:3128 ?
Squid and IPTables
The easiest way to do it and not leave any loop holes is to setup a transparent proxy that forces the traffic through the squid proxy. To do this you'll need two nics in the linux box and you'll need to install iptables. You basically set up iptables to redirect all incoming traffic on port 80 to port 3128. Then all of your machines on the lan will use your squid box as their gateway.
Check out this howto:
It is easiest to have iptables and squid run on the same box, I can't seem to get the setup in section 6 to work. (Got a question posted on that below :) ) Let me know if you have any more questions about it.
(Oh yeah, and check out dansguardian for content filtering)
Basic squid proxy setup
for basic squid proxy setup, install squid, open /etc/squid.conf and edit these lines
2. delete this line.
http_access deny all
3. In browsers of client machines set proxy ip as the ip of the proxy machine, and set port as 3128
Can I do that without installing a second NIC?
What should my clients' ipconfigs then be? Gateway? ADSL router or Proxy box?
And then obvious proxy settings in their IE settings (proxy box IP:3128).
nay, i donot know a setup without two nic's.
with two nic's set the external interface ip in range with the subnet of external ip.
set the internal interface (nic) ip in range within subnet of internal ip. other things work fine with defaults.
if you are planning with larger netwworks do acquianted with maximum file size in memory, maximum file size in hardisk, min file size in memory etc enttries.
Squid still not working :--<
Thanks for all the great help.:)
But, ny setup isn't working. Please help.:confused:
I've installed a second NIC.
eth0 is set to static 10.0.0.1 255.0.0.0 DG 10.0.0.2 (the DSL router's IP) and connected to one of the ports on the DSL router.
eth1 is set to static 10.0.0.10 255.0.0.0 DG 10.0.0.2 and connected to the router of my local LAN (range 10.0.0.0/8)
The contents of my squid file looks like this:
My problems were:
1) I've lost internet connectivity from the squid box as well as from all the clients.
2) The squid's network config seemed as if it was losing an IP. When I ifconfiged, it showed as set above. After pinging several ips in my network, ifconfig suddenly reported eth1 as 169.254 ip (apipa address). How and/or why does eth1's static IP get changed to an APIPA address?
3) Is my default gateway correct as being the DSL router (10.0.0.2).
4) Should the proxy settings in my clients browsers be eth1 (internal) or eth0 (dsl router)?
5) Do I need to set iptables and firewall as described in above article? I don't need to use transparant proxy?
6) Where do I change the hostname of my squid box, which is now set to localhost?
7) Will someone also confirm that my squid.conf is correct. I did setup the ncsa_authorisations.
Thanks for all the help so long.
First as root from the cli;
Looks like the server(proxy) should be connected to the DSL with eth0 and the eth1 should go to the LAN. Make sure to plug eth1 into the router LAN ports not the WAN.
You will need to enable masquerading, you can use this guide.
Once you have the NAT working then you can modify for the proxy. A simple LQ search or GOOGLE will get you loads of howto and setup information. Use it!
Fedix are you planning on configuring the browsers on each of the PC's on the LAN to proxy to your squid box? Or are you going to set the default gateway of all your machines to your squid box and use iptables to redirect traffic to port 3128? Next what does the non dsl-router config look like? I'm assuming this is what is causing eth1 to lose the static ip.
As for setting a new hostname, you can do that any number of ways starting with editing etc/hosts.
You could also try in etc/sysconfig/network and look for
or try the hostname command
hostname [new hostname] (this is only temporary however)
Your squid config looks fine btw, I think this may be a topology configuration issue.
I scanned your configuration, and feel theres some problem. I assume You wrote DG for gateway.
I am speaking in terms of the configuration schema i am using in my 50+ lab, but alternate schemes may work better.
1. Donot put Dg for the internal lan card, eth1 put it blank
2.I think the second nics dg should be set to the ip given by your service provider. If thats the ip given to the router then it will be okay.
3. Forward traffic from external nic to internal nic using masquerading . Put the code in rc.local file, thats easy.
Apart from these configuration changes ,have a look at the squid.conf file. change the http_access deny all line to http_access deny none. change visible_hostname localhost to visible_hostname <my_system_name> where my_system_name is the name of your system.
Do let me know if it works / not works
It looks as if the APIPA changes has gone. My eth0 & 1 now "stay" on its set static addresses.
I've read the masquearading document (http://linux.ardynet.com/ipmasq/ipmasq.php3) but don't know which to use?
1) Must I first download and install masquerade, or is it part of the kernell?
2) Do I use "Simple IPTABLES masquerade commands" sample, or other samples?
3) I also do want to implement a firewall for security. Is the firewall of masquerading (Ipfwadm) sufficient?
Sorry of I sound stupid, :o
|All times are GMT -5. The time now is 10:40 AM.|