LinuxQuestions.org - configuring proxy server on ubuntu

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - configuring proxy server on ubuntu (https://www.linuxquestions.org/questions/linux-newbie-8/configuring-proxy-server-on-ubuntu-699966/)

configuring proxy server on ubuntu

hi
I am totally new to Linux and just a user :o. Have installed Ubuntu on my PC and can access the internet through eth0, it automatically picks the IP using DHCP. I want to enable other machines on the LAN (windows and ubuntu) to access the net through my PC. Configuring IPv4 settings manually to 192.168.0.1 with netmask 255.255.255.0 on eth1 does not suffice.Kindly help.
Thanks

Quote:

Originally Posted by aarav2306 (Post 3421778)

Load squid...it's a proxy server that runs under Linux, and does what you want it to.

Just configuring a second interface, doesn't automatically make your PC a proxy server under Linux, any more than it would under Windows.

Quote:

Originally Posted by TB0ne (Post 3421804)

actually under Windows you just click a button "Share this connection" and then chose the other NIC to which it'll share the connection with.

If it's secure/stable etc. or not though is a different story ;)

@aarav: does your ubuntu box connect directly to the net, or do you connect to a router first, and from there to the net?

Yes, I was using 'share this connection' under windows. My ubuntu box is directly connected to the net. Config is Net - Ubuntu box - router - Lan.
I have downloaded squid and used "sudo apt-get install squid" command in my terminal. Will this suffice, do I need to download a proxy as well - Hamachi or so. Is there a GUI for configuring squid easily.

Quote:

Originally Posted by aarav2306 (Post 3421828)

Squid should work out of the box..
However you need to give the pc in the lan rights to access squid on the server
The configuration can be done by editing the file
/etc/squid/squid.conf

A good start is
http://www.linuxhomenetworking.com/w..._Squid_Package
Do a search on google.

Don't know if squid can be maneged using webadmin though

Ok, from what you have said you have/want something like this:

Code:

Internet Router (10.0.0.1)

      |

    eth0 (10.0.0.2)

  Linux Box 

    eth1 (192.168.0.1)

      |

  Lan Switch

Other Computers

So what you want to do is Proxy the html on the linux box (squid is as good as any) and Nat the other computers.

So lets start with the lan stuff.
The quickest way to do this is staticly map the other computers to the 192.168.0 network and set their default route to the eth1 ipaddress on the linux box. This means that if you PC tries to connect to an IP not on your network it sends it to the default route address (your Linux Box).
You can install a DHCP server on the linux box to make things easier in the long run (look up dhcp server at you distros web site and look for a FAQ or Howto on it).

Now we have the off net packets going to the right place you need to install and configure a firewall gui (if not already installed) for ease, you could do it by hand if you like but if I was you I wouldn't to start with. There are a few out there, firestarter was prity cool at one point but they don't seem to be fixing it mutch now days. Use your choice of software to setup your iptables and it should also sort out the forwarding for you. This now means you have internet access from behind you linux box, but DNS probably won't work.

DNS, two ways to do this, the first is to use your internet router as you dns server, the second is to install a DNS server on your linux Box and set it up as you see fit (probably just a DNS Caching server) FAQ's and Howto's are out there, have a read and they should sort you out.

The last thing to do is check that squid is running on your Linux Box then point your web browsers proxy settings at port 3128 (default for squid) on the linux box. You can also do enforced proxy by adding a rule to your iptables, the instructions are some place in the Documents at squid.

Theres your starter for 10.

Thanks, can access the net from my LAN now, the default was "deny all" in squid for http_access and http_reply. Changed that to "allow all"
Do I need to change/check any parameter in squid to allow my LAN to send/receive mails as we are currently unable to do this.

If you are using mail clients then you will need to configure the clients to use proxy to connect to internet. Alternatively, you can make your squid box work as a transparent proxy. Search LQ forums on how to do that. It has been addressed a lot of times.

Also instead of allowing internet sharing to everyone by putting http_access allow all you can create acl with source ips from your network and allow access to only that acl.

eg:

acl my_network src 192.168.0.1-192.168.0.50

http_access allow my_network

Hi
The mails clients automatically derive settings from IE, dont they. I reconfirmed, they are pointed to 192.168.0.1 Port 3128 in Tools=Options=Connections in Outlook mail clients on LAN, also in Evolution mail client on a few Ubuntu machines on LAN.
I haven't installed mail server/MTA on the linux box directly connected to the Net. The mail clients on the LAN PCs need to fetch mails directly from external mail server, however I get an error msg saying they are not able to connect.

This has been a problem even with me. You can make your proxy to work as a transparent squid and leave the problem behind. You would not need to configure your browsers after you have got your squid to work in transparent mode.

Chaitanya, pls post me a thread on how to do this
Thanks

This link will help you setting up a transparent proxy squid. But make sure you change some settings in script to suit your needs. Also make sure that you use your internal ip address for proxying requests and not the interface connected to internet as shown in this link.

http://www.cyberciti.biz/tips/linux-...uid-howto.html

hi
Tried this link, didnt work out. I added the foll lines in squid.conf as suggested

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan

I substituted my public IP for 192.168.1.1 and internal IPs for 192.168.2.0/24.
The error msg is as follows
aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.0.0/10'
parseConfigFile: squid.conf:722 unrecognized: 'httpd_accel_host'
parseConfigFile: squid.conf:723 unrecognized: 'httpd_accel_port'
parseConfigFile: squid.conf:724 unrecognized: 'httpd_accel_with_proxy'
parseConfigFile: squid.conf:725 unrecognized: 'httpd_accel_uses_host_header'
FATAL: No port defined
Squid Cache (Version 2.7.STABLE3): Terminated abnormally.

Quote:

acl lan src 192.168.2.0/24

You don't want to allow the world to use it... ;)

This tells it that lan = anything on 192.168.2.x

Quote:

http_access allow lan

this allows the lan group http access.

hi
192.168.2 was what the link had suggested, I substituted them with my internal IPs 192.168.0 series
can u pls suggest how to solve my problem
My lan is able to access the internet, but not able to download mails from external mail server, is installing a mail server / MT on my ubuntu box connected to the net the only solution. Someone suggested using squid as transparent proxy and I was only following that link