This is a short guide how to set up a transparent cache proxy on Ubuntu Server. Basically, there are two reasons why you may be interested setting up a Squid proxy: speed up your web access and save your bandwidth. Let assume that you already set up a Linux gateway using iptables. It is possible to run squid also on Windows but unfortunately it is extremely hard to find a hardware on which Windows is able to survive more than one week. Other words, windows is out of scope of this article.
The first step is to install squid 3
apt-get install squid3
edit the squid 3 configuration file in your favorite editor
sudo vi /etc/squid3/squid.conf
and set the transparency and the allowed hosts
http_port 3128 transparent
acl our_networks src 192.168.0.0/24 acl localnet src 127.0.0.1/255.255.255.255http_access allow our_networkshttp_access allow localnetwhere 192.168.0.0/24 is the IP range of local network. Probably you need adjust the swap size
cache_dir ufs /var/spool/squid3 7000 16 256
where the first number denotes the size of cache in megabytes. Save you changes and restart the squid proxy by
sudo /etc/init.d/squid3 restart
For more detailed configuration read the manual of Squid or check the configuration examples on Squid wiki page.
Remember, the memory and processor usage of squid is a function of swap size.
Last but not the least we need to redirect the HTTP traffic to your new shiny proxy
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
where eth1, eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.
After all, probably you feel the need to monitor the performance of your proxy. Unfortunately, most of the squid log parsers in the Ubuntu repository are configured for Squid 2.x. Nevertheless, squid 3 uses the same log format, so you can change the log file path in your parser config file (sarg, calamaris, etd.) or simply link the log directory of squid 3 to the correct path
ln -s /var/log/squid3 /var/log/squid
Good luck!
Sunday, January 27, 2008
Transparent proxy with Squid 3 on Ubuntu server
o 11:53 AM
Subscribe to:
Post Comments (Atom)
13 komentárov:
I'm usiing Squid3 Stable 1 on Ubuntu via apt-get,
transparency it's not working for me no matter what,
but if i'm set manually in web browser, it works like magic,
have you proof it yourself?
thx for yur useful post, sorry my bad english
The POST is updated!
There was an mistyped IP in the proposed configuration. I also added the 127.0.0.1 network between allowed hosts.
Nice guide, but I have a question: did you try to create transparent content filtering using dansguardian ? If you could help me with that question, I'd be very thankfull.
You can read whole description on ubuntu forums: http://ubuntuforums.org/showthread.php?p=6364953#post6364953
You'll want to you use aufs under Linux instead of ufs.
is there a link to know about using iptables to set up a linux machine as a gateway...i use simple ip-forwarding from the networking configuration, to setup the machine as a gateway...no iptables involved...will the squid not work with that?
Thanks for your information, it's usefull. A reader from Taiwan.
Thanks to your Post I now have squid3 working as a proxy server on ubuntu for my windows network. thank you
I followed this to script and it worked beautifully, however Squid3 would not start automatically. I had to add the dns ip addresses to the dns_nameservers entry in the squid.conf file then it started on startup. This was the case even though my resolv.conf config was correct. Thought it might help someone.
Hi I had followed the steps and i still need to enter the proxy server IP.
I want to use an external proxy server 202.75.x.x:62001 to allow all LAN users to access to that proxy server when they browse for advertisement banner.
thanks....
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
error on --to-ports
i'm using ubuntu server..pls help
@ Anonymous: I used this configuration and it works, maybe you mistyped something?
@ Zoltan, thanks for this quick guide, very useful! But i have the same problem Marissa had... No transparency at all. Any hints?
Post a Comment