How to configure squid 3.1.x in redhat6
Posted by Md. Mahidul Hasan on 4:30 AM with No comments
How to configure squid 3.1.x in redhat6
Preparing the server:
[root@app1 ~]# vim /etc/hosts
192.168.1.5 gw1.progoti.com gw1
127.0.0.1 localhost.localdomain localhost
[root@app1 ~]# vim /etc/sysconfig/network
HOSTNAME=gw1.progoti.com
[root@app1 ~]# vim /etc/squid/squid.conf
visible_hostname gw1.progoti.com
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl ournet src 192.168.1.0/24
http_access allow localhost
http_access allow ournet
# Squid normally listens to port 3128. For transparent proxy add intercept. In previous version we have user transparent option
http_port 3128 intercept
Setting up firewall:
Please change your local network from the script-
[root@app1 ~]# vim /root/iptables.sh
#!/bin/sh
### Firewall by Md. Mahidul Hasan ###
# Loading required stateful/NAT kernel modules
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe iptable_nat
# Flash the firewall and accept the chains.
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Enable port forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward
# Assigning our local network
our_network="192.168.1.0/24"
# Enable NAT. Remember -o output interface port should be the WAN interface port.
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s "$our_network" -o eth0 -j SNAT --to-source 114.130.44.43
# Redirect http to SQUID.
iptables -t nat -A PREROUTING -p TCP -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p TCP --dport 3128 -j REDIRECT --to-port 3128
# Allowed services
iptables -A FORWARD -s "$our_network" -p TCP --dport 53 -j ACCEPT #Allow DNS
iptables -A FORWARD -s "$our_network" -p UDP --dport 53 -j ACCEPT #Allow DNS
iptables -A FORWARD -s "$our_network" -p TCP --dport 80 -j ACCEPT #Allow HTTP
iptables -A FORWARD -s "$our_network" -p UDP --dport 80 -j ACCEPT #Allow HTTP
iptables -A FORWARD -s "$our_network" -p TCP --dport 443 -j ACCEPT #Allow HTTPS
iptables -A FORWARD -s "$our_network" -p UDP --dport 443 -j ACCEPT #Allow HTTPS
iptables -A FORWARD -s "$our_network" -p TCP --dport 3128 -j ACCEPT #Allow SQUID
iptables -A FORWARD -s "$our_network" -p UDP --dport 3128 -j ACCEPT #Allow SQUID
# Save and restart services
Service squid restart
service iptables save
service iptables restart
chkconfig iptables on
[root@app1 ~]# chmod 755 /root/iptables.sh
[root@app1 ~]# sh /root/iptables.sh
Preparing the server:
[root@app1 ~]# vim /etc/hosts
192.168.1.5 gw1.progoti.com gw1
127.0.0.1 localhost.localdomain localhost
[root@app1 ~]# vim /etc/sysconfig/network
HOSTNAME=gw1.progoti.com
[root@app1 ~]# vim /etc/squid/squid.conf
visible_hostname gw1.progoti.com
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl ournet src 192.168.1.0/24
http_access allow localhost
http_access allow ournet
# Squid normally listens to port 3128. For transparent proxy add intercept. In previous version we have user transparent option
http_port 3128 intercept
Setting up firewall:
Please change your local network from the script-
[root@app1 ~]# vim /root/iptables.sh
#!/bin/sh
### Firewall by Md. Mahidul Hasan ###
# Loading required stateful/NAT kernel modules
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe iptable_nat
# Flash the firewall and accept the chains.
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Enable port forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward
# Assigning our local network
our_network="192.168.1.0/24"
# Enable NAT. Remember -o output interface port should be the WAN interface port.
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s "$our_network" -o eth0 -j SNAT --to-source 114.130.44.43
# Redirect http to SQUID.
iptables -t nat -A PREROUTING -p TCP -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p TCP --dport 3128 -j REDIRECT --to-port 3128
# Allowed services
iptables -A FORWARD -s "$our_network" -p TCP --dport 53 -j ACCEPT #Allow DNS
iptables -A FORWARD -s "$our_network" -p UDP --dport 53 -j ACCEPT #Allow DNS
iptables -A FORWARD -s "$our_network" -p TCP --dport 80 -j ACCEPT #Allow HTTP
iptables -A FORWARD -s "$our_network" -p UDP --dport 80 -j ACCEPT #Allow HTTP
iptables -A FORWARD -s "$our_network" -p TCP --dport 443 -j ACCEPT #Allow HTTPS
iptables -A FORWARD -s "$our_network" -p UDP --dport 443 -j ACCEPT #Allow HTTPS
iptables -A FORWARD -s "$our_network" -p TCP --dport 3128 -j ACCEPT #Allow SQUID
iptables -A FORWARD -s "$our_network" -p UDP --dport 3128 -j ACCEPT #Allow SQUID
# Save and restart services
Service squid restart
service iptables save
service iptables restart
chkconfig iptables on
[root@app1 ~]# chmod 755 /root/iptables.sh
[root@app1 ~]# sh /root/iptables.sh
Posts
0 comments:
Post a Comment