LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 07-22-2007, 04:58 AM   #1
S Arbab Ali
LQ Newbie
 
Registered: Aug 2006
Posts: 9

Rep: Reputation: 0
Setting Up Squid : Mission Impossible


Hi Linux Champions.

I am new to linux, Yestaday Installed Mandriva 2007 Spring
on Office Backup proxy Sever. I want to move from ISA to Linux Based Solutions. before setting up linux at office I thought why not find do it at home.
So Far for last 36 Hours I am unable to do so.

Here is my Senario.

Mandriva Firewall is down meaning ping or any network based request approches Mandiva server easily.

My Madriva Server has 2 Lan Cards. One connected to Internet via Cablenet having ip address 10.10.10.97/24 and DG: 10.10.10.10
My secound lan card has ip 192.168.0.1/24 Directly connected to My Laptop having ip 192.168.0.2/24

Issue is I cant make Squid run. I tried copying several sample squid.conf lines from other conf files but it didnt work.
Even Mandriva GUI based Internet Sharing toll dont let me share the internet.

can you please make a sample squid.conf sample for me so i can read it and learn to implement at my office.

one more thing Squid was preinstalled in mandriva but i again downloded the new version and typed tar zxvf squid....gz then ./configure then make then make install. and tried squid -z but that too gave errors.

I AM SOOOO CONFUSED!!

Please Help
 
Old 07-22-2007, 06:52 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
well the default squid configuration file will work out of the box. we can't tell you what you want in it, unless you can provide us more information about what is not currently working. do you have any errors? check your squid log files...
 
Old 07-22-2007, 10:09 AM   #3
S Arbab Ali
LQ Newbie
 
Registered: Aug 2006
Posts: 9

Original Poster
Rep: Reputation: 0
It WORKED

I dont know what happened.

I tried a lot like service network restart after changing ips of lan card and service squid restart then using mandriva gui for net sharing. at the end i got fustrated and shutdown the pc. now after 1 hour i came back restarted the pc and guess what squid works my laptop can access the web.
I dont have a clue how.
here is my total squid.conf file please tell me where it is stated the direct net interface is 10.10.10.97/24 with GW:10.10.10.10 and client pc is 192.168.0.1. I know i changed first 2 lines.

Quote:
http_port 192.168.0.1:3128
h_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl Mandriva src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager Mandriva
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl workgroup src 192.168.0.0/255.255.255.0
http_access allow workgroup
http_access allow Mandriva
http_reply_access allow all
icp_access allow all
visible_hostname myfirewall@mydomain.com
append_domain .homeland.net
err_html_text admin@mydomain.com
deny_info ERR_CUSTOM_ACCESS_DENIED all
memory_pools off
coredump_dir /var/spool/squid
ie_refresh on

Now thats my total squid file. can you tell me what this manager is ? and how to make this squid transparent?
 
Old 07-22-2007, 10:49 PM   #4
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Quote:
can you tell me what this manager is ?
This is the cache manager. In the squid-cache.org WiKi you will find everything you would need.

Quote:
and how to make this squid transparent?
http_port 127.0.0.1:3128 transparent

I'm sure your squid is already at 2.6STABLE.

Then instruct your firewall to redirect all outgoing http (www) accesses to 127.0.0.1 port 3128 then remove any reference of proxy in all of your client's browsers.

-----------
 
Old 07-29-2007, 06:39 AM   #5
S Arbab Ali
LQ Newbie
 
Registered: Aug 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Hi

I was sick for last 1 week.

any way thanks for answering about transparent squid.

this statement you told me (http_port 127.0.0.1:3128 transparent) is it ok if i type is after http_port 192.168.0.1:3128 or b4 it?.

2nd can you tell me how i can redirect my outgoing firewall to loopback address 3128 port?
 
Old 07-29-2007, 10:29 PM   #6
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Binding squid at 127.0.0.1 would made squid transparent to your clients and no settings are required on their browsers.

I'm no iptables zealot but an OpenBSD PF and lets hope that someone out there could help you do the port redirection.

Code:
LAN -----> redirect to 127.0.0.1:3128 -----> WEB
----------
 
Old 07-29-2007, 10:33 PM   #7
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Redrawn:

Code:
       [ LAN ]                   [ SQUID/FIREWALL BOX ]

client PC outgoing http -----> redirect to 127.0.0.1:3128 ---> WEB
--------
 
Old 07-30-2007, 01:56 PM   #8
S Arbab Ali
LQ Newbie
 
Registered: Aug 2006
Posts: 9

Original Poster
Rep: Reputation: 0
exactly

what is this ipchanins command to redirect all browsers 80 port request to my machine and direct them to my dsl ipaddress.
 
