How to Setup Transparent Squid Proxy Server in Ubuntu
Sponsored Link
This is a short guide on how to set up a transparent squid proxy server. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
Install Squid
Install squid and squid-common
sudo aptitude install squid squid-common
Edit the squid config file.
sudo vi /etc/squid/squid.conf
Set the allowed hosts.
Where
acl internal_network src 192.168.0.0/24 (192.168.0.0/24
is your IP range.)
http_access allow internal_network
Set the correct permissions.
sudo chown -R proxy:proxy /var/log/squid/
sudo chown proxy:proxy /etc/squid/squid.conf
You will need to restart squid for the changes to take affect.
sudo /etc/init.d/squid restart
Now open up your browser and set your proxy to point to your new squid server on port 3128
Authentication
If you wish to use authentication with your proxy you will need to install apache2 utilities
sudo aptitude install squid squid-common apache2-utils
To add your first user you will need to specify -c
sudo htpasswd -c /etc/squid.passwd first_user
Thereafter you add new users with
sudo htpasswd /etc/squid.passwd another_user
Edit the squid config file
sudo vi /etc/squid/squid.conf
Set the the authentication parameters and the acl
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic realm NFYE Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive off
acl users proxy_auth REQUIRED
acl sectionx proxy_auth REQUIRED
http_access allow users
So this is what your squid.conf should look like.
acl all src 0.0.0.0/0.0.0.0
acl internal_network
src 192.168.0.0/24
acl users proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl sectionx proxy_auth REQUIRED
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow users
http_access allow internal_network
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
Redirect the all HTTP traffic.
If you would like to redirect the all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport
80 -j DNAT --to-destination
192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
3128
Where eth1,eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.
If you wish to monitor the performance of your proxy you can look as some log parser's (sarg, calamaris, ect.)
Source from here
Fixed my problems 🙂
# Squid normally listens to port 3128
http_port 3128 transparent
how to setup transpernet squid proxy server in ubuntu
Complete Steps in Setting up UBUNTU Server 10 with SQUID 3 as a Transparent Proxy.
Step 1. Install the Ubuntu Server 10, include LAMP if you want
Step 2. Change the network interfaces from dhcp to static
Sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.250
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.88
post-up iptables-restore < /etc/iptables.up.rules
auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
Step 3. Install Web Admin (webmin) (Optional)
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.510-2_all.deb
dpkg –install webmin_1.510-2_all.deb
sudo apt-get -f install
https://localhost-IP ADDRES:10000
*Note Make sure you give permission to the IPTABLES ruleset to for you to access webmin over the net.
Step 4. Install ClamAV and ClamAV-freshclam
sudo apt-get install clamav clamav-freshclam
Step 5. The first step is to install squid 3
apt-get install squid3
edit the squid 3 configuration file in your favorite editor
sudo nano /etc/squid3/squid.conf
and set the transparency and the allowed hosts
http_port 3128 transparent
acl our_networks src 192.168.2.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet
where 192.168.2.0/24 is the IP range of local network. Probably you need to adjust the swap size
cache_dir ufs /var/spool/squid3 7000 16 256
where the first number denotes the size of cache in megabytes. Save you changes and restart the squid proxy by
sudo /etc/init.d/squid3 restart
Step 6. Edit the /etc/sysctl.conf
Sudo nano /etc/sysctl.conf
Uncomment the line that enable packet forwarding for IPv4 and IPv6
Net.ipv4.ip_forward = 1
Net.ipv6.conf.all.forwarding = 1
Step 7. Edit the IPTABLE ruleset of NAT and FILTER
Sudo nano /etc/iptables.up.rules
*nat
-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j DNAT –to-destination 192.168.2.1:3128
-A PREROUTING –i eth1 –p tcp –m tcp –dport 80 –j REDIRECT –to-ports 3128
-A POSTROUTING –s 192.168.2.0/24 –o eth0 –j MASQUERADE
*filter
-A INPUT –i lo –j ACCEPT
-A INPUT –m state –i eth0 –state REALATED,ESTABLISHED –j ACCEPT
-A INPUT eth1 –j ACCEPT
-A INPUT –p tcp –m tcp –dport 22 –j ACCEPT # permit ssh using putty
-A INPUT –p tcp –m tcp –dport 10000 –j ACCEPT # permit webmin access
-A INPUT –j LOG
-A INPUT –j DROP
-A FORWARD –i eth1 –j ACCEPT
-A OUTPUT –o lo –j ACCEPT
-A OUTPUT –o eth1 –j ACCEPT
-A FOWARD –o eth1 –j ACCEPT
-A FORWARD –s 192.168.2.0/24 –o eth0 –j ACCEPT
-A FORWARD –d 192.168.2.0/24 –m state –state ESTABLISHED,REALTED –I eth0 –j ACCEPT
STEP 8. Edit rc.local
Sudo nano /etc/rc.local
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 –o eth0 -j MASQUERADE
Step 9. reboot the server
Step 10. Configure the workstation for static IP Address making the LAN IP of the Ubuntu box as the gateway. Make sure that the IP Address of the work station is within the network you setup.
Hi,
Authentication doesn’t work with Transparent proxy….
Is there any other way ?
Thanks,
Hi,
And i want to monitor all the logs (i.e. ftp, p2p softwares,IM etc.. ) under my squid server.
How it is possible ?
Thanks,
Hi,
i want to setup a proxy server plz setup setup by setup command mail me.
mashuk
Hi,
I am configuring Squid as a Reverse Proxy With caching Enable For remote apache server.
Buts Hits Are Going to Main Apache Server.
How can i enable caching For that Remote Server.
Below is the details of scenario:
proxy.com this is the server where i have configured proxy machine (10.0.0.1)
And My Apache is installed on (10.0.0.1) with site name (main.com)
But unable to caching ..
Any Help Will Be appreciate.
Thanks,
Bipin Bahuguna
Hello. This guide get me the solution to work now with a web proxy in my network! Thank You!
Can anyone help me, I have a very unique need for special Squid config.
I am setting up a Linux (Ubuntu) with Squid (a proxy server).
Basically we want to run 10K proxies on one linux box, only a handful would ever be in use at any one time so the throughput is not an issue.
Basically each “proxy” would be bound to the same IP but on a different port of that IP. Each port would redirect to (transparent proxy) one of our outbound IP addresses. So essentially you could change the IP address of your machine by simply changing the port of your proxy settings in your browser.
ALA
Proxy1 192.168.0.100:10000 redirects to 208.xxx.xxx.1
Proxy1 192.168.0.100:10001 redirects to 208.xxx.xxx.2
Proxy1 192.168.0.100:10002 redirects to 208.xxx.xxx.3
Proxy1 192.168.0.100:10003 redirects to 208.xxx.xxx.4
Proxy1 192.168.0.100:10004 redirects to 208.xxx.xxx.5
And so on xxx just there to hide real IP space
What do i need to do if i have to install squid transparent proxy on my Ubuntu 12.04 desktop box???
i am not able to run the following command sudo apt-get install squid.. its saying the repository is not available.. Please advice..
you save my allot of time thank so this tutorial sir