PROXY srvr
# yum install squid
# vi /etc/ squid/squid.conf
# Squid normally listens to port 3128 ------ #you can change this port
http_port 3128
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl QPNOC src 192.168.1.0/24 --------------- add you network to access list
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
http_access allow QPNOC -----------------------# allow the nework you add in the ACL
and make sure you add it before http_access deny all
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
# service squid restart
# ntsysv
# vi /etc/sysconfig/iptables ---- add the port to the table (port that you define to squid.conf)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT
# service iptables restart
# tail -f /var/log/squid/access.log ------ users websites access, etc
Lot of stuff in the config file that you can play around.
You can tweak firewall too, so that when the users make it as a gateway, it will redirect all web traffic to proxy server
No comments:
Post a Comment