NETWORK TOPOLOGY
Client with network address (192.168.2.0) access the internet via eth1 (192.168.2.50) on Ubuntu Server machine, eth0 (192.168.1.50) will represent the client connection to modem / gateway (192.168.1.200). This typology requires client to make proxy as a gateway that can make proxy true transparent. The easiest way to make proxy as the main gateway is installing dhcp server on Ubuntu machine. See How to configure Ubuntu as Dhcp Server.
Illustration
FOLLOW THE STEPS BELOW TO INSTALL SQUID 3.5.7:
- INSTALL ADDITIONAL PROGRAMS THAT REQUIRED BY SQUID 3.5.7
Login as root:# sudo suNote:
"For prevent some errors on adding programs do these step, skip if your Ubuntu Server has been updated."# nano /etc/apt/sources.list
deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu/ trusty universe
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty universe
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe
deb http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib - INSTALLING SQUID 3.5.7 (Latest 3.5.13)
a. Download and Extract, choose one!
# wget -O - http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.7.tar.gz | tar zxfv -
# cd squid-3.5.7
Or The Latest Version Of Squid.
# wget -O - http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.13.tar.gz | tar zxfv -
# cd squid-3.5.13(for lines 2-4, adjust your processor specifications to maximize the number of cores that will be used to handle Squid proxy process , eg core2duo . Guidelines for other processors here..)b. Compile and Install Squid 3.5.x./configure \
CHOST="x86_64-pc-linux-gnu" \
CFLAGS="-march=core2 -O2 -pipe" \
CXXFLAGS="${CFLAGS}" \
--build=x86_64-linux-gnu \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libdir=/usr/lib \
--sharedstatedir=/usr/com \
--includedir=/usr/include \
--localstatedir=/var \
--libexecdir=/usr/lib/squid \
--srcdir=. \
--datadir=/usr/share/squid \
--sysconfdir=/etc/squid \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--x-includes=/usr/include \
--x-libraries=/usr/lib \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--enable-err-languages=English \
--enable-default-err-language=English \
--enable-storeio=ufs,aufs,diskd \
--enable-linux-netfilter \
--enable-removal-policies=lru,heap \
--enable-gnuregex \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-zph-qos \
--enable-delay-pools \
--enable-snmp \
--enable-underscores \
--with-openssl \
--enable-ssl-crtd \
--enable-http-violations \
--enable-async-io=24 \
--enable-storeid-rewrite-helpers \
--with-large-files \
--with-libcap \
--with-netfilter-conntrack \
--with-included-ltdl \
--with-maxfd=65536 \
--with-filedescriptors=65536 \
--with-pthreads \
--without-gnutls \
--without-mit-krb5 \
--without-heimdal-krb5 \
--without-gnugss \
--disable-icap-client \
--disable-wccp \
--disable-wccpv2 \
--disable-dependency-tracking \
--disable-auth --disable-epoll \
--disable-ident-lookups \
--disable-icmp - CUSTOMIZING Of SQUID 3.5.x CONFIGURATION
a. Squid.conf
# mv /etc/squid/squid.conf /etc/squid/squid.conf.backup
# wget --no-check-certificate -O /etc/squid/squid.conf https://raw.githubusercontent.com/cyberscie/cyberscie.com/master/server/squid-3.5.5/step1/squid.conf
(Adjust with Your Network Conditions)
# nano /etc/squid/squid.conf
(Check if there are missed configuration)
# squid -k parse
b. Store-id.pl
Store-id.pl is cache key used by squid. Please download store-id.pl configuration!
