Proxy server with Fre BSD
Transparent proxies are very useful for me personally in terms of ease of work. We do not bother anymore to configure the proxy on any client browser. If the client a bit,probably not much of a problem but if our client and added many more users who are not literate it, well imagine how hard work we must do.
Previously I had also made a personal documentation on configuring transparent proxy, but at that time configuration is done on a RedHat 9.0 machine. Yes itung-itunglearn to write is ... Who knows someday be useful. ameen
Udah ah-cuapnya cuap most. Regarding further theories about the transparent proxy, it's worth looking on the internet ya!
Ok we are directly facing us on a unix box yu ... ...
Previously I had also made a personal documentation on configuring transparent proxy, but at that time configuration is done on a RedHat 9.0 machine. Yes itung-itunglearn to write is ... Who knows someday be useful. ameen
Udah ah-cuapnya cuap most. Regarding further theories about the transparent proxy, it's worth looking on the internet ya!
Ok we are directly facing us on a unix box yu ... ...
Installing and configuring squid
Like the article MRTG installation on FreeBSD, this time I was still trying to rely on the installation through the port. Squid version that I use still use squid 2.5, the differencewith the 2.6 version I will try to discuss here. Direct yes ... ..
Like the article MRTG installation on FreeBSD, this time I was still trying to rely on the installation through the port. Squid version that I use still use squid 2.5, the differencewith the 2.6 version I will try to discuss here. Direct yes ... ..
ryan# pw groupadd squid
ryan# pw useradd squid –g squid –d /nonexistent –s /usr/sbin/nologin
ryan# cd /usr/ports/www/squid/
ryan# make config
choose options that will be included in your Squid installation phase, I add the following options:
SQUID_DELAY_POOLS # enable delay pools
SQUID_SNMP # enable snmp support
SQUID_HTCP # enable htcp support
SQUID_VIA_DB # enable forward/via database
SQUID_CACHE_DIGEST # enable cache digest
SQUID_UNDERSCORES # allow underscores in hostname
SQUID_USERAGENT_LOG # enable user-agent header logging
SQUID_ARP_ACL # enable acls based on ethernet address
SQUID_PF # enable transparent proxying with PF
SQUID_IPFILTER # enable transp. Proxying with IPFilter
SQUID_LARGEFILE # support log and cache files > 2 GB
SQUID_RCNG # install an rc.d style startup script
OK
ryan# make install clean (wait until the installation is finished)
ryan# cd /usr/local/etc/squid
sekarang edit file squid.conf
ryan# ee squid.conf
for more delicious just delete all the lines you have in squid.conf file, and then we try tocreate their own parameters that we will enter in this file. Here are the contents of mysquid.conf:
http_port 3128
icp_port 3130
htcp_port 4827
icp_query_timeout 2000
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 30 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache_effective_user squid
cache_effective_group squid
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 10000 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
ipcache_size 2048
ipcache_low 90
ipcache_high 100
fqdncache_size 2048
cache_replacement_policy heap LRU
memory_replacement_policy heap LRU
acl magic_words1 url_regex –i 202.*.*.*/* 192.*.*.*/24
acl magic_words2 url_regex –i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar
.avi .mpeg mpe .mpg .qt .ram .rm .iso.raw .wav
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 1 1
delay_parameters 1 1500/4000 1500/4000
delay_access 1 allow magic_words2
cache_dir diskd /cache/ 7000M 24 256 Q1=64 Q2=72
cache_dir diskd /cache2/ 7000M 24 256 Q1=64 Q2=72
