LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 01-26-2009, 12:12 PM   #1
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Rep: Reputation: 15
configuring proxy server on ubuntu


hi
I am totally new to Linux and just a user . Have installed Ubuntu on my PC and can access the internet through eth0, it automatically picks the IP using DHCP. I want to enable other machines on the LAN (windows and ubuntu) to access the net through my PC. Configuring IPv4 settings manually to 192.168.0.1 with netmask 255.255.255.0 on eth1 does not suffice.Kindly help.
Thanks
 
Old 01-26-2009, 12:41 PM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 15,077

Rep: Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713
Quote:
Originally Posted by aarav2306 View Post
hi
I am totally new to Linux and just a user . Have installed Ubuntu on my PC and can access the internet through eth0, it automatically picks the IP using DHCP. I want to enable other machines on the LAN (windows and ubuntu) to access the net through my PC. Configuring IPv4 settings manually to 192.168.0.1 with netmask 255.255.255.0 on eth1 does not suffice.Kindly help.
Thanks
Load squid...it's a proxy server that runs under Linux, and does what you want it to.

Just configuring a second interface, doesn't automatically make your PC a proxy server under Linux, any more than it would under Windows.
 
Old 01-26-2009, 12:49 PM   #3
rsciw
Member
 
Registered: Jan 2009
Location: Essex (UK)
Distribution: Home: Debian/Ubuntu, Work: Ubuntu
Posts: 206

Rep: Reputation: 44
Quote:
Originally Posted by TB0ne View Post
Load squid...it's a proxy server that runs under Linux, and does what you want it to.

Just configuring a second interface, doesn't automatically make your PC a proxy server under Linux, any more than it would under Windows.
actually under Windows you just click a button "Share this connection" and then chose the other NIC to which it'll share the connection with.

If it's secure/stable etc. or not though is a different story

@aarav: does your ubuntu box connect directly to the net, or do you connect to a router first, and from there to the net?
 
Old 01-26-2009, 01:13 PM   #4
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
Yes, I was using 'share this connection' under windows. My ubuntu box is directly connected to the net. Config is Net - Ubuntu box - router - Lan.
I have downloaded squid and used "sudo apt-get install squid" command in my terminal. Will this suffice, do I need to download a proxy as well - Hamachi or so. Is there a GUI for configuring squid easily.
 
Old 01-26-2009, 02:07 PM   #5
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,516

Rep: Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896
Quote:
Originally Posted by aarav2306 View Post
Yes, I was using 'share this connection' under windows. My ubuntu box is directly connected to the net. Config is Net - Ubuntu box - router - Lan.
I have downloaded squid and used "sudo apt-get install squid" command in my terminal. Will this suffice, do I need to download a proxy as well - Hamachi or so. Is there a GUI for configuring squid easily.
Squid should work out of the box..
However you need to give the pc in the lan rights to access squid on the server
The configuration can be done by editing the file
/etc/squid/squid.conf

A good start is
http://www.linuxhomenetworking.com/w..._Squid_Package
Do a search on google.

Don't know if squid can be maneged using webadmin though
 
Old 01-26-2009, 03:10 PM   #6
Nermal
Member
 
Registered: Jan 2009
Distribution: Debian
Posts: 59
Blog Entries: 2

Rep: Reputation: 6
Ok, from what you have said you have/want something like this:

Code:
Internet Router (10.0.0.1)
      |
     eth0 (10.0.0.2)
   Linux Box 
     eth1 (192.168.0.1)
      |
  Lan Switch
Other Computers
So what you want to do is Proxy the html on the linux box (squid is as good as any) and Nat the other computers.

So lets start with the lan stuff.
The quickest way to do this is staticly map the other computers to the 192.168.0 network and set their default route to the eth1 ipaddress on the linux box. This means that if you PC tries to connect to an IP not on your network it sends it to the default route address (your Linux Box).
You can install a DHCP server on the linux box to make things easier in the long run (look up dhcp server at you distros web site and look for a FAQ or Howto on it).

Now we have the off net packets going to the right place you need to install and configure a firewall gui (if not already installed) for ease, you could do it by hand if you like but if I was you I wouldn't to start with. There are a few out there, firestarter was prity cool at one point but they don't seem to be fixing it mutch now days. Use your choice of software to setup your iptables and it should also sort out the forwarding for you. This now means you have internet access from behind you linux box, but DNS probably won't work.

DNS, two ways to do this, the first is to use your internet router as you dns server, the second is to install a DNS server on your linux Box and set it up as you see fit (probably just a DNS Caching server) FAQ's and Howto's are out there, have a read and they should sort you out.

