Part (a)

Configuring Squid for Simple Proxy

I encourage people to install squid from source code. If you want to use squid in transparent way
then install squid with following options
This is to configure Squid with support for transparent proxy
Code:
# enabling the transparent proxy feature during compliation.
./configure --enable-linux-netfilter
# then make
make
# then make install
make install

After installing squid successfully we have to configure squid to work for us.

So open /usr/local/squid/etc/squid.conf and uncomment the options which you requires or use the
following squid.conf and modify it according to your use..
Code:

# Set the maximums size of the object which will be cached.

maximum_object_size 8192 KB

# Set maximum physical RAM to be used for storing objects.

# NOTE: typically squid uses much more RAM then specified so when we said 16 MB then
actually it is using around 25 MB RAM.

cache_mem 16 MB

# use to set where to store cache. here it is /cache of size 2048 MB.
# Here 22 and 256 are used to define directory structure so you don't have to touch it.

cache_dir ufs /cache 2048 22 256

# Here we are disabling cache_store_log as it will only increase disk usage.

# You can enable it anytime by specifying path instead of "none" directive"

cache_store_log none

# Here we are specifying that when we say "all " then it means whole internet.
# Also specifying some required acls.

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

# Here specifying acls for which ports are allowed, which network is allowed to use our proxy .

# Here "your_netwrok" is the name use for your network.

# Change 192.168.0.0/255.255.255.0 to address of your LAN

acl your_network src 192.168.0.0/255.255.255.0

acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
 # Here giving permission for localhost ie this machine to access proxy.

http_access allow manager localhost

http_access deny manager

# Denying access to ports which are not safe

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

# Allowing access to LAN and denying others.

http_access allow your_network

http_access deny all
icp_access allow all
miss_access allow all

# Give the email of your adminstrator which can be contacted if anything goes wrong by the
users.

cache_mgr you@yourdomain.com

# Set here the hostname of your proxy box. You can set anything if don't have any FQDN .

visible_hostname you.yourdomain.com
unique_hostname you.yourdomain.com

# Directive for squid proxy to work also in Transparent mode.

# If not using transparent proxy then you still keep them.

httpd_accel_host vertual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# Set the port which will be used by clients to access squid proxy

http_port 3128

Now you have your squid.conf ready to go. But before running squid run following to initialized the
cache directory
Code:
/usr/local/squid/sbin/squid -z
If it don't give any error then we should move to next step.

Now run squid by (Internet should be already connected)

Code:
/usr/local/squid/sbin/squid

Now see /usr/local/squid/var/logs/cache.log if you see some thing like this..

Code:

2004/01/08 22:48:30| Ready to serve requests.

 2004/01/08 22:48:30| Completed Validation Procedure
2004/01/08 22:48:30| Validated 7002 Entries
2004/01/08 22:48:30| store_swap_size = 63960k
2004/01/08 22:48:31| storeLateRelease: released 0 objects

If you see some thing like above then you have squid configured correctly and it is working.
Now you have squid ready to use.

Note:
To Use squid configure your clients brower to use proxy by setting the ip of proxy server as your
computer's ip running squid and specifying the port as 3128 or other which have changed in
squid.conf . Make sure you add same port for SSL proxy as for HTTP proxy .
Now try to surf the net from client and check /usr/local/squid/var/logs/access.log to see whether
the site you have opened is recored in access.log to make sure your computer is using squid.
It is now all done. I have tried to make it simple and practical but there are various other aspect of
squid which are not covered here. But I hope as you get your squid working then you will
understand them all yourself.

Part (b)
Setting Up squid to run in Transparent Mode
After making sure that your proxy is working fine. You can use transparent proxy if you want to use
it.
To run proxy in Transparent mode add the following lines to your NAT script as I specified here
NAT / internet shaaring how to
Code:
#Transparent proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

And now set your client's browser to not to use the proxy and open a site from client then check the
access.log to see that the site opened by use is redirected to squid or not.
If you are able to open websites and also that is getting logged in access.log then your transparent
proxy is up and working.