Thursday, January 10, 2013

Ubuntu 12.10 + Squid 3.1.23 (Transparent Proxy) + Shorewall + Mikrotik

Installation & Configuration

mikrotik and squid proxy

Step-by-step installation, almost the same as previous versions of ubuntu, can be checked from the video install ubuntu 12:04, below. Thank you for the uploader.

Configuring the network

Edit the file /etc/network/interfaces
#vim /etc/network/interfacesAdd a few lines of the following configurations.
auto lo
iface lo inet loopback
##if your network use dhcp to connect internet

#auto eth0
#  iface eth0 inet dhcp
auto eth0
    iface eth0 inet static
    address 192.168.3.1
    netmask 255.255.255.0
    network 192.168.3.0
    dns-nameservers 192.168.3.30 202.134.1.10

Then restart the network
/etc/init.d/networking restart

Test ping to google, if the reply means successfully connected to the internet. Continue with the next command.
 
Update and install support files
apt-get update
apt-get install mc vim iptraf
apt-get install gcc g++ make
apt-get install sysv-rc-conf
 

Download and install squid
cd / usr / local
wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.23.tar.gz
tar zxvf squid-3.1.23.tar.gz
cd squid-3.1.23

./configure --prefix=/usr   --exec-prefix=/usr   --bindir=/usr/sbin   --sbindir=/usr/sbin   --sysconfdir=/etc/squid   --datadir=/usr/share/squid   --includedir=/usr/include   --libdir=/usr/lib   --libexecdir=/usr/lib/squid   --localstatedir=/var   --sharedstatedir=/usr/com   --mandir=/usr/share/man   --infodir=/usr/share/info   --x-includes=/usr/include   --x-libraries=/usr/lib   --enable-shared=yes   --enable-static=no   --enable-carp    --enable-storeio=aufs,ufs   --enable-removal-policies=heap,lru   --disable-icmp   --disable-delay-pools   --disable-esi   --enable-icap-client   --enable-useragent-log   --enable-referer-log   --disable-wccp   --enable-wccpv2   --disable-kill-parent-hack   --enable-snmp   --enable-cachemgr-hostname=localhost   --enable-arp-acl   --disable-htcp  --disable-forw-via-db   --disable-follow-x-forwarded-for   --enable-cache-digests    --disable-poll   --enable-epoll   --enable-linux-netfilter   --disable-ident-lookups   --enable-default-hostsfile=/etc/hosts    --with-default-user=squid   --with-large-files  --enable-mit=/usr   --with-logdir=/var/log/squid   --enable-http-violations   --enable-zph-qos   --with-filedescriptors=65536   --enable-gnuregex --enable-async-io=64 --with-aufs-threads=64  --with-pthreads --with-aio  --enable-default-err-languages=English --enable-err-languages=English --disable-hostname-checks --enable-underscores
make; make install


For the example startup and the configuration squid, can be seen from the previous article (http://myconfigure.blogspot.com/2013/01/squid-3122-example-squidconf-squid.html). Before creating a new squid.conf, do not forget to backup the default configuration of squid.

mv /etc/squid/squid.conf  /etc/squid/squid.conf.old
vim /etc/squid/squid.conf

And for the start-up squid, create and place it in /etc/init.d/squid. Do not forget saved.
vim /etc/init.d/squid


Change permissions to be executed.
chmod 755 /etc/init.d/squid update-rc.d squid defaults

Do some command line depending your squid.conf
useradd squid
chown -Rf squid:squid /cache
chown -Rf squid:squid /var/log/squid/
cd /etc/squid/
mkdir swap
chown squid:squid swap
squid -z

Run squid.
/etc/init.d/squid start

Check the error log cache ( /var/log/squid/cache). If no error means squid successfully installed.

Download and install Shorewall

cd /usr/local

wget http://slovakia.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.5/shorewall-4.5.7/shorewall-4.5.7.tgz
wget http://slovakia.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.5/shorewall-4.5.7/shorewall-core-4.5.7.tgz
tar zxvf shorewall-core-4.5.7.tgz
cd shorewall-core-4.5.7
./configure
./install.sh
cd..
tar zxvf shorewall-4.5.7.tgz
cd shorewall-4.5.7
ls -il
./configure
./install.sh \
vim /etc/default/shorewall


Find word "startup", and change "startup = 0" to "startup = 1"
 
Configure shorewall
Copy the example configuration shorewall
cp /usr/share/shorewall/configfiles/* /etc/shorewall/

And make sure there is a few command line below, in each file

/etc/shorewall/zones
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
loc     ipv4

/etc/shorewall/interfaces
###############################################################################
FORMAT 2
###############################################################################
#ZONE           INTERFACE               OPTIONS
loc     eth0    -

/etc/shorewall/policy
#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK
loc     fw      ACCEPT
fw      loc     ACCEPT
loc     all     DROP
all     all     REJECT

/etc/shorewall/rules
SECTION NEW
#transparent proxy
REDIRECT        loc     3127    tcp     80,8080,3128    -        !192.1683.1

run shorewall
shorewall start
 

Mikrotik
I use Mikrotik RB 450G, check the configuration on previous article. (http://myconfigure.blogspot.com/2013/01/backup-konfigurasi-mikrotik.html) .. :)

At this point, it should be able to run a squid proxy duties, as a transparent proxy. Try to browsing on the client side. Also check the log on the side of the squid.
tail -f /var/log/squid/access. 


If successful browsing, meaning you can surfing internet ... :) Congratulations ...!!

5 comments:

  1. Discover how 1,000's of individuals like YOU are working for a LIVING from home and are living their dreams TODAY.
    CLICK HERE TO START IMMEDIATELY

    ReplyDelete
  2. The top things about Clixsense's Get-Paid-To Program:
    1. SURVEYS: 50+ 5-40 minute surveys paying out $0.50-$2.50 each.
    2. 12 Offer Walls - Earn $0.5-$20 per offer.
    3. TASKS - Complete 1,000's of micro tasks from tons companies.

    ReplyDelete
  3. BlueHost is the best web-hosting provider with plans for any hosting requirements.

    ReplyDelete
  4. If you need your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (even if they're dating somebody else now) you got to watch this video
    right away...

    (VIDEO) Get your ex back with TEXT messages?

    ReplyDelete