# wget --no-check-certificate -O /etc/squid/store-id.pl https://raw.githubusercontent.com/cyberscie/cyberscie.com/master/server/squid-3.5.5/store-id.pl -
MAKING CACHE DIRECTORY And SQUID 3.5.x CERTIFICATES
a. Make Directory of Cache. eg:
# mkdir /cache/cache
b. Make Certificates
# cd /etc/squid
# mkdir ssl_certs
(Note! fill in the data as you want)
# openssl genrsa -out squid.key 2048
# openssl req -new -key squid.key -out squid.csr -nodes
# openssl x509 -req -days 3652 -in squid.csr -signkey squid.key -out squid.crt
c. Make Cache Directory of Certificate that Using by Squid
# mkdir /var/lib/squid(be sure that there are no errors)
# chown -R nobody /var/lib/squid/
# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db - MAKING A SQUID 3.5.x START UP FILE
# wget --no-check-certificate -O /etc/init.d/squid https://raw.githubusercontent.com/cyberscie/cyberscie.com/master/server/squid-3.5.5/squid
Customize squid start up file as your needs
# nano /etc/init.d/squid
Note:
Find this words "cache_dir=`find_cache_dir cache_dir /cache/cache`"
"/cache/cache" Change this path of folder according your cache directory
Making auto start up squid programs on boot.
# update-rc.d squid defaults - CREATING Of SQUID 3.5.x FOLDER And FILE ACCESS RIGHTS
Type or copy on command line. (Note! User Name: proxy)
# chown -R proxy:proxy /etc/squid/squid.conf | chown -R proxy:proxy /usr/lib/squid | chown -R proxy:proxy /var/lib/squid/ssl_db/certs | chown -R proxy:proxy /etc/squid/store-id.pl | chown -R proxy:proxy /cache/cache | chown -R proxy:proxy /var/log/squid | chown -R proxy:proxy /var/log/squid/access.log | chmod 777 /cache/cache | chmod 777 /var/log/squid | chmod 777 /var/log/squid/access.log | chmod 755 /var/lib/squid/ssl_db/certs | chmod +x /etc/init.d/squid - STARTING SQUID 3.5.x
Making caches directories and starting squid 3.5.x
# squid -f /etc/squid/squid.conf -z
Whait a while.., hit ctrl+c for get back to main terminal (command line). Restart Squid 3.5.x
# squid restart
Make sure that there are many errors appears.
# /etc/init.d/squid status - CONFIGURE SQUID 3.5.x As TRANSPARENT PROXY
See illustration at upper side of this article!
Configure rc.local file
# nano /etc/rc.local
Add these lines!
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
iptables -I INPUT -p tcp -m tcp --dport 3129 -j ACCEPT
modprobe xt_TPROXY
modprobe xt_socket
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -d 192.168.1.50 -p tcp -m multiport --dports 22,80,443,3127,3128,3129,8000,8080,10000 -j ACCEPT
iptables -t mangle -A PREROUTING ! -d 192.168.1.50 -p tcp -m multiport --dports 80,8080,8000 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
iptables -t mangle -A PREROUTING ! -d 192.168.1.50 -p tcp -m multiport --dports 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
exit 0Note:
As you see, port 3128 not configured. This to left port 3128 for http traffic, and use for individual setting. eg. for trading software that not working with transparent https proxy. - FINISHING STEP
Restart Server.
Copy Squid.crt in "/etc/squid/ssl_certs" to the browser (Eg. Mozilla /Chrome/ Opera)
# apt-get update
# apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze libfile-readbackwards-perl libcap2 libcap-dev libcap2-dev libnetfilter-conntrack-dev -y
# apt-get install devscripts build-essential openssl libssl-dev fakeroot libcppunit-dev libsasl2-dev cdbs ccze libfile-readbackwards-perl libcap2 libcap-dev libcap2-dev libnetfilter-conntrack-dev -y
# apt-get install ccze sysv-rc-conf -y
# make && make install
Result Hits
--with-netfilter-conntrack \
ReplyDeletenot found
penambahan
ReplyDeleteapt-get install libnetfilter-conntrack-dev
Youtube shows serious delays full time with chrome firefox, in IE all works perfectly
ReplyDeleteerror
ReplyDeleteroot@hihi:/home/hi/squid-3.5.9# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
bash: /usr/lib/squid/ssl_crtd: No such file or directory
help
# mkdir /var/lib/squid
Delete# chown -R nobody /var/lib/squid/
# chown -R proxy /var/lib/squid/
# chown -R proxy:proxy /var/lib/squid/
# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
# chmod -R 777 /var/lib/squid/ssl_db
same problem
Deleteroot@hihi:/home/hi# mkdir /var/lib/squid
mkdir: cannot create directory â/var/lib/squidâ: File exists
root@hihi:/home/hi# chown -R nobody /var/lib/squid/
root@hihi:/home/hi# chown -R proxy /var/lib/squid/
root@hihi:/home/hi# chown -R proxy:proxy /var/lib/squid/
root@hihi:/home/hi# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
bash: /usr/lib/squid/ssl_crtd: No such file or directory
root@hihi:/home/hi# chmod -R 777 /var/lib/squid/ssl_db
chmod: cannot access â/var/lib/squid/ssl_dbâ: No such file or directory
root@hihi:/home/hi#
This comment has been removed by the author.
Deleteroot@hihi:/home/hi# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
Deletecoba
mkdir /var/lib/squid ---->exists
cd /var/lib/squid
mkdir ssl_db
tank u suheri & nam
Deletebut problem same
root@hihi:/home/hi# cd squid-3.5.7
root@hihi:/home/hi/squid-3.5.7# chown -R nobody /var/lib/squid/
root@hihi:/home/hi/squid-3.5.7# chown -R proxy /var/lib/squid/
root@hihi:/home/hi/squid-3.5.7# chown -R proxy:proxy /var/lib/squid/
root@hihi:/home/hi/squid-3.5.7# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
bash: /usr/lib/squid/ssl_crtd: No such file or directory
root@hihi:/home/hi/squid-3.5.7# mkdir ssl_db
root@hihi:/home/hi/squid-3.5.7# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
bash: /usr/lib/squid/ssl_crtd: No such file or directory
root@hihi:/home/hi/squid-3.5.7# mkdir /var/lib/squid
mkdir: cannot create directory â/var/lib/squidâ: File exists
root@hihi:/home/hi/squid-3.5.7# cd /var/lib/squid
root@hihi:/var/lib/squid# mkdir ssl_db
root@hihi:/var/lib/squid# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
bash: /usr/lib/squid/ssl_crtd: No such file or directory
root@hihi:/var/lib/squid# chmod -R 777 /var/lib/squid/ssl_db
root@hihi:/var/lib/squid# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
bash: /usr/lib/squid/ssl_crtd: No such file or directory
root@hihi:/var/lib/squid#
./configure \
DeleteCHOST="x86_64-pc-linux-gnu" \
CFLAGS="-march=core2 -O2 -pipe" \
CXXFLAGS="${CFLAGS}" \
--build=x86_64-linux-gnu \
......
--libexecdir=${prefix}/lib/squid \
.....
Change :
./configure \
--prefix=/usr \
...
--libexecdir=/usr/lib/squid \
...
--build=x86_64-linux-gnu \
build_alias=x86_64-linux-gnu
# mkdir /var/lib/squid
root@vanhung# chown -R nobody /var/lib/squid/
root@vanhung# chown -R proxy /var/lib/squid/
root@vanhung# chown -R proxy:proxy /var/lib/squid/
root@vanhung# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
root@vanhung# chmod -R 777 /var/lib/squid/ssl_db
to zoro
Deleteroot@hihi:/home/hi#cd
root@hihi#
root@hihi#cd squid-3.5.7
make && make install
root@hihi:~/squid-3.5.7# mkdir /var/lib/squid
Deleteroot@hihi:~/squid-3.5.7# chown -R nobody /var/lib/squid/
root@hihi:~/squid-3.5.7# chown -R proxy /var/lib/squid/
root@hihi:~/squid-3.5.7# chown -R proxy:proxy /var/lib/squid/
root@hihi:~/squid-3.5.7# cd ..
root@hihi:~# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
-su: /usr/lib/squid/ssl_crtd: No such file or directory
root@hihi:~# ^C
root@hihi:~# mkdir /var/lib/squid
mkdir: cannot create directory â/var/lib/squidâ: File exists
root@hihi:~# chown -R nobody /var/lib/squid/
root@hihi:~# chown -R proxy /var/lib/squid/
root@hihi:~# chown -R proxy:proxy /var/lib/squid/
root@hihi:~#
root@hihi:~# /usr/lib/squid/ssl_crtd -c -s /var/lib/squid/ssl_db
-su: /usr/lib/squid/ssl_crtd: No such file or directory
root@hihi:~# chmod -R 777 /var/lib/squid/ssl_db
chmod: cannot access â/var/lib/squid/ssl_dbâ: No such file or directory
root@hihi:~#
same probelm
Sorry all..
