Scribd Logo
Upload

Welcome to Scribd!

  • Servidor Proxy Transparente Con Squid

    Uploaded by

    Antonio Hopper
    159 views5 pages
    Como instalar un proxy squid en Ubuntu, para compartir internet.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Como instalar un proxy squid en Ubuntu, para compartir internet.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    159 views5 pages

    Servidor Proxy Transparente Con Squid

    Uploaded by

    Antonio Hopper
    Como instalar un proxy squid en Ubuntu, para compartir internet.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Servidor proxy transparente Ubuntu 14.

    04
    Se instalan los siguientes paquetes
    1.-sudo apt-getupdate&& sudo apt-getinstall squid3 dhcp3-server
    2.- ConfigurarSquid est en
    Sudo gedit /etc/squid3/squid.conf

    http_port 192.168.3.1:3128 transparent


    cache_mem512 MB
    cache_swap_low 90
    cache_swap_high 95
    cache_dirufs /var/spool/squid3 2048 16 256
    maximum_object_size1024 KB
    maximum_object_size_in_memory 40 KB
    access_log /var/log/squid3/access.log squid
    cache_log /var/log/squid3/cache.log
    cache_store_log /var/log/squid3/store.log
    pid_filename /var/log/squid3/squid3.pid
    mime_table /usr/share/squid3/mime.conf
    cache_mgr jaifh24@gmail.com
    memory_pools of

    diskd_program /usr/lib/squid3/diskd
    unlinkd_program /usr/lib/squid3/unlinkd
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern (cgi-bin|\?) 0 0% 0
    refresh_pattern . 0 20% 4320
    quick_abort_max 16 KB
    quick_abort_pct 95

    quick_abort_min 16 KB
    request_header_max_size 20 KB
    reply_header_max_size 20 KB
    request_body_max_size 0 KB
    acl manager protocache_object
    acllocalhostsrc 127.0.0.1/32
    aclto_localhostdst 127.0.0.0/8
    acl vlan24 src 192.168.0.0/24
    acl vlan26 src 192.168.100.0/24
    acl vlan28 src 192.168.200.0/24
    acl bloqueados url_regex "/etc/squid3/sitios_bloqueados"
    aclSSL_portsport 443 563
    aclSafe_portsport 80 # http
    aclSafe_portsport 21 # ftp
    aclSafe_portsport 443 563 1863 # https
    aclSafe_portsport 70 # gopher
    aclSafe_portsport 210 # wais
    aclSafe_portsport 1025-65535 # unregisteredports
    aclSafe_portsport 280 # http-mgmt
    aclSafe_portsport 488 # gss-http
    aclSafe_portsport 591 # filemaker
    aclSafe_portsport 777 # multiling http
    acl CONNECT method CONNECT
    http_accessdeny bloqueados
    http_accessallow manager localhost
    http_accessdeny manager
    http_accessdeny !Safe_ports
    http_accessdenyCONNECT !SSL_ports
    http_accessallow vlan24
    http_accessallow vlan26

    http_accessallow vlan28
    cache_mgrwebmaster
    mail_program mail
    cache_efective_user proxy
    cache_efective_group proxy
    httpd_suppress_version_string of
    visible_hostnamezenhulk
    half_closed_clients of
    memory_pools of
    error_directory /usr/share/squid3/errors/Spanish
    Guardamos
    Reiniciamos Squid

    service squid3 restart

    3.- IPTABLES
    Ingresamos a la ruta con terminal
    Cd /etc/init.d/
    Sudo gedit iptables_proxy.sh

    #!/bin/sh
    # IP del servidor SQUID
    SQUID_SERVER="192.168.3.1"
    # Interface conectada a Internet
    INTERNET="eth0"
    # Interface interna
    LAN_IN="eth1"
    # Puerto Squid
    SQUID_PORT="3128"

    # Limpia las reglas anteriores


    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    # Carga los modulos IPTABLES para NAT e IP con soporte conntrack
    modprobeip_conntrack
    modprobeip_conntrack_ftp
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # Politica de filtro por defecto
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    # Acceso ilimitado a loop back
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    # Permite UDP, DNS y FTP pasivo
    iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j
    ACCEPT
    # Establece el servidor como router para la red
    iptables --tablenat --append POSTROUTING --out-interface $INTERNET -j
    MASQUERADE
    iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
    # accesoilimiato a la LAN
    iptables -A INPUT -i $LAN_IN -j ACCEPT
    iptables -A OUTPUT -o $LAN_IN -j ACCEPT
    # Redirige las peticiones de la red interna hacia el proxy
    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to
    $SQUID_SERVER:$SQUID_PORT
    # Redirige la entrada al proxy

    iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --toport $SQUID_PORT


    # Registrar todo
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP

    Guardamos.
    4.-

    Configuracin de dhcp3-server

    Primero hay que especificar la interfaz donde dhcp3-server va a escuchar las


    solicitudes.
    Editamos el archivo /etc/default/dhcp3-serve, en la line:
    INTERFACES="eth1"
    Especificamos la interfaz de escucha, en nuestro caso la eth1.
    Y configuramos los datos de la red en el archivo /etc/dhcp/dhcpd.conf (Borrar
    las configuraciones anteriores):
    subnet 192.168.3.0 netmask 255.255.255.0 {
    optionrouters 192.168.3.1;
    optionsubnet-mask 255.255.255.0;
    optionip-forwarding of;
    optiondomain-name-servers 208.67.222.222, 208.67.220.220;
    rangedynamic-bootp 192.168.3.50 192.168.3.250;
    default-lease-time 21600;
    max-lease-time 43200;
    }
    E iniciamos el servicio DHCP
    sudoserviceisc-dhcp-server restart
    sudoservice squid3 restart

    y reiniciamos el servidor para probar que todo arranque.

    You might also like