1.SQUID PROXY
BASIC
TRANSPARENT SQUID PROXY
CHILD SQUID PROXY
WITHOUT SQUID:
==============
ISP
|
|-----|SWITCH(Normal)|-----|---PC
|---PC1
|---PC2
SQUID PROXY:
=========
BASIC
TRANSPARENT SQUID PROXY
CHILD SQUID PROXY
WITHOUT SQUID:
==============
ISP
|
|-----|SWITCH(Normal)|-----|---PC
|---PC1
|---PC2
SQUID PROXY:
=========
use: To share the internet through out the network with filter
[ISP] (dhcp/static)
|
|
[eth0]
|
______
| |
| |
| |--->(cache saved in /var/spool/squid)
| | ........................
-------- |
| |
| |.........................
[eth1]--------[SWITCH]--|---[_]-->...{www.google.com}
|---[_]
|---[_]
|---[_]
Profile: It is use for to share the internet throughout the network with filter
Package: squid, httpd
Port: 3128(default )
Demons:squid
script: /etc/init.d/squid
Configuration file: /etc/squid/squid.conf
Related: ACL
Service type: system-V-manage service
To configure squid we Required:
-->PC with 2 NIC cards names eth0 and eth1
-->ISP (internet public IP address) dhcp/static 51.73.171.26 provide to eth0
check 3128 port is open or not
#netstat -ntlp | grep 3128
RULES in squid server
1. allow the network (eg: src )
2. Deny the website (eg: dstdomain)
3. Deny the Bad Words (eg: url_regex)
4. Time resoritation (eg: time)
5. password Auth for MD (eg: proxy_Auth)
STEPS to configure the SQUID PROXY:
========================
step 1. install squid ,http packages
#yum install squid* http* -y
step 2.Restart and enable services
#service squid restart
#service httpd restart
#chkconfig squid on
#chkconfig httpd on
3.To allow the Network
==============
go to squid configuration file, i.e,
#vim /etc/squid/squid.conf
1.search for word "http_port" it is the squid listens port 3128 defalt( use /http_port to search)
2.search for word "INSERT" add below line
acl mynet<rulename> src(keyword> 192.168.0.0/24
http_access allow mynet
save and exit
3. restart service
#service squid restart
4.To deny website
============
#vim /etc/squid/squid
#INSERT your own RULES:
Service type: system-V-manage service
To configure squid we Required:
-->PC with 2 NIC cards names eth0 and eth1
-->ISP (internet public IP address) dhcp/static 51.73.171.26 provide to eth0
check 3128 port is open or not
#netstat -ntlp | grep 3128
RULES in squid server
1. allow the network (eg: src )
2. Deny the website (eg: dstdomain)
3. Deny the Bad Words (eg: url_regex)
4. Time resoritation (eg: time)
5. password Auth for MD (eg: proxy_Auth)
STEPS to configure the SQUID PROXY:
========================
step 1. install squid ,http packages
#yum install squid* http* -y
step 2.Restart and enable services
#service squid restart
#service httpd restart
#chkconfig squid on
#chkconfig httpd on
3.To allow the Network
==============
go to squid configuration file, i.e,
#vim /etc/squid/squid.conf
1.search for word "http_port" it is the squid listens port 3128 defalt( use /http_port to search)
2.search for word "INSERT" add below line
acl mynet<rulename> src(keyword> 192.168.0.0/24
http_access allow mynet
save and exit
3. restart service
#service squid restart
4.To deny website
============
#vim /etc/squid/squid
#INSERT your own RULES:
acl mynet src 192.168.0.0/24
acl password proxy_auth REQUIRED
acl badsites dstdomain www.yahoo.com
acl badtime time 10:00-16:00 #(10am to 4pm)
acl badwords url_regex -i "/etc/badwords" #(create file /etc/badwords and write all bad words)
http_access deny badwords badtime
http_access deny badsites
http_access allow password
http_access allow mynet
To allowing users in bad time:===================
1.install a package htpasswd
#yum install http* -y
2. To allow user called bob
#htpasswd -mc /usr/etc/passwd bob
3. search for word called ncsa and write the following
auth_param basic program /usr/lib/squid/ncsa_auth /usr/etc/passwd
******************************************************
SQUID TRANSPARENT CONFIGURATION:=========================
Please follow these steps you will configure the squid with
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
save & quit
#vim /etc/squid/squid.conf
##--please enable this options--##
http_port 3128 transparent
acl our_network src 192.168.1.0/24
http_access allow our_network
