Servidor de proxy com
squid3
Instalando e
configurando squid3 com cache no Ubuntu 12.04
1º Configure o ip fixo
no servidor squid
#
vim /etc/network/interface
address 192.168.1.150
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
2º Instale o squid3
#
apt-get install squid3
3º Crie um pasta onde
vai ficar os arquivos de bloqueio e liberação
#
mkdir /etc/squid3/acl
4º Crie os arquivos
de bloqueio e liberarção
#
touch /etc/squid3/acl/bloqueados.txt
#
touch /etc/squid3/acl/ipliberados.txt
# touch /etc/squid3/acl/dominios.txt
5º Crie os diretório
onde vai ficar o cache do squid
#
mkdir /var/spool/squid3/cache_squid3
6º Mude o dono dos
diretório e aquivos criado
#
chown proxy.proxy /var/spool/squid3/cache_squid3/
#
chown proxy.proxy /etc/squid3/acl/
#
chown proxy.proxy /etc/squid3/acl/ipliberados.txt
#
chown proxy.proxy /etc/squid3/acl/bloqueados.txt
# chown proxy.proxy /etc/squid3/acl/dominios.txt
# chown proxy.proxy /etc/squid3/acl/dominios.txt
7º Renomeie arquivo
original do squid e vamos cria outro
#
mv /etc/squid3/squid.conf /etc/squid3/squid.conf-original
#
touch /etc/squid3/squid.conf
8º
Copie as linha abaixo para o squid.conf onde acabemos de criar e salve
#####################################
# squid.conf #
# SQUID3 NO UBUNTU #
#####################################
http_port 3128 transparent
visible_hostname USER_RESPONSABILIDADE_PORQUE_E_DE_TODOS
cache_swap_low 196
cache_swap_high 128
cache_mem 256 MB
coredump_dir /var/spool/squid3
cache_dir ufs /var/spool/squid3 1048 16 256
cache_dir aufs /var/spool/squid3/cache_squid3/1 3000 150 300
cache_dir aufs /var/spool/squid3/cache_squid3/2 3000 150 300
cache_dir aufs /var/spool/squid3/cache_squid3/3 3000 150 300
access_log /var/log/squid3/access.log
access_log /var/log/squid3/cache.log
detect_broken_pconn on
pipeline_prefetch on
acl ip_liberados src "/etc/squid3/acl/ipliberados.txt"
acl sites dstdomain "/etc/squid3/acl/dominios.txt"
acl bloqueados url_regex "/etc/squid3/acl/bloqueados.txt"
http_access allow ip_liberados
http_access deny bloqueados
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
maximum_object_size 101 MB
minimum_object_size 1 KB
quick_abort_pct 0
strip_query_terms on
acl manager proto cache_object
acl localhost src 127.0.0.1/32 192.168.1.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
cache_mgr MAIL@gmail.com
error_directory /usr/share/squid3/errors/pt-br
hierarchy_stoplist cgi-bin ?
# squid.conf #
# SQUID3 NO UBUNTU #
#####################################
http_port 3128 transparent
visible_hostname USER_RESPONSABILIDADE_PORQUE_E_DE_TODOS
cache_swap_low 196
cache_swap_high 128
cache_mem 256 MB
coredump_dir /var/spool/squid3
cache_dir ufs /var/spool/squid3 1048 16 256
cache_dir aufs /var/spool/squid3/cache_squid3/1 3000 150 300
cache_dir aufs /var/spool/squid3/cache_squid3/2 3000 150 300
cache_dir aufs /var/spool/squid3/cache_squid3/3 3000 150 300
access_log /var/log/squid3/access.log
access_log /var/log/squid3/cache.log
detect_broken_pconn on
pipeline_prefetch on
acl ip_liberados src "/etc/squid3/acl/ipliberados.txt"
acl sites dstdomain "/etc/squid3/acl/dominios.txt"
acl bloqueados url_regex "/etc/squid3/acl/bloqueados.txt"
http_access allow ip_liberados
http_access deny bloqueados
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
maximum_object_size 101 MB
minimum_object_size 1 KB
quick_abort_pct 0
strip_query_terms on
acl manager proto cache_object
acl localhost src 127.0.0.1/32 192.168.1.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
cache_mgr MAIL@gmail.com
error_directory /usr/share/squid3/errors/pt-br
hierarchy_stoplist cgi-bin ?
9º
Coloque as palavra onde os squid vai broquear
Exmp:
facebook
youtube
porno
10º
aqui você vai colocar os ip que vai ser liberado
Exmp:
192.168.1.100
# chefe
192.168.1.105
# amigo
11º
restarte o squid e De o comando par criar o cache
#
/etc/init.d/squid3 restart
#
squid3 -z
#
/etc/init.d/squid3 restart
Se
não de nem um erro estart tudo ok
tem o este comando te mostra o erro do squid
# squid -z
Regras para quem tem dua placa de rede
# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
NAT DA REDE - COMPARTILHAMENTO DE CONEXAO
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# echo 1 > /proc/sys/net/ipv4/ip_forward
salve no rc.local esta lina para condo reiniciar não ter que fazer de novo
vim /etc/rc.local
iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