The last thing to do is check that squid is running on your Linux Box then point your web browsers proxy settings at port 3128 (default for squid) on the linux box. You can also do enforced proxy by adding a rule to your iptables, the instructions are some place in the Documents at squid.

Theres your starter for 10.
 
Old 01-27-2009, 03:16 AM   #7
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
Thanks, can access the net from my LAN now, the default was "deny all" in squid for http_access and http_reply. Changed that to "allow all"
Do I need to change/check any parameter in squid to allow my LAN to send/receive mails as we are currently unable to do this.
 
Old 01-27-2009, 03:49 AM   #8
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
If you are using mail clients then you will need to configure the clients to use proxy to connect to internet. Alternatively, you can make your squid box work as a transparent proxy. Search LQ forums on how to do that. It has been addressed a lot of times.

Also instead of allowing internet sharing to everyone by putting http_access allow all you can create acl with source ips from your network and allow access to only that acl.

eg:

acl my_network src 192.168.0.1-192.168.0.50

http_access allow my_network

Last edited by linuxlover.chaitanya; 01-27-2009 at 03:52 AM.
 
Old 01-27-2009, 05:04 AM   #9
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
Hi
The mails clients automatically derive settings from IE, dont they. I reconfirmed, they are pointed to 192.168.0.1 Port 3128 in Tools=Options=Connections in Outlook mail clients on LAN, also in Evolution mail client on a few Ubuntu machines on LAN.
I haven't installed mail server/MTA on the linux box directly connected to the Net. The mail clients on the LAN PCs need to fetch mails directly from external mail server, however I get an error msg saying they are not able to connect.
 
Old 01-27-2009, 05:18 AM   #10
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
This has been a problem even with me. You can make your proxy to work as a transparent squid and leave the problem behind. You would not need to configure your browsers after you have got your squid to work in transparent mode.
 
Old 01-27-2009, 05:31 AM   #11
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
Chaitanya, pls post me a thread on how to do this
Thanks
 
Old 01-27-2009, 06:02 AM   #12
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
This link will help you setting up a transparent proxy squid. But make sure you change some settings in script to suit your needs. Also make sure that you use your internal ip address for proxying requests and not the interface connected to internet as shown in this link.

http://www.cyberciti.biz/tips/linux-...uid-howto.html
 
Old 01-27-2009, 09:29 AM   #13
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
hi
Tried this link, didnt work out. I added the foll lines in squid.conf as suggested

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan

I substituted my public IP for 192.168.1.1 and internal IPs for 192.168.2.0/24.
The error msg is as follows
aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.0.0/10'
parseConfigFile: squid.conf:722 unrecognized: 'httpd_accel_host'
parseConfigFile: squid.conf:723 unrecognized: 'httpd_accel_port'
parseConfigFile: squid.conf:724 unrecognized: 'httpd_accel_with_proxy'
parseConfigFile: squid.conf:725 unrecognized: 'httpd_accel_uses_host_header'
FATAL: No port defined
Squid Cache (Version 2.7.STABLE3): Terminated abnormally.
 
Old 01-27-2009, 09:59 AM   #14
Nermal
Member
 
Registered: Jan 2009
Distribution: Debian
Posts: 59
Blog Entries: 2

Rep: Reputation: 6
Quote:
acl lan src 192.168.2.0/24
You don't want to allow the world to use it...

This tells it that lan = anything on 192.168.2.x

Quote:
http_access allow lan
this allows the lan group http access.
 
Old 01-27-2009, 10:07 AM   #15
aarav2306
Member
 
Registered: Jan 2009
Posts: 55

Original Poster
Rep: Reputation: 15
hi
192.168.2 was what the link had suggested, I substituted them with my internal IPs 192.168.0 series
can u pls suggest how to solve my problem
My lan is able to access the internet, but not able to download mails from external mail server, is installing a mail server / MT on my ubuntu box connected to the net the only solution. Someone suggested using squid as transparent proxy and I was only following that link
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configuring Redhat to use a proxy server? goochable Linux - Networking 3 10-03-2008 04:04 PM
configuring a proxy server and access control lists zebias Linux - Newbie 3 11-14-2007 06:16 AM
Configuring proxy server in Kopete nipun_kul Mandriva 4 12-24-2006 05:52 AM
Configuring YUM for behind a proxy server Linux_noobnoob Fedora 4 09-07-2006 04:29 PM
setting up ubuntu proxy server slackr007 Linux - Newbie 1 07-22-2006 09:43 PM


All times are GMT -5. The time now is 06:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration