Professional Documents
Culture Documents
Installation: During installation it is recommended to select MODIFY LATER option. The installation wiill go with minimal packages. After installatio , copy the disc content to some location , say /dvd Configure a repo box in /etc/yum.repos.d/ Write below content in file
[dvd] name = Repo for installation dvd content baseurl=file:///dvd/Server enabled = 1 gpgcheck =0
Now the system is ready. Two ethernet interfaces are required. Configure ip addresses on both the interfaces using setup utility . Disable iptables.
#service iptables stop #chkconfig iptables off
During the installation of squid , it itself configures all the basic required parameters regarding netwok. Find the below line, if not found then add it in the beginning where other similer
acl localnet src 192.168.x.x/24 # your network identifier
By default squid is configured to listen on 3128 . Configure it to listen on other ports , say for port 80.
For doing this , go the the end of the document, locate http_port rule and add the below line there
http_port 80
Now the squid listens on port 3128 and 80, configure all the required port numbers this way.
Now for the web filter, create a file in squid directory (/etc/squid) with any name (say badurl) , and give read permissions to others. Include the urls or domain names you want to filter. Search patterns are also supported for filtering . Write the below configuration in the beginning of acl section. The underlined part is any name.
acl badurl url_regex dstdomain /etc/squid/badurl
The underlined sections above are the names of acls defined earlier in file.
Important : Observe , find and disable all the other access rules which are
allowing local network access ( Example : http_access allow localnet).
Warning:
If the first rule in configuration is denying access , then squid checks for other access rules. But if first rule is allowing access then other filter rules are ignored. We have configured squid to listen on port 3128 and 80. You can configure squid to listen to any port or you can redirect traffic coming on specific port (say 23) to some squid port (say 3128) by using iptables . below is an example
#iptables --table nat --append PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
Squid Logs:
By default logs are stored in /var/log/squid with names access.log and cache.log. Squid has a log rotation utility , which can be used as shown below.
#squid -k rotate #service squid reload
When the above two commands are executed, the old log files are stored with time stamp and squid starts writing to new and empty log file. If you want to rotate files regularly , then add a cron job for above . A little time is required for rotation, so keep time gap between these two commands.
Requirement: It is required to install a cahcing-only name server for better network performance
Installing and configuring a Caching-only Name Server: Use below command to install .
#yum install bind* -y
Then edit the file /etc/named.conf. Do the following Find and disable listen on lines Find and change the line allow-query { x.x.x.x ; ; } . remove th ip address and put keyword any . The line should look like allow-query {any ; ; } Restart the named service and your Caching-Only Name server is ready.
Two ethernet interfaces are required . Configure both the interfaces , one for wan(say eth0 ) and one for lan (say eth1). Add a file named /etc/sysconfig/network-scripts/route-device and add the follwing content for static routing. Observe that the second line is optional
192.168.0.0/255.255.255.0 via 10.0.0.1 192.168.0.x dev eth1
The ip route command shows your route. Configure the iptables for nat and masquerade, use the follwong commands
#iptables -A FORWARD -i eth1 -j ACCEPT #iptables -A FORWARD -o eth1 -j ACCEPT #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE