How to Setup Transparent Squid Proxy Server in Ubuntu

cubiczero — Fri, 02 Jul 2010 19:30:08 +0000

How important proxy server for cyber cafe? For me as a cyber cafe entrepreneur, squid server is very important in keeping your customers internet access well performs. If you are new to open source cyber cafe concept, this article should be the best stater guide in helping you to setup a proxy server by using squid.

Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite – we’re getting there!) HTTP/1.1 compliant. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. This is a short guide on how to set up a transparent squid proxy server. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

Install Squid
Install squid and squid-common

sudo aptitude install squid squid-common

Edit the squid config file.

sudo vi /etc/squid/squid.conf

Set the allowed hosts.

acl internal_network src 192.168.0.0/24 (Where 192.168.0.0/24 is your IP range.)http_access allow internal_network

Set the correct permissions.

sudo chown -R proxy:proxy /var/log/squid/ sudo chown proxy:proxy /etc/squid/squid.conf

You will need to restart squid for the changes to take affect.

sudo /etc/init.d/squid restart

Now open up your browser and set your proxy to point to your new squid server on port 3128

Authentication
If you wish to use authentication with your proxy you will need to install apache2 utilities

sudo aptitude install squid squid-common apache2-utils

To add your first user you will need to specify -c

sudo htpasswd -c /etc/squid.passwd first_user

Thereafter you add new users with

sudo htpasswd /etc/squid.passwd another_user

Edit the squid config file

sudo vi /etc/squid/squid.conf

Set the the authentication parameters and the acl

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd auth_param basic children 5 auth_param basic realm NFYE Squid proxy-caching web server auth_param basic credentialsttl 3 hours auth_param basic casesensitive off
acl users proxy_auth REQUIRED
acl sectionx proxy_auth REQUIRED
http_access allow users

So this is what your squid.conf should look like.

acl all src 0.0.0.0/0.0.0.0

acl internal_networksrc 192.168.0.0/24 acl users proxy_auth REQUIRED acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl sectionx proxy_auth REQUIRED acl purge method PURGE acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow users
http_access allow internal_networkhttp_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all

Redirect the all HTTP traffic.
If you would like to redirect the all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128 iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Where eth1,eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.
If you wish to monitor the performance of your proxy you can look as some log parser’s (sarg, calamaris, ect.)

After all, probably you feel the need to monitor the performance of your proxy. Unfortunately, most of the squid log parsers in the Ubuntu repository are configured for Squid 2.x. Nevertheless, squid 3 uses the same log format, so you can change the log file path in your parser config file (sarg, calamaris, etd.) or simply link the log directory of squid 3 to the correct path
ln -s /var/log/squid3 /var/log/squid

Source : kuscsik

To Bypass Transperent proxy for local Intranet

osscc — Sat, 19 Dec 2009 22:44:00 +0000

By satishap

Created 2008-05-21 06:43

Dear All,
We have setup Squid proxy server in transparent mode so that every user is forced to browse the internet through squid proxy on 3128 port.

Configuration is follows
1) Squid and Firewall configured on same box on 172.18.0.51.
2) Done all necessary setting required for Transparent Proxy.
also it is working file.

But my problem is that we have local intranet server on 172.21.0.4:80

In normal case without Transperent proxy manually assingning proxy address in Internet explorer proxy setting and clicking bypass proxy for local address we able to access intranet, but with Transperent proxy we r not able to access the same becuase which I suppose that all request is redirected to 3128 port( transperent proxy feature).

therefore We want to bypass transpernet proxy for local intranet so that
we can able to access 172.21.0.4 : 80 port. I thinks there must be iptable
rule which enables this, can anybody tell me how this is to done.

Source URL: http://www.linuxjournal.com/content/bypass-transperent-proxy-local-intranet

Links:
[1] http://www.linuxjournal.com/content/dns-server
[2] http://www.linuxjournal.com/content/photo-gallery-software

osscc » Server

How to Setup Transparent Squid Proxy Server in Ubuntu

To Bypass Transperent proxy for local Intranet