Saturday, February 21, 2009

Squid Installation & Configuration

Server Configuration

  • Step #1 : Squid configuration so that it will act as a transparent proxy
  • Step #2 : Iptables configuration
    • a) Configure system as router
    • b) Forward all http requests to 3128 (DNAT

# yum install squid*

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:

http_port 3128
list of networks from where browsing should be allowed.uncommnet this 2 line & define spacified network.acl our_networks src 192.168.0.0/24     http_access allow our_networks  

If you want to block perticular website then you can set follwoing below process.but this line should be add in first of above 2 line, then it will be affected For a example we are ging to block orkut.com.

acl blocksite dstdomain .orkut.com

http_access deny blocksite


save & exit file.

Iptables configuration

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.0:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -I INPUT -s 192.168.0.0/24 -p tcp --dport 3128 -j ACCEPTiptables -I INPUT -s 192.168.0.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/24 -p udp --dport 3128 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/24 -p udp --dport 80 -j ACCEPT
# /etc/init.d/iptables save# /etc/init.d/iptables restartStart or Restart the squid:

# /etc/init.d/squid restart

# chkconfig squid on

1 comment:

S. NAveed said...

thanx for step my step config.