cache_access_log /var/log/access.log
cache_log /var/log/cache_log
cache_store_log none
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
dns_nameservers 192.*.*.*
query_icmp on
logfile_rotate 10
request_header_max_size 100 KB
request_body_max_size 10 MB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^http:// 15 20% 43200
refresh_pattern ^ftp://.*/$ 15 20% 10080
refresh_pattern ^ftp:// 15 20% 43200
refresh_pattern . 15 20% 43200
visible_hostnmae PT. Ryan
acl localip dst 192.168.*.*/255.255.255.0
acl server src 202.138.*.*/255.255.255.240
acl office src 192.168.*.*/255.255.255.0
# acl in accordance with the ip address user
acl admin src 192.168.*.5
acl ryan src 192.168.*.93
. ….. … ………
. ….. … ………
#ff. adjust to the needs
# acl sesuai dengan departemen yang di inginkan
acl sekretaris url_regex -i “/usr/local/etc/squid/sekre”
acl gudang url_regex -i “/usr/local/etc/squid/gudang”
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl ssl_port port 443 563
acl safe_port port 80 21 443 563 70 1025-65535
acl CONNECT method CONNECT
# allow access
http_access allow ryan
http_access allow admin
http_access allow joni gudang
http_access allow nini sekretaris
http_access deny all
miss_access allow office
miss_access allow server
miss_access allow localhost
miss_access allow manager
miss_access deny all
icp_access allow server
icp_access allow office
icp_access allow localhost
icp_access allow manager
icp_access deny all
maximum_single_addr_tries 5
snmp_port 3401
snmp_access allow server
snmp_access allow office
snmp_access allow localhost
snmp_access allow manager
snmp_access deny all
cache_mgr ryandirhamsyah@yahoo.com
memory_pools on
# setting for transparent proxy in squid versi 2.5
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# setting transparent proxy to squid versi 2.6
# ip 192.168.*.* is your local ip
# http_port 192.168.*.*:3128 transparent
logfile_rotate 10
icp_hit_stale off
ie_refresh off
after everything is loaded correctly, then save.
ryan# mkdir /cache; mkdir /cache2
ryan# chown squid:squid /cache
ryan# chown squid:squid /cache2
ryan# /usr/local/sbin/squid –k parse
ryan# /usr/local/sbin/squid –z
ryan# ee /etc/rc.conf
add these lines below:
ipfilter_enable=”YES”
ipnat_enable=”YES”
ipmon_enable=”YES”
ipfs_enable=”YES”
than save.
ryan# ee /etc/ipnat.rules
add the following lines:
rdr xl1 0/0 port 80 -> 192.168.*.* port 3128 tcp
xl1 => is your local ethernet
192 => is your local ip
On how to reconfigure the kernel can be read at
Edit your kernel, here I use the kernel re-compile the results of my own.
ryan# cd /usr/src/sys/i386/compile/kernelryan
ryan# ee GENERIC
add the following lines:
options SYSVMSG
options MSGMNB=8192
options MSGMNI=40
options MSGSEG=512
options MSGSSZ=64
options MSGTQL=2048
Run your Squid!
ryan# /usr/local/sbin/squid –D &
ryan# ee /etc/rc.local
add the following lines to the street when the automatic squid pc glow:
/usr/local/sbin/squid –D &
To ascertain whether the squid has been running well, do check the following:
ryan# ps aux|grep squid
root 542 0.0 2.1 4728 2512 ?? Is 2:04PM 0:00.00 /usr/local/sbin/squid -D
squid 544 0.0 16.3 21700 19928 ?? S 2:04PM 0:49.22 (squid) -D (squid)
squid 550 0.0 0.4 1172 540 ?? Is 2:04PM 0:00.01 (unlinkd) (unlinkd)
squid 551 0.0 0.8 1860 956 ?? Ss 2:04PM 0:01.53 diskd 557056 557057 557058
squid 552 0.0 0.8 1860 936 ?? Ss 2:04PM 0:01.46 diskd 557060 557061 557062
squid 562 0.0 0.9 1520 1060 ?? Ss 2:04PM 0:00.22 (pinger) (pinger)
root 1040 0.0 0.8 1472 976 p0 R+ 4:45PM 0:00.00 grep squid
After that, try using your browser, and enter the url you want, if open means you'vemanaged to have a proxy server on your pc. Congratulations
0 komentar:
Post a Comment