Friday, 16 September 2011

SQUID proxy server

PROXY srvr


# yum install squid
# vi /etc/ squid/squid.conf
# Squid normally listens to port 3128 ------ #you can change this port
http_port 3128

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl QPNOC src 192.168.1.0/24 --------------- add you network to access list

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
http_access allow QPNOC -----------------------# allow the nework you add in the ACL
and make sure you add it before http_access deny all

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

# service squid restart
# ntsysv
# vi /etc/sysconfig/iptables ---- add the port to the table (port that you define to squid.conf)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT

# service iptables restart

# tail -f /var/log/squid/access.log ------ users websites access, etc


Lot of stuff in the config file that you can play around.

You can tweak firewall too, so that when the users make it as a gateway, it will redirect all web traffic to proxy server

No comments:

Post a Comment