October 31, 2014, 04:29:11 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Configuring Squid Proxy server & Transparent Proxy  (Read 165867 times)

Offline tomamodi

  • Linux Learner
  • ***
  • Posts: 78
Configuring Squid Proxy server & Transparent Proxy
« Reply #45 on: July 21, 2004, 09:51:37 AM »
Thanks
Is this ok for 50 clients  and i also want to some webs to be blocked is it possible in this
This is red hat 9 default workstation install

==========
squid-2.5.STABLE6.tar.gz

# useradd -d /cache/ -r -s /dev/null squid >/dev/null 2>&1
# mkdir /cache/
#chown -R squid.squid /cache/
#chmod 770 squid.squid /cache
#tar -zxvf squid-2.4.STABLE6-src.tar.gz
#./configure --enable-linux-netfilter
#make
# make install
#/usr/local/squid/sbin/squid -z
#/usr/local/squid/sbin/squid
==
where this ? in rc.d
#Transparent proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

And  i have some thing very critical so i want to use PM is it ok

Offline kmashraf

  • Linux Noob !
  • *
  • Posts: 18
Configuring Squid Proxy server & Transparent Proxy
« Reply #46 on: July 23, 2004, 02:49:06 AM »
Ricky !
Apologies for the delay !
I am looking into your suggestions.
Can you tell me what all you need to make an analysis of my squid configuration ?
Thanks

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Configuring Squid Proxy server & Transparent Proxy
« Reply #47 on: July 23, 2004, 04:26:42 AM »
Quote from: "tomamodi"
where this ? in rc.d
#Transparent proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Well it is OK for 50 clients, and about that line.. see again the tutorial and also NAT how to you will easily figure that out.
However, Use dhcp server to assign ips in 50 clients setup.

To block web.. see dstdomain and url_regex acls :)

@kmashraf
OK you send me your squid.conf and your last 15 lines of cache.log in my PM.  BTW.. have you tried url_regex directive yet ?

Offline kmashraf

  • Linux Noob !
  • *
  • Posts: 18
Configuring Squid Proxy server & Transparent Proxy
« Reply #48 on: July 23, 2004, 07:42:12 AM »
Yes I did ! But stilll same problem.
One question though, if the site is already in the cache, will it still block the site provided everything is working normally ?
I will send both as required by you shortly.
thanks a ton !

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Configuring Squid Proxy server & Transparent Proxy
« Reply #49 on: July 23, 2004, 08:21:38 AM »
Quote from: "kmashraf"
One question though, if the site is already in the cache, will it still block the site provided everything is working normally ?

Yes it will block that !!

Offline tomamodi

  • Linux Learner
  • ***
  • Posts: 78
is this clear
« Reply #50 on: July 31, 2004, 08:59:09 AM »
First download squid
Then start

[root@linuxbox root]# useradd -d /cache/ -r -s /dev/null squid >/dev/null 2>&1
[root@linuxbox root]# mkdir /cache/
[root@linuxbox root]# chown -R squid.squid /cache/

untar squid

[root@linuxbox root]# tar -zxvf squid-2.4.STABLE6-src.tar.gz
[root@linuxbox root]# cd squid-2.4.STABLE6
[root@linuxbox root]#./configure --enable-linux-netfilter
[root@linuxbox root]# make
[root@linuxbox root]# make install
[root@linuxbox root]# cd /etc/squid
[root@linuxbox squid]#vi squid.conf
============================
maximum_object_size 8192 KB
cache_mem 16 MB
cache_dir ufs /cache 2048 22 256
cache_store_log none
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl your_network src 192.168.8.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow your_network
http_access deny all
icp_access allow all
miss_access allow all
cache_mgr you@yourdomain.com
visible_hostname you.yourdomain.com
unique_hostname you.yourdomain.com
httpd_accel_host vertual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_port 3128

=================================

chown squid:squid ?( here your help where is the directry)
chmod 770 ?( here your help where is the directry)


 [root@linuxbox root]#  /usr/local/squid/sbin/squid -z
 [root@linuxbox root]#  /usr/local/squid/sbin/squid
--------------------------
is this all

Then follow nat
then in ie put 192.168.8 0  :port 8080

please did this need any more
now i reinstall redhat 9 want new squid install

Offline goldman

  • New Member
  • Posts: 1
Configuring Squid Proxy server & Transparent Proxy
« Reply #51 on: July 31, 2004, 11:54:25 AM »
cache_effective_user squid
cache_effective_group squid
fine put this two lines more

Offline tomamodi

  • Linux Learner
  • ***
  • Posts: 78
Configuring Squid Proxy server & Transparent Proxy
« Reply #52 on: July 31, 2004, 12:01:41 PM »
thanks Goldman
i am totally blind in this subject so main thinG is i didnt understand about this ip/matter my router is on 192.168.8.1 and linux box in lan ip is 192.168.8.22 it connected in hub so i want my web cahe here not at gate way NOT AS SERVER ONLY WANT AS WEB/CACHE
with only one nic eth0 i want it recive req and give the req if not in cache it forward to router 192.168.8.1 and make it new cach also for next
i am following  MR RICKY  so waiting for procced with his reply
After all your help appresiated
THANKS AGAIN

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Configuring Squid Proxy server & Transparent Proxy
« Reply #53 on: August 01, 2004, 02:12:40 PM »
..
Well.. Little busy these days..


