Thursday, January 10, 2013

Ubuntu 12.10 + Squid 3.1.23 (Transparent Proxy) + Shorewall + Mikrotik

Installation & Configuration

mikrotik and squid proxy

Step-by-step installation, almost the same as previous versions of ubuntu, can be checked from the video install ubuntu 12:04, below. Thank you for the uploader.

Configuring the network

Edit the file /etc/network/interfaces
#vim /etc/network/interfacesAdd a few lines of the following configurations.
auto lo
iface lo inet loopback
##if your network use dhcp to connect internet

#auto eth0
#  iface eth0 inet dhcp
auto eth0
    iface eth0 inet static
    address 192.168.3.1
    netmask 255.255.255.0
    network 192.168.3.0
    dns-nameservers 192.168.3.30 202.134.1.10

Then restart the network
/etc/init.d/networking restart

Test ping to google, if the reply means successfully connected to the internet. Continue with the next command.
 
Update and install support files
apt-get update
apt-get install mc vim iptraf
apt-get install gcc g++ make
apt-get install sysv-rc-conf
 

Download and install squid
cd / usr / local
wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.23.tar.gz
tar zxvf squid-3.1.23.tar.gz
cd squid-3.1.23

./configure --prefix=/usr   --exec-prefix=/usr   --bindir=/usr/sbin   --sbindir=/usr/sbin   --sysconfdir=/etc/squid   --datadir=/usr/share/squid   --includedir=/usr/include   --libdir=/usr/lib   --libexecdir=/usr/lib/squid   --localstatedir=/var   --sharedstatedir=/usr/com   --mandir=/usr/share/man   --infodir=/usr/share/info   --x-includes=/usr/include   --x-libraries=/usr/lib   --enable-shared=yes   --enable-static=no   --enable-carp    --enable-storeio=aufs,ufs   --enable-removal-policies=heap,lru   --disable-icmp   --disable-delay-pools   --disable-esi   --enable-icap-client   --enable-useragent-log   --enable-referer-log   --disable-wccp   --enable-wccpv2   --disable-kill-parent-hack   --enable-snmp   --enable-cachemgr-hostname=localhost   --enable-arp-acl   --disable-htcp  --disable-forw-via-db   --disable-follow-x-forwarded-for   --enable-cache-digests    --disable-poll   --enable-epoll   --enable-linux-netfilter   --disable-ident-lookups   --enable-default-hostsfile=/etc/hosts    --with-default-user=squid   --with-large-files  --enable-mit=/usr   --with-logdir=/var/log/squid   --enable-http-violations   --enable-zph-qos   --with-filedescriptors=65536   --enable-gnuregex --enable-async-io=64 --with-aufs-threads=64  --with-pthreads --with-aio  --enable-default-err-languages=English --enable-err-languages=English --disable-hostname-checks --enable-underscores
make; make install


For the example startup and the configuration squid, can be seen from the previous article (http://myconfigure.blogspot.com/2013/01/squid-3122-example-squidconf-squid.html). Before creating a new squid.conf, do not forget to backup the default configuration of squid.

mv /etc/squid/squid.conf  /etc/squid/squid.conf.old
vim /etc/squid/squid.conf

And for the start-up squid, create and place it in /etc/init.d/squid. Do not forget saved.
vim /etc/init.d/squid


Change permissions to be executed.
chmod 755 /etc/init.d/squid update-rc.d squid defaults

Do some command line depending your squid.conf
useradd squid
chown -Rf squid:squid /cache
chown -Rf squid:squid /var/log/squid/
cd /etc/squid/
mkdir swap
chown squid:squid swap
squid -z

Run squid.
/etc/init.d/squid start

Check the error log cache ( /var/log/squid/cache). If no error means squid successfully installed.

Download and install Shorewall

cd /usr/local

wget http://slovakia.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.5/shorewall-4.5.7/shorewall-4.5.7.tgz
wget http://slovakia.shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_4.5/shorewall-4.5.7/shorewall-core-4.5.7.tgz
tar zxvf shorewall-core-4.5.7.tgz
cd shorewall-core-4.5.7
./configure
./install.sh
cd..
tar zxvf shorewall-4.5.7.tgz
cd shorewall-4.5.7
ls -il
./configure
./install.sh \
vim /etc/default/shorewall


Find word "startup", and change "startup = 0" to "startup = 1"
 
Configure shorewall
Copy the example configuration shorewall
cp /usr/share/shorewall/configfiles/* /etc/shorewall/

And make sure there is a few command line below, in each file

/etc/shorewall/zones
#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
loc     ipv4

/etc/shorewall/interfaces
###############################################################################
FORMAT 2
###############################################################################
#ZONE           INTERFACE               OPTIONS
loc     eth0    -

/etc/shorewall/policy
#SOURCE DEST    POLICY          LOG     LIMIT:          CONNLIMIT:
#                               LEVEL   BURST           MASK
loc     fw      ACCEPT
fw      loc     ACCEPT
loc     all     DROP
all     all     REJECT

/etc/shorewall/rules
SECTION NEW
#transparent proxy
REDIRECT        loc     3127    tcp     80,8080,3128    -        !192.1683.1

run shorewall
shorewall start
 

Mikrotik
I use Mikrotik RB 450G, check the configuration on previous article. (http://myconfigure.blogspot.com/2013/01/backup-konfigurasi-mikrotik.html) .. :)

At this point, it should be able to run a squid proxy duties, as a transparent proxy. Try to browsing on the client side. Also check the log on the side of the squid.
tail -f /var/log/squid/access. 


If successful browsing, meaning you can surfing internet ... :) Congratulations ...!!

2 comments:

  1. Discover how 1,000's of individuals like YOU are working for a LIVING from home and are living their dreams TODAY.
    CLICK HERE TO START IMMEDIATELY

    ReplyDelete