DeleteTo Solve the problems, make sure all Compiling scripts runs well. Especially "--enable-ssl-crtd \". If you has compiled squid, See the logs. And be sure that "--enable-ssl-crtd \" not error. Thanks
How can I be sure of that ???
DeleteI CONFIG ME
Delete./configure \
CHOST="x86_64-pc-linux-gnu" \
CFLAGS="-march=corei7-avx -O2 -pipe" \
CXXFLAGS="${CFLAGS}" \
--build=x86_64-linux-gnu \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libdir=/usr/lib \
--sharedstatedir=/usr/com \
--includedir=/usr/include \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid \
--srcdir=. \
--datadir=${prefix}/share/squid \
--sysconfdir=/etc/squid \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
--x-includes=/usr/include \
--x-libraries=/usr/lib \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--enable-err-languages=English \
--enable-default-err-language=English \
--enable-storeio=ufs,aufs,diskd \
--enable-linux-netfilter \
--enable-removal-policies=lru,heap \
--enable-gnuregex \
--enable-follow-x-forwarded-for \
--enable-x-accelerator-vary \
--enable-zph-qos \
--enable-delay-pools \
--enable-snmp \
--enable-underscores \
--with-openssl \
--enable-ssl-crtd \
--enable-http-violations \
--enable-async-io=24 \
--enable-storeid-rewrite-helpers \
--with-large-files \
--with-libcap \
--with-netfilter-conntrack \
--with-included-ltdl \
--with-maxfd=65536 \
--with-filedescriptors=65536 \
--with-pthreads \
--without-gnutls \
--without-mit-krb5 \
--without-heimdal-krb5 \
--without-gnugss \
--disable-icap-client \
--disable-wccp \
--disable-wccpv2 \
--disable-dependency-tracking \
--disable-auth --disable-epoll \
--disable-ident-lookups \
--disable-icmp
help
ReplyDeleteYoutube shows serious delays full time with chrome firefox,lots of "vary object loop!" (with youtube/HTML5 caching), in IE all works perfectly
ReplyDeleteThanks bro for your attention. The delays according me caused by the DNS that you used has hijacked by ISP. I Solved this problems by installing dns-crypt proxy on Ubuntu server. The post about dns-crypt proxy will present as soon as possible. Thanks
DeleteWe are waiting for the tutorial resolve this issue, thank you for your efforts
Deleteerror view by used
ReplyDeletesquid -k parse
2015/10/19 21:01:37| Processing: refresh_pattern ^ftp: 1440 20% 10080
2015/10/19 21:01:37| Processing: refresh_pattern ^gopher: 1440 0% 1440
2015/10/19 21:01:37| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2015/10/19 21:01:37| Processing: refresh_pattern . 0 20% 4320
2015/10/19 21:01:37| FATAL ERROR: logfile_daemon /usr/lib/squid/log_file_daemon: (2) No such file or directory
2015/10/19 21:01:37| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| WARNING: use of 'ignore-must-revalidate' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| WARNING: use of 'ignore-auth' in 'refresh_pattern' violates HTTP
2015/10/19 21:01:37| Initializing https proxy context
2015/10/19 21:01:37| Initializing https_port [::]:3129 SSL context
2015/10/19 21:01:37| Using certificate in /etc/squid/ssl_certs/squid.crt
FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:3129
Squid Cache (Version 3.5.7): Terminated abnormally.
CPU Usage: 0.017 seconds = 0.008 user + 0.008 sys
Maximum Resident Size: 42592 KB
Page faults with physical i/o: 1
Try to see:
ReplyDelete1. /usr/lib/squid/. Be Sure that "log_file_daemon" was there.
2. /etc/squid/ssl_certs/. Be Sure that "squid.crt" was there.
If there is no certain file, try to Install Squid from beginning. From step 1, adding sources list and do "apt-get update" and "apt-get upgrade". I am forget to mention this at current post. See tutorial video for this post. I hope this help you Zoro.
thank u Cyber Scie
Deletebut i am used "apt-get update" and "apt-get upgrade". same error ?
i used INSTALLATION UBUNTU SERVER 14.04 TRUSTY
/usr/lib/squid/ not forder squid but /usr/lib/ only
ReplyDelete/etc/squid/ssl_certs/ its clear
/usr/lib/squid/ not folder found squid but /usr/lib/ only
Delete/etc/squid/ssl_certs/ its clear
Ok, Your Ubuntu 14.04 OS likely missed some components. I will share to U a post about it (on "INSTALLATION UBUNTU SERVER 14.04 TRUSTY"). Thank's
DeleteIn the video shown in the 1:24 minute grub-pc tab
DeleteI did not show ..
Although I applied all the installation steps "INSTALLATION UBUNTU SERVER 14.04 TRUSTY" the same video
same problem
DeleteI Sure that you get some errors when installing Ubuntu Server, this cause problem on installing squid proxy. This article may help you Zoro to solve the problem on installing Ubuntu Server.
Deletehttp://www.cyberscie.com/2015/11/some-failures-on-installing-ubuntu-1404.html
This comment has been removed by the author.
DeleteI figured out what was the problem.
DeleteSomehow the prefix variable is ignored, so i explicitly added the path to libexecdir and datadir.
So i replaced these 2 lines:
--libexecdir=${prefix}/lib/squid \
--datadir=${prefix}/share/squid \
with:
--libexecdir=/usr/lib/squid \
--datadir=/usr/share/squid \
Now everything works fine. log_file_daemon is in /usr/lib/squid now
Nice work bro! I am glad to hear it (h)
DeleteI can operate as a HTTP proxy squid
ReplyDeletewith https he tells me that the certificate is invalid
I can not figure out what to vare last entry
FINISHING STEP
Restart Server.
Copy Squid.crt in "/ etc / squid / ssl_certs" to the browser (Eg. Mozilla / Chrome / Opera)
how should I copy the certificate in the browser of the client?
Thank you in advance
Thanks for visit.
DeleteGiovanni, you can see our article here in order to copy the Squid certificate.
http://www.cyberscie.com/2015/11/mounting-usb-flash-on-ubuntu-server-1404.html
ok, once I copied certificates in pendrive what do I do?
ReplyDeletethe problem for cachiare youtube you need a valid certificate. I can not go in the PC of my clients to put in valid certificates or what generated.
you can not acquire the certificate from youtube and cachare him the same?
always thanks and congratulations for your guides
From your browser eg. for Mozilla, go to Tools, Option, Advanced, Certificates, View Certificates, Authorities, Import (browse your pendrive, looking for "squid.crt"), Check all option, than Ok.
ReplyDeleteYour welcome Giovanni.
I can use the proxy as transparent without iptables? version 2.7 manual in squid.conf http_port 8080 transparent, in mikrotik net-map 172.10.0.0/xx dst-nat xxxx: 8080
ReplyDeleteIt is a simple configuration that allows me to divert traffic without using mangle even on different networks
Nice info bro, thanks so much.
ReplyDeleteNo additional iptables and netfilter modules are needed for this to work? For example xt_TPROXY, nf_tproxy_core, ipt_REDIRECT?
ReplyDeleteYou can see at step 8. Configure rc.local file, at several lines for xt_TPROXY, nf_tproxy_core, or ipt_REDIRECT Configuration.
DeleteThis comment has been removed by the author.
Deletefinal all ok
ReplyDeletebut step 6 view error
chown: cannot access /var/log/squid/access.log: No such file or directory
chown: chmod: cannot access /var/log/squid/access.log: No such file or directory
cannot access /usr/lib/squid/store-id.pl: No such file or directory
chmod: cannot access hihi:hihi: No such file or directory
and what user proxy
and file log not found
ReplyDeleteZoro, please repeat from the first step. This post has been updated. All errors has been fixed. Thanks for your attention.
