Installing Squid (2.6 stable18) on Ubuntu Server 8.04

dual-homed host
net—fw/squid—local

localNet- 192.168.0.0/24
eth0 – net
eth1 – local

1. Install the Ubuntu
a. partition : use entire disk
b. addition : dns server, openSSH server, lamp (install this if you wanna use webmin later on)

2. Connect to internet
– re-setting the ip
sudo vi /etc/network/interfaces

dhcp :
auto eth0
iface eth0 inet dhcp

static :
auto eth0
iface eth0 inet static
address x.x.x.x
network x.x.x.0
netmask 255.255.255.0
broadcast x.x.x.255
gateway x.x.x.x

3. update current repository to local (faster download for some cases).
a. backup original sources list
sudo mv /etc/apt/sources.list sources.list.asli
b. write new sources.list
sudo vi /etc/apt/sources.list
c. write these :
deb http://kambing.ui.ac.id/ubuntu hardy main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu hardy-updates main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu hardy-security main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu hardy-backports main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu hardy-proposed main restricted universe multiverse
d. update the repository
sudo apt-get update

4. install apache (only if you meant to use webmin, not necessary if you have lamp installed)

5. install webmin
a. web
http://www.webmin.com/
b. download
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.530_all.deb
c. install
sudo dpkg –install webmin_1.530_all.deb
d. install dependencies
sudo apt-get -f install
e. additional info
login at: https://ipaddress:10000/ dengan login dan pass root. update jika diperlukan.
6. Install ClamAV and ClamAV-freshclam
a. install
sudo apt-get install clamav clamav-freshclam

7. install dan cofiguring squid (2.6 stable18)
a. install
sudo apt-get install squid
b. configure squid
backup
sudo mv /etc/squid/squid.conf squid.conf.asli
replace with new one (the one i use : http://shortText.com/f0qbwuiaoh)
sudo vi /etc/squid/squid.conf
c. additional configuration
# sudo cd /usr/local/squid/var/ ========> cache dir (could be somewhere else, look your squid.conf)
# sudo mkdir cache
# sudo chown root:root cache
# sudo chown root:root logs
# sudo chmod 777 cache
# sudo chmod 777 logs

8. iptables
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport  80 -j DNAT –to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

#8 is too complicated for me. not that i dont want to understand, i just dont wanna make myself understand.
right at this moment, your squid is usable. its not transparent yet, but you can use it by setting up the proxy manually from your browser.
to make it transparent, we need to set the iptables, redirect the port 80 to 3128. lets use shorewall to make it easy, shall we?

9. Shorewall
a. install shorewall (4.0.6)
sudo apt-get install shorewall
b. shorewall files
– config file
file2 config shorewall ada di direktori : /etc/shorewall/*
– default files could be found here :
file2 shorewall ada di /usr/share/doc/shorewall-common/default-config/
you could just copy all inside that directory :
sudo cp /usr/share/doc/shorewall-common/default-config/* /etc/shorewall
or just these important files :
zones, interfaces, policy, masq dan rules
d. edit those files
– /etc/shorewall/zones
fw      firewall
net     ipv4
loc     ipv4
– /etc/shorewall/interfaces
net     eth0            detect
loc     eth1            detect
– /etc/shorewall/policy
fw      all     ACCEPT
loc     all     ACCEPT
net     all     DROP    info
all     all     REJECT  info
– /etc/shorewall/masq
eth0    eth1
– /etc/shorewall/rules
ACCEPT  loc     loc     icmp
ACCEPT  loc     loc     tcp
ACCEPT  loc     loc     udp
ACCEPT  loc     fw      icmp
ACCEPT  loc     fw      udp
ACCEPT  loc     fw      tcp
ACCEPT  loc     net     icmp
ACCEPT  loc     net     udp
ACCEPT  loc     net     tcp
ACCEPT  fw      loc     icmp
ACCEPT  fw      loc     tcp
ACCEPT  fw      loc     udp
ACCEPT  fw      fw      icmp
ACCEPT  fw      fw      udp
ACCEPT  fw      fw      tcp
ACCEPT  fw      net     icmp
ACCEPT  fw      net     udp
ACCEPT  fw      net     tcp
REDIRECT        loc     3128    tcp     80

10. voila, you’re done!

tambahan :
basic vi command : http://www.cs.colostate.edu/helpdocs/vi.html
or use nano.

Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: