Monday, June 23, 2014

Creating Proxy Server Ubuntu

Creating Proxy Server Ubuntu


about proxy servers? Want to create a proxy server? Need not ask the professionals make it, just follow these references as needed later improvasi proxy sure you can walk properly. I do not discuss in-depth about the proxy server, please use other references for better understanding. I suggest you read the introduction squid diwebsite official. In theory, the proxy has the main function caching, filtering and authentication (pembasan leads to this function)

I wrote this documentation when creating a proxy server using Squid in Ubuntu 8.04-based gateway machine with 2 ethernet card is eth0 and eth1 for the internet connection to the local network. Here's how I do.
Making Ubuntu 8.04 Server Proxy with squid
1. Install ubuntu proxy package
root @ geek: ~ # apt-get install squid
Make sure there is no error during the installation process. If not connected to the Internet should use ubuntu cd repository. But remember to test the proxy goes well will still need an internet connection.

2. Configuring squid proxy
- Do not forget to backup orginal proxy configuration file
root @ geek: ~ # cp / etc / squid / squid.conf / etc / squid / squid.conf.orig
- Create a directory proxy swap
root @ geek: ~ # mkdir / data / proxy
- Set Directory Permissions
root @ geek: ~ # chown proxy.proxy-R / data / proxy
chmod 750-R / data / proxy
- The configuration file squid.conf
root @ geek: ~ # vim / etc / squid / squid.conf
http_port 8080
hierarchy_stoplist cgi-bin?
cache_effective_user proxy
cache_effective_group proxy
cache_dir ufs / data / proxy 1000 16 256
access_log / var / log / squid / access.log squid
cache_mgr gue@wevils.com
visible_hostname www.wevils.com
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
to_localhost acl dst 127.0.0.0 / 8
acl intranet src 192.168.10.0/24
acl blokporno dstdomain "/ etc / squid / block-url.txt"
url_regex blokkeyword acl-i "/ etc / squid / block-keyword.txt"
SSL_ports acl port 443 # https
SSL_ports acl port 563 # sNews
SSL_ports acl port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # GSS-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # http multiling
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny! Safe_ports
http_access deny CONNECT! SSL_ports
http_access allow localhost
http_access deny blokporno
http_access deny blokkeyword
http_access allow intranet
http_access deny all
icp_access deny all
refresh_pattern ^ ftp:1440 20% 10080
refresh_pattern ^ gopher: 1440 0% 1440
refresh_pattern-i (/ cgi-bin / | \?) 0 0% 0
refresh_pattern. 0 20% 4320
acl apache rep_header Server ^ Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file / etc / hosts
coredump_dir / var / spool / squid

Save and exit

- Create a list of sites that are blocked
root @ geek: ~ # vim / etc / squid / block-url.txt
www.yahoo.com
- Create a list of keywords that are blocked
root @ geek: ~ # vim / etc / squid / block-keyword.txt
porn
sex
- Create swap directories
root @ geek: ~ # squid-z
Attention:
- Setting up a proxy on port 8080 where the default proxy port 3128

3. Restarting service squid
root @ geek: ~ # / etc / init.d / squid restart

4. Testing in client
- Change the settings of the browser to use a proxy
Tools ~ Options ~ ~ Tab Advance Network
- Enter the proxy IP address and port to remember 8080
- Testing Browsing
www.yahoo.com
If Appears Error messeges like this means that the proxy is running well.
ERROR
The requested URL could not be retrieved
If you want more convincing check squid proxy logs while browsing on client
root @ geek: ~ # tail-f / var / log / squid / access.log
Note the running processes.

5. Transparent Proxy
Technique is to use a proxy server without the need to setup a proxy server ip and port in every browser on the client, this is because the essence of the word transparent proxy ip address and port are not visible in the browser client. This technique is very easy because the ip forwarding quite a redirect request that leads to the port 80 as the default port currently browsing process occurs. Port 80 is quite redirected to proxy port 8080 then we use that all the connections in the forced past the proxy server machine we make.
- Add transparent settings in squid.conf
http_port 8080 transparent
- Redirect port 80 (webserver) to 8080 (proxy server)
Redirect all requests that lead to port 80 to the proxy port that we created is 8080. We use iptables
root @ geek: ~ # iptables-t nat-A PREROUTING-p tcp - dport 80-j REDIRECT - to-port 8080
Make sure the ip forward on your proxy machine is already active. Make sure the value 1 in the file / proc/sys/net/ipv4/ip_forward. If not should be enabled as it will be useless ..
root @ geek: ~ # echo 1> / proc/sys/net/ipv4/ip_forward

Here are the results of a new rule that I enter
root @ geek: ~ # iptables-t nat-nL
Chain PREROUTING (policy ACCEPT)
the target prot opt source destination
REDIRECT tcp - 0.0.0.0 / 0 0.0.0.0 / 0 tcp dpt: 80 redir ports 8080
- Restart Squid
root @ geek: ~ # / etc / init.d / squid restart
- Testing
If previously in a browser client we still manual setup ipaddress and port it is now with the active proxy transparent proxy need not be bothered to setup one-on-one. Let the network settings in the browser without a proxy or select auto-detect should go well.

Up here a simple proxy functionality that is already well underway caching and filtering functions. So enjoy it ..
May be useful!

No comments:

Post a Comment