LinuxQuestions.org - Setting Up Squid : Mission Impossible

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Setting Up Squid : Mission Impossible (https://www.linuxquestions.org/questions/linux-server-73/setting-up-squid-mission-impossible-571325/)

Setting Up Squid : Mission Impossible

Hi Linux Champions.

I am new to linux, Yestaday Installed Mandriva 2007 Spring
on Office Backup proxy Sever. I want to move from ISA to Linux Based Solutions. before setting up linux at office I thought why not find do it at home.
So Far for last 36 Hours I am unable to do so.

Here is my Senario.

Mandriva Firewall is down meaning ping or any network based request approches Mandiva server easily.

My Madriva Server has 2 Lan Cards. One connected to Internet via Cablenet having ip address 10.10.10.97/24 and DG: 10.10.10.10
My secound lan card has ip 192.168.0.1/24 Directly connected to My Laptop having ip 192.168.0.2/24

Issue is I cant make Squid run. I tried copying several sample squid.conf lines from other conf files but it didnt work.
Even Mandriva GUI based Internet Sharing toll dont let me share the internet.

can you please make a sample squid.conf sample for me so i can read it and learn to implement at my office.

one more thing Squid was preinstalled in mandriva but i again downloded the new version and typed tar zxvf squid....gz then ./configure then make then make install. and tried squid -z but that too gave errors.

I AM SOOOO CONFUSED!!

Please Help

well the default squid configuration file will work out of the box. we can't tell you what you want in it, unless you can provide us more information about what is not currently working. do you have any errors? check your squid log files...

I dont know what happened.

I tried a lot like service network restart after changing ips of lan card and service squid restart then using mandriva gui for net sharing. at the end i got fustrated and shutdown the pc. now after 1 hour i came back restarted the pc and guess what squid works my laptop can access the web.
I dont have a clue how.
here is my total squid.conf file please tell me where it is stated the direct net interface is 10.10.10.97/24 with GW:10.10.10.10 and client pc is 192.168.0.1. I know i changed first 2 lines.

Quote:

http_port 192.168.0.1:3128
h_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl Mandriva src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager Mandriva
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl workgroup src 192.168.0.0/255.255.255.0
http_access allow workgroup
http_access allow Mandriva
http_reply_access allow all
icp_access allow all
visible_hostname myfirewall@mydomain.com
append_domain .homeland.net
err_html_text admin@mydomain.com
deny_info ERR_CUSTOM_ACCESS_DENIED all
memory_pools off
coredump_dir /var/spool/squid
ie_refresh on

Now thats my total squid file. can you tell me what this manager is ? and how to make this squid transparent?

Quote:

can you tell me what this manager is ?

This is the cache manager. In the squid-cache.org WiKi you will find everything you would need.

Quote:

and how to make this squid transparent?

http_port 127.0.0.1:3128 transparent

I'm sure your squid is already at 2.6STABLE.

Then instruct your firewall to redirect all outgoing http (www) accesses to 127.0.0.1 port 3128 then remove any reference of proxy in all of your client's browsers.

-----------

Hi

I was sick for last 1 week.

any way thanks for answering about transparent squid.

this statement you told me (http_port 127.0.0.1:3128 transparent) is it ok if i type is after http_port 192.168.0.1:3128 or b4 it?.

2nd can you tell me how i can redirect my outgoing firewall to loopback address 3128 port?

Binding squid at 127.0.0.1 would made squid transparent to your clients and no settings are required on their browsers.

I'm no iptables zealot but an OpenBSD PF and lets hope that someone out there could help you do the port redirection.

Code:



LAN -----> redirect to 127.0.0.1:3128 -----> WEB

----------

Redrawn:

Code:



      [ LAN ]                  [ SQUID/FIREWALL BOX ]



client PC outgoing http -----> redirect to 127.0.0.1:3128 ---> WEB

--------

exactly

what is this ipchanins command to redirect all browsers 80 port request to my machine and direct them to my dsl ipaddress.

In your firewall box's iptables' rules, all you have to do is do a port forwarding or redirection of all outgoing http or www traffic to 127.0.0.1 at port 3128 then as well open outgoing http traffic through your external/public interface.

This guarantees that your clients would not be able to bypass your squid proxy server.

I'm sorry, I don't have sound experience writing iptables since I'm an OpenBSD/PF user when it comes to firewall and proxy.

Hope that someone reading this would lend you a hand.

-----------

Dear Gani,

Can you help me setup squid if i install Freebsd ?
i just want experience in Linux/Unix systems and learn other OS then Microsoft.

i just downloaded freebsd 6.2 and i have extra old system :HP vectra system 1ghz 256ram 10gb hdd

can you help me?
Best Regards

Sure! Though I'm recommending OpenBSD when it comes to firewall than FreeBSD and this is the one that I'm always using.

I like OBSD's PF (Packet Filter) ease of use and syntax and most of all, today's PF (the one with ver. 4.1) has been greatly improved and added with great speed. FreeBSD's port of PF was I thought taken from OBSD ver 3.7.

Besides OBSD security track record is undoubted and this OS is the right one for firewall, ultra secure BIND DNS and other security-sensitive applications. In fact, undeadly.org has announced with great joy that the BIND server shipped with OBSD has not been affected with the latest BIND cache poisoning issue.

Here is my contact: g4389@yahoo.com

For OBSD starters: http://www.openbsd101.com

---------

Dear Arbab Ali,

This is really a confession, last year I used TSL 2.2 (Trustix Secure Linux). I know its lite and secure also, but really gave me headache about the rpm itself. So I was searching for the best OS. I kept download ISO files, and burnt 'em to CD and tried it for couple weeks. But, none of them pleased me. One day, I asked in this forum about DG (dansguardian). And this person answered my doubts about BSD, he is Mr. Gani. He thought me everything about OpenBSD. And until now I neva search another OS around. And all my servers I change it one by one, now I'm using OpenBSD 4.1 for all servers. And here is my website powered by OpenBSD. http://www.melwin.web.id

The DNS Server (BIND) its more secure than other BIND, you can read it here http://undeadly.org/cgi?action=artic...20070725193920

And also OpenBSD is well documented, so never worry about getting lost.

WOW

You Guys at Linuxquestions are realy helpfull.

ok ill download OBSD today. it will take me 2 days. so ill post day after 2marrow and inform you about the progress made.

Thanks in Advance.

Specialy You Dear Gani.

Regards

OBSD doesn't provide ISO installer. Instead, you will have to download a small CD ISO to be used to boot and start an FTP installation.

Simply follow the instructions at http://www.openbsd101.com or visit OpenBSD's FAQ.

Then your thread regarding OBSD should go under the BSD forum.

--------