Apr 28, 2011

How to install Squid Transparent Proxy?

1 : In Daemon squid conf file give entry of transparent like this
# Squid normally listens to port 3128

http_port 3128 transparent
save the config file .

2: Use the following command to see Access Control List and Object

grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
URLs output should be like this
***********************

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

redirect_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf

acl our_networks src 203.175.75.0/24

http_access allow our_networks

http_access deny all

icp_access allow all

http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

access_log /var/log/squid/access.log squid

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

visible_hostname testclient

coredump_dir /var/spool/squid
******************************************
In this scenario i have allow my network  203.175.75.102

3: Make the rules in iptable.
Create a script in which you define the rules as i copy the following script through internet and make a little bit changing in it and run the script
first of all i create a file in
/etc/rc.d/iptables-script
through Vi command and paste the following script in it.
**********************************

#squid server IP

SQUID_SERVER="192.168.0.102"

# Interface connected to Internet

INTERNET="eth0"

# Interface connected to LAN

LAN_IN="eth1"

# Squid port

SQUID_PORT="3128"

# DO NOT MODIFY BELOW

# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack support

modprobe ip_conntrack

#modprobe ip_conntrack_ftp

# For win xp ftp client

#modprobe ip_nat_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

# Unlimited access to loop back


***************************************
now run this script like that

/etc/rc.d/iptables-script
it will run my script of rules.......
now restart squid
       /etc/init.d/squid restart
On client setting with no proxy use yours system ip as a dafault gateway on client machine.

Source: http://www.learnacad.com/linux/centos/120-transparent-proxy.html

No comments: