Hi,
There are two options in Squid:
1.Configure Squid Server and set browser(firefox,internet explorer)
for proxy.Disadvantage of this method is user can change the setting and he comes to know that porxy is intalled in network.
2.Transparent Squid:
Benefit of setting transparent proxy is you do not have to setup up individual browsers to work with proxies.
Disable iptables and selinux
Code:
system-config-selinux
system-config-firewall
Code:
# yum install squid
Open file
Code:
# vi /etc/squid/squid.conf
make the follow changes in file (you may need to search for these lines and uncomment it )(change the network which suits your environment)
Code:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
Start the squid server
Code:
# chkconfig squid on
# /etc/init.d/squid start
To verify Squid service is running and port 3128 on which squid by default runs use:
Code:
# netstat -tulpn | grep 3128
Client configuration:
Quote:
Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.
|
For firefox
Code:
goto Edit-->Prefernces-->Advanced-->Network-->Setting--> and setup Squid server IP address and port # 3128
2.Transparent Squid:
Code:
# vi /etc/squid/squid.conf
Modify or add following squid directives:
Quote:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
|
Restart the squid
Code:
# /etc/init.d/squid restart
# chkconfig squid on
Now we will add the iptables rules to redirect port 80 http request to port 3128
For that keep in mind that we need following setup
Quote:
Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network
|
add following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
Quote:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
|