Ubuntu 12.

04 : Install Squid Transparent Proxy How to Set Up Transparent Proxy with Squid3 and dhcp3-server on Ubuntu 12.04 Source : http://www.tuxgarage.com/2011/01/how-to-setup-transparent-proxy-with.html http://www.ubuntugeek.com/setting-up-ubuntu-10-04-lucid-server-with-squid-3-as-a -transparent-proxy.html http://askubuntu.com/questions/143819/how-do-i-configure-my-static-dns-in-interf aces Untuk menjadikan Squid sebagai Transparent Proxy, posisi squid transparent proxy server ini harus sebagai gateway di jaringan (LAN). Berikut ini adalah tutorialnya yang sudah saya edit karena menggunakan Ubuntu 12 .04 (jangan lupa backup dulu semua file konfigurasi yang asli) : Squid is a very well known and vastly used cache proxy server for the common web protocols such as HTTP, HTTPS, FTP and more. It caches frequently accessed web pages and thus reduces bandwidth and response time. Squid is available for almos t all the platforms including Windows. It is open source and available under GNU /GPL. Advantages of setting up Squid as Transparent Proxy include the fact that you do n t need to configure all the machines on your LAN to connect to Squid manually. A ll the traffic would be redirected to the Squid Listening Port automatically and your Ubuntu Box would act like a Router. Follow these steps to set up a Transparent Proxy Server with Squid3 on Ubuntu Lu cid (10.04). 1. Install Ubuntu Lucid Server or Desktop on your computer. Both Server and Desk top editions are capable of doing this job equally well. 2. Change your network interfaces from DHCP to Static. Sebelumnya backup dulu file konfigurasi aslinya : cp /etc/network/interfaces /etc/network/interfaces.asli1 sudo nano /etc/network/interfaces Tip: You can also use gedit instead of nano if you are using Ubuntu Desktop. Delete all the text and paste this text in your interfaces file: auto eth0 iface eth0 inet static address 192.168.6.57 netmask 255.255.255.0 network 192.168.6.0 broadcast 192.168.6.255 gateway 192.168.6.1 dns-nameservers 192.168.6.1 post-up iptables-restore < /etc/iptables.up.rules

auto eth1 iface eth1 inet static address 192.168.2.1 netmask 255.255.255.0 network 192.168.2.0 broadcast 192.168.2.255 Where 192.168.6.57 is the IP address of your WAN interface and 192.168.2.1 is th e IP address of your LAN interface. 3. Install squid3: sudo apt-get install squid3 4. Make a backup of your squid.conf for future reference. Squid.conf has nearly all the options listed and it is recommended to go through that file to know mor e about squid options. sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original 5. Configure squid3. sudo nano /etc/squid3/squid.conf Remove all the text and paste this text in your squid.conf file for a minimal co nfiguration: http_port 3128 transparent acl LAN src 192.168.2.0/24 acl localnet src 127.0.0.1/255.255.255.255 http_access allow LAN http_access allow localnet cache_dir ufs /var/spool/squid3 20000 16 256 Where 192.168.2.0/24 is the range of your LAN interface. The last line in that file is defining a cache directory for squid3 to use. Here , the first number denotes the size of cache in MB, 20 GB in this case. Save and close this file. 6. Restart squid3: sudo /etc/init.d/squid3 restart 7. Edit /etc/sysctl.conf: sudo nano /etc/sysctl.conf In this file, uncomment the lines that enable packet forwarding for IPv4 and IPv 6: net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 Save and close this file. 8. Define IPTABLE rules for port forwarding. sudo nano /etc/iptables.up.rules

Paste this text in the file that opens up: *nat -A PREROUTING -i eth1 -p tcp -m tcp dport 80 -j DNAT to-destination 192.168.2.1:31 28 -A PREROUTING -i eth1 -p tcp -m tcp dport 80 -j REDIRECT to-ports 3128 -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE COMMIT Save and close this file. 9. Edit /etc/rc.local: sudo nano /etc/rc.local Paste this text at the end of the file that opens up: iptables -t nat -A POSTROUTING -s 192.168.2.0/24 Save and close this file. 10. Reboot your server. If you don t want to go to each machine on your Network and configure it for a Sta tic IP, you can use dhcp3-server to assign Dynamic IPs to all the computers on y our LAN and make them forward all there internet traffic to your squid box. 11. Install dhcp3-server: sudo apt-get install dhcp3-server 12. Edit /etc/default/dhcp3-server: sudo nano /etc/default/dhcp3-server Type eth1 in between the quotes in this line: INTERFACES= " > INTERFACES= eth1" o eth0 -j MASQUERADE

Save and close this file. 13. Make a backup of your original /etc/dhcp/dhcpd.conf: sudo cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original 14. Edit /etc/dhcp/dhcpd.conf: sudo nano /etc/dhcp/dhcpd.conf Delete all the text and paste this text in the file that opens up: authoritative; default-lease-time 3600; max-lease-time 3600; option subnet-mask 255.255.255.0; option broadcast-address 192.168.2.255;

option routers 192.168.2.1; option domain-name-servers 8.8.8.8, 8.8.8.4; option domain-name my.domain.name ; subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.3 192.168.2.253; } We are using Google DNS in this example. You can use your own DNS Server if you ve configured one on your network. Save and close this file. Make sure all the cables on your network are plugged in and the devices are powe red on. 15. Start dhcp3-server: /etc/init.d/isc-dhcp-server restart 16. Reboot your server and everything should be working as it should after that. If you want to bind IP addresses permanently to the same machines, see here: http://www.tuxgarage.com/2011/01/how-to-bind-ip-address-to-mac-address.html Enjoy! Tambahan : Untuk mengecek squid log = tail -f /var/log/squid3/access.log About these ads