Delete(c) (c) (c) (c) (c) (c) (c) (c) (c) (c) (c) (c) (c) (c) (c) (c)
1463512778.072 0 192.168.1.3 TCP_DENIED/200 0 CONNECT 192.168.1.8:3129 - HIER_NONE/- -
ReplyDelete1463512778.087 0 192.168.1.3 TCP_DENIED/200 0 CONNECT 192.168.1.8:3129 - HIER_NONE/- -
1463512778.095 0 192.168.1.3 TCP_DENIED/200 0 CONNECT 192.168.1.8:3129 - HIER_NONE/- -
1463512778.108 0 192.168.1.3 TCP_DENIED/200 0 CONNECT 192.168.1.8:3129 - HIER_NONE/- -
1463512778.124 0 192.168.1.3 TCP_DENIED/200 0 CONNECT 192.168.1.8:3129 - HIER_NONE/- -
1463512778.132 0 192.168.1.3 TCP_DENIED/200 0 CONNECT 192.168.1.8:3129 - HIER_NONE/- -
Error I am getting on accessing https sites after putting 3129 port as proxy in browser.
Kindly help.
If you facing problems on sensitive sites, you can put 3128 port on your browser proxy setting.
DeleteAfter installation with no errors, i tried to update microsoft windows 7, it gives me a code 80072F8F error, do you have a fix for caching microsoft updates with squid 3.5
ReplyDeleteThanks
Luma Ndikum
Same with @yashlancers, If you are facing problems on sensitive sites, you can put 3128 port on your browser proxy setting.
Deletehow to setup squid3 whit one Ethernet not two Ethernet just like that diagram https://www.google.iq/search?q=diagram+squid+one+ethernet&biw=1366&bih=638&tbm=isch&tbo=u&source=univ&sa=X&ved=0ahUKEwib-viOtYDRAhVqAsAKHVPGAGUQsAQIFw#imgrc=7m8MY6CPXj8dvM%3A
ReplyDeleteModem 192.168.1.254
Delete====================
| |
| Clients 192.168.1.1 - 192.168.1.14
Squid Proxy 192.168.1.50
========================
Its so simple, IP modem, squid proxy and clients are in one class. eg 192.168.1.0/24.
Change your /etc/rc.local (just commented lines):
-------------------------------------------------
# iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
# iptables -t mangle -A PREROUTING -d 192.168.1.50 -p tcp -m multiport --dports 22,80,443,3127,3128,3129,8000,8080,10000 -j ACCEPT
# iptables -t mangle -A PREROUTING ! -d 192.168.1.50 -p tcp -m multiport --dports 80,8080,8000 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
# iptables -t mangle -A PREROUTING ! -d 192.168.1.50 -p tcp -m multiport --dports 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t mangle -A PREROUTING -d 192.168.1.254 -p tcp -m multiport --dports 22,80,443,3127,3128,3129,8000,8080,10000 -j ACCEPT
iptables -t mangle -A PREROUTING ! -d 192.168.1.254 -p tcp -m multiport --dports 80,8080,8000 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
iptables -t mangle -A PREROUTING ! -d 192.168.1.254 -p tcp -m multiport --dports 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
--------------------------------------------------
Make your modem, as gateway/dns in static ip client. Your clients internet connections will intercepting by proxy. This topology fine implemented, if your proxy damaged. Client can connect trough your modem.
Hi Cyber Scie,
ReplyDeleteThanks for your great tutorial.
I followed your guide proxy work well. But I using isc-dhcpd-server with BIND 9, Nginx reverse proxy for Odoo server with Let's encrypt for 3 domain and sub-domain, in Lan when go to my domain http squid always denied(work with https) sub-domain always fail with error : Your connection is not secure.
Any advice?
Thanks and best regards.
Hi Lam Nguyen Hong, this article belongs to squid forward proxy. If you want to use squid reverse proxy inside forward proxy, you may read this link. http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate . If you use squid both forwad and reverse proxy, I think you don't need other proxy in your own web server. Thanks, may this help you.
Delete