Old 07-31-2007, 07:30 AM   #9
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
In your firewall box's iptables' rules, all you have to do is do a port forwarding or redirection of all outgoing http or www traffic to 127.0.0.1 at port 3128 then as well open outgoing http traffic through your external/public interface.

This guarantees that your clients would not be able to bypass your squid proxy server.

I'm sorry, I don't have sound experience writing iptables since I'm an OpenBSD/PF user when it comes to firewall and proxy.

Hope that someone reading this would lend you a hand.

-----------
 
Old 07-31-2007, 03:03 PM   #10
S Arbab Ali
LQ Newbie
 
Registered: Aug 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Dear Gani,

Can you help me setup squid if i install Freebsd ?
i just want experience in Linux/Unix systems and learn other OS then Microsoft.

i just downloaded freebsd 6.2 and i have extra old system :HP vectra system 1ghz 256ram 10gb hdd

can you help me?
Best Regards
 
Old 07-31-2007, 03:06 PM   #11
S Arbab Ali
LQ Newbie
 
Registered: Aug 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Dear Gani,

Can you help me setup squid if i install Freebsd ?
i just want experience in Linux/Unix systems and learn other OS then Microsoft.

i just downloaded freebsd 6.2 and i have extra old system :HP vectra system 1ghz 256ram 10gb hdd

can you help me?
Best Regards
 
Old 07-31-2007, 10:34 PM   #12
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Sure! Though I'm recommending OpenBSD when it comes to firewall than FreeBSD and this is the one that I'm always using.

I like OBSD's PF (Packet Filter) ease of use and syntax and most of all, today's PF (the one with ver. 4.1) has been greatly improved and added with great speed. FreeBSD's port of PF was I thought taken from OBSD ver 3.7.

Besides OBSD security track record is undoubted and this OS is the right one for firewall, ultra secure BIND DNS and other security-sensitive applications. In fact, undeadly.org has announced with great joy that the BIND server shipped with OBSD has not been affected with the latest BIND cache poisoning issue.

Here is my contact: g4389@yahoo.com

For OBSD starters: http://www.openbsd101.com

---------
 
Old 07-31-2007, 11:39 PM   #13
mblames
Member
 
Registered: Apr 2006
Location: Place for all OpenSource
Distribution: OpenBSD 4.1, FC5
Posts: 50

Rep: Reputation: 15
Dear Arbab Ali,

This is really a confession, last year I used TSL 2.2 (Trustix Secure Linux). I know its lite and secure also, but really gave me headache about the rpm itself. So I was searching for the best OS. I kept download ISO files, and burnt 'em to CD and tried it for couple weeks. But, none of them pleased me. One day, I asked in this forum about DG (dansguardian). And this person answered my doubts about BSD, he is Mr. Gani. He thought me everything about OpenBSD. And until now I neva search another OS around. And all my servers I change it one by one, now I'm using OpenBSD 4.1 for all servers. And here is my website powered by OpenBSD. http://www.melwin.web.id

The DNS Server (BIND) its more secure than other BIND, you can read it here http://undeadly.org/cgi?action=artic...20070725193920

And also OpenBSD is well documented, so never worry about getting lost.

Last edited by mblames; 07-31-2007 at 11:49 PM.
 
Old 08-01-2007, 12:48 AM   #14
S Arbab Ali
LQ Newbie
 
Registered: Aug 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Thx

WOW

You Guys at Linuxquestions are realy helpfull.

ok ill download OBSD today. it will take me 2 days. so ill post day after 2marrow and inform you about the progress made.

Thanks in Advance.

Specialy You Dear Gani.


Regards
 
Old 08-01-2007, 01:33 AM   #15
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
OBSD doesn't provide ISO installer. Instead, you will have to download a small CD ISO to be used to boot and start an FTP installation.

Simply follow the instructions at http://www.openbsd101.com or visit OpenBSD's FAQ.

Then your thread regarding OBSD should go under the BSD forum.

--------
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Boeing Selects Wind River Carrier Grade Linux for the P-8A Multi-Mission Maritime Aircraft Mission System LXer Syndicated Linux News 0 07-31-2006 07:21 AM
Squid + Iptables + Outlook 2, The mission MarcSant Linux - Networking 8 03-30-2004 08:42 AM
RedHat9 modem mission impossible Sundance Linux - Newbie 5 12-26-2003 09:35 AM
Latin codification, impossible mission? Hammett Linux - General 0 08-28-2003 06:54 AM
a few 'mission impossible' questions frieza General 2 05-08-2002 02:06 PM


All times are GMT -5. The time now is 06:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration