Transparent Proxy With Squid
I am using 2 lan card :-
eth0 – 192.168.0.100 ( Private Line )
eth1 – 192.168.100.100 ( BSNL Line )
[root@localhost ~]# yum install squid*
[root@localhost ~]# yum install caching-nameserver*
[root@localhost ~]# yum install dhcp*
[root@localhost ~]# cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
[root@localhost ~]# vim /etc/dhcpd.conf ===> Change The Lines
ddns-update-style interim;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.10;
option subnet-mask 255.255.255.0;
# option nis-domain "domain.org";
option domain-name "raju.com";
option domain-name-servers 192.168.0.10;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 192.168.0.11 192.168.0.12;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
# host ns {
# next-server marvin.redhat.com;
# hardware ethernet 12:34:56:78:AB:CD;
# fixed-address 207.175.42.254;
# }
}
file save & quit
[root@localhost ~]# vim /etc/named.caching-nameserver.conf ====> change the lines
options {
listen-on port 53 { 127.0.0.1; 192.168.0.10; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost; any;};
allow-query-cache { localhost;any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; any; };
match-destinations { localhost; any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
file save & quit
[root@localhost ~]# vim /etc/squid/squid.conf
Change the Lines
Search 3128 in the file and change
http_port 192.168.0.10:3128 transparent
acl our_networks src 192.168.2.0/24
http_access allow our_networks
IPTABLES rules
I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[root@localhost ~]# /etc/init.d/iptables save
[root@localhost ~]# /etc/init.d/iptables restart
[root@localhost ~]# /etc/init.d/iptables status ==> i give you the iptables status output
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@localhost ~]# vim /etc/rc.local ==> edit the Lines
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[root@localhost ~]# /etc/init.d/iptables restart
[root@localhost ~]# /etc/init.d/squid restart
[root@localhost ~]# /etc/init.d/dhcpd restart
[root@localhost ~]# chkconfig iptables on
[root@localhost ~]# chkconfig squid on
[root@localhost ~]# chkconfig dhcpd on
eth0 – 192.168.0.100 ( Private Line )
eth1 – 192.168.100.100 ( BSNL Line )
[root@localhost ~]# yum install squid*
[root@localhost ~]# yum install caching-nameserver*
[root@localhost ~]# yum install dhcp*
[root@localhost ~]# cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf
[root@localhost ~]# vim /etc/dhcpd.conf ===> Change The Lines
ddns-update-style interim;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.10;
option subnet-mask 255.255.255.0;
# option nis-domain "domain.org";
option domain-name "raju.com";
option domain-name-servers 192.168.0.10;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 192.168.0.11 192.168.0.12;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
# host ns {
# next-server marvin.redhat.com;
# hardware ethernet 12:34:56:78:AB:CD;
# fixed-address 207.175.42.254;
# }
}
file save & quit
[root@localhost ~]# vim /etc/named.caching-nameserver.conf ====> change the lines
options {
listen-on port 53 { 127.0.0.1; 192.168.0.10; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost; any;};
allow-query-cache { localhost;any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; any; };
match-destinations { localhost; any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
file save & quit
[root@localhost ~]# vim /etc/squid/squid.conf
Change the Lines
Search 3128 in the file and change
http_port 192.168.0.10:3128 transparent
acl our_networks src 192.168.2.0/24
http_access allow our_networks
IPTABLES rules
I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[root@localhost ~]# /etc/init.d/iptables save
[root@localhost ~]# /etc/init.d/iptables restart
[root@localhost ~]# /etc/init.d/iptables status ==> i give you the iptables status output
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@localhost ~]# vim /etc/rc.local ==> edit the Lines
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[root@localhost ~]# /etc/init.d/iptables restart
[root@localhost ~]# /etc/init.d/squid restart
[root@localhost ~]# /etc/init.d/dhcpd restart
[root@localhost ~]# chkconfig iptables on
[root@localhost ~]# chkconfig squid on
[root@localhost ~]# chkconfig dhcpd on
Comments
Post a Comment