Anyway ..

Quote
then in ie put 192.168.8 0 :port 8080

here you have to pute 3128 as port b'coz u have have specified it as port.. the "http_port" directive.  if you change "http_port 8080" then you can  use as you have done above.

Lastly now what you have to do is assign proper permission and ownership to your cache directory.
Btw.. did you got any error when your initialized your cache using -z ? if no then still follow few steps below.

Now as you have made group squid and user squid so your permission should look like ..
type following commands one by one..
Code: [Select]
chown root:root /usr/local/squid/

chmod 755 /usr/local/squid/

cd /usr/local/squid/sbin

chown root:root .  chown root:root *

chmod 755 . *

cd /usr/local/squid/etc

chmod 2775 .

chown root:squid . *

chown squid:squid /usr/local/squid/logs

chmod 770 /usr/local/squid/logs

chown squid:squid /cache

chmod 770 /cache
Now run -z to initialize cache...
btw.. this time I have used little copy'n'paste but hope will be helpful to u!

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Configuring Squid Proxy server & Transparent Proxy
« Reply #54 on: August 01, 2004, 02:15:03 PM »
Also..

@ Tommandi
If you can redirect all port 80 request coming to ur router from your clients to Squid machine on port 8080 ( or 3128) then you will not need to put proxy address in each client.

Offline tomamodi

  • Linux Learner
  • ***
  • Posts: 78
Configuring Squid Proxy server & Transparent Proxy
« Reply #55 on: August 02, 2004, 06:32:41 AM »
umum
but how i redirect you no that i am new to all this this is very help full for me
after all this i put this box connected to one of my hub,s port it its OK

not router, port
as i told you the
modem----->router ----> hub here all pc +this squid box OK
THANKS AGAIN
FOR YOUR THIS DRAG AND DROP COMMANDS
IT COVER UP MY UN SKILLED TYPING

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Configuring Squid Proxy server & Transparent Proxy
« Reply #56 on: August 02, 2004, 06:58:28 AM »
Quote
FOR YOUR THIS DRAG AND DROP COMMANDS
IT COVER UP MY UN SKILLED TYPING


Actually that is not real copy paste.. have modified according to you.. better you see man page for "chown" and "chmod" if you are new to linux.

About redirection .. that is specific to your router..consult online documentation for that !!

Offline kmashraf

  • Linux Noob !
  • *
  • Posts: 18
Finally !
« Reply #57 on: August 05, 2004, 06:40:42 PM »
I' ve finally got it going.
Even after all the to and froing between Ricky and me I did not see the light.
So ah just lay low for sometime thinking things through. In the meanwhile a guy I know got it going too. So ah asked him what he did that I hadn't and he told me this
Please note that I am running squid/2.5.STABLE5.
I was putting my acl and http access in the wrong place.
That is all there was to it. And boy I sure am dense and slow.
This is where you have to put it.

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
                                                                           
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
acl our_networks src 192.168.1.0/24 192.168.2.0/24
acl banned url_regex -i "filename'
acl myown dstdomain 'www.xxx.com' (without the quotes)
http_access deny banned
http_access deny myown
http_access allow our_networks
                                                                           
# And finally deny all other access to this proxy
http_access deny all

And I was putting it everywhere but here and wondering why it didn't work.
I think that if you put your acl anywhere else it is not going to work.
Now after doing so it works just fine.
Thanks Ricky.
It would not have happened without your help.

Offline tomamodi

  • Linux Learner
  • ***
  • Posts: 78
nothing at all
« Reply #58 on: August 08, 2004, 06:41:54 PM »
dear ricky
nothing works when i reach   cd  /ets/squid

[root@modi squid-2.4.STABLE6]# cd /etc/squid
bash: cd: /etc/squid: No such file or directory

i think that all i done just nothing i write every command and put on diffrent  forums

and when i go throug  no result
so i put here too that is this ok
and get your confirmation before proccess
i think you didnt read all  that commands
please read again and give me advice if you can

Offline tomamodi

  • Linux Learner
  • ***
  • Posts: 78
tomamodi
« Reply #59 on: August 09, 2004, 04:05:03 AM »
HI
Tomamodi
I now all your commands are wrong they didnt take you to
cd /etc/squid
but you say you want to follow only advice from RICKY so ignore to say any thing
And ricky advice you to read   CHOWN & CHMOD  when you read and understand  then you will be advised to read about directries if that finnished
Then you didnt need any forum help

Your self you can do every thing


OK BYE