cache_mem 16M
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
store_log /var/log/squid/store.log
cache_dir /var/spool/squid 200016 256
cache_mgr user@desktop7.example.com
visible_hostname desktop7.example.com
save and quit
#squid -z
#service squid restart
#then if u want to make it transparent kindly add rules to iptable firewall##
#iptable -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
##If you would like to redirect the all http traffic through the proxy without needing to setup a proxy manually in all your applications you will need to add some rules,,
#ipables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
#####......Note: eth0 is connected with your LAN switch.......##
CHILD PROXY CONFIGURATION:==========================
_________
| |
| |MAIN PROXY SERVER
| |192.168.0.254
| |
| |
| |
-------------
__________
| |
| |CHILD PROXY SERVER
| |
| |
| |
| |
--------------
#vim /etc/squid/squid.conf
##search word for cache_peer
##uncomment following line
SQUID TRANSPARENT CONFIGURATION:=========================
Please follow these steps you will configure the squid with
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
save & quit
#vim /etc/squid/squid.conf
##--please enable this options--##
http_port 3128 transparent
acl our_network src 192.168.1.0/24
http_access allow our_network
cache_mem 16M
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
store_log /var/log/squid/store.log
cache_dir /var/spool/squid 200016 256
cache_mgr user@desktop7.example.com
visible_hostname desktop7.example.com
save and quit
#squid -z
#service squid restart
#then if u want to make it transparent kindly add rules to iptable firewall##
#iptable -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
##If you would like to redirect the all http traffic through the proxy without needing to setup a proxy manually in all your applications you will need to add some rules,,
#ipables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
#####......Note: eth0 is connected with your LAN switch.......##
CHILD PROXY CONFIGURATION:==========================
_________
| |
| |MAIN PROXY SERVER
| |192.168.0.254
| |
| |
| |
-------------
__________
| |
| |CHILD PROXY SERVER
| |
| |
| |
| |
--------------
#vim /etc/squid/squid.conf
##search word for cache_peer
##uncomment following line
hostname type Proxy icp port options
cache_peer 192.168.0.254 parent 3128 3130 default
#service squid restart
Nice article with brief explanation.
ReplyDeleteThank you for such a wonderful Information !!
ReplyDeleteHere is a list of Top LINUX INTERVIEW QUESTIONS
Linux FTP vsftpd Interview Questions
SSH Interview Questions
Apache Interview Questions
Nagios Interview questions
IPTABLES Interview Questions
Ldap Server Interview Questions
LVM Interview questions
Sendmail Server Interview Questions
YUM Interview Questions
NFS Interview Questions
Read More at :- Linux Troubleshooting
It’s appropriate time to make some plans for the future and it is time to be happy. I have read this post and if I could I wish to suggest you few interesting things or advice. Perhaps you could write next articles referring to this article. I desire to read even more things about it! 1337x
ReplyDelete
ReplyDeleteThank you for sharing this Information.
I also found Various useful links related to Devops, Docker & Kubernetes
Kubernetes Kubectl Commands CheatSheet
Introduction to Kubernetes Networking
Basic Concept of Kubernetes
Kubernetes Interview Question and Answers
Kubernetes Sheetsheat
Docker Basic Tutorial
Linux Sar Command Tutorial
Linux Interview Questions and Answers
Docker Interview Question and Answers
OpenStack Interview Questions and Answers
This comment has been removed by the author.
ReplyDeleteI got too much interesting stuff on your blog. I guess I am not the only one having all the enjoyment here! Keep up the good work. 1337x
ReplyDeleteAnother form of Internet is the cable broadband Internet. In this type, the data is transferred from the ISP to the computer through coaxial cables. Users will be able to watch their favorite programs on television and use the Internet simultaneously. Unblock Kickass
ReplyDelete