Sunday, April 1, 2012

Setup Squid Proxy Server + Mikrotik RB750G

Got a year old ASUS Eee PC 1015PEM laid around doing nothing.
Download Ubuntu Server 11.10 32bit and installed on the netbook.

Follow the these video to have a good understanding of squid proxy setup.

Install & Configure Squid Proxy Server in Ubuntu - 1/3 Beginner
Install & Configure Squid Proxy Server in Ubuntu - 2/3 Beginner
Install & Configure Squid Proxy Server in Ubuntu - 3/3 Beginner

Connect to internet and download the squid application
sudo apt-get install squid3

Backup copy of the original squid configuration file.
sudo cp -p /etc/squid3/squid.conf /etc/squid3/squid.conf.ori

use vi to edit squid.conf
sudo vi /etc/squid3/squid.conf

To block websites
acl block_websites dstdomain
http_access deny block_websites

View the log
sudo tail -f /var/log/squid3/access.log

After you've finished editing the configuration file, you can start Squid for the first time. First, you must create the swap directories. Do this by running Squid with the -z option:

sudo /etc/init.d/squid3 stop
sudo mkdir /squid_cache
sudo chown -R proxy:proxy /squid_cache

sudo squid3 -z

sudo /etc/init.d/squid3 start

Once that completes, you can start Squid and try it out. Probably the best thing to do is run it from your terminal and watch the debugging output. Use this command:

sudo squid3 -NCd1

If everything is working fine, then your console displays: "Ready to serve requests".
Squid service command
sudo service squid3 stop,status,start,restart
sudo pkill -9 squid

Mikrotik firewall rule
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=ether2-local-master protocol=tcp to-addresses= to-ports=3128

https setup (1)

https_port 3129 transparent key=/etc/squid3/ssl/squid3.key cert=/etc/squid3/ssl/squid3.crt
sudo mkdir /etc/squid3/ssl
cd /etc/squid3/ssl/
sudo openssl genrsa -des3 -out squid3.key 1024
sudo openssl req -new -key squid3.key -out squid3.csr
sudo cp -p squid3.key
sudo openssl rsa -in -out squid3.key
sudo openssl x509 -req -days 365 -in squid3.csr -signkey squid3.key -out squid3.crt
https setup (2) 
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der 

 To use the Malware Block List on a Squid proxy to block user access to URLs that contain Malware you need to perform the following simple steps:

* Download the block list:
      wget -O - > malware_block_list.txt

* Create an ACL in the main configuration file (squid.conf) pointing to a file which will have the list URLs:
      acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"

* Enable the ACL created previously:
      http_access deny malware_block_list
      deny_info malware_block_list

* Force Squid reconfiguration:
      squid -k reconfigure
 awk '!/^\ *#/&&(length > 0)' /etc/squid3/squid.conf


  1. Appreciate...... great job, very nice everything step by step

  2. I really appreciate this blog and I will sure promote this blog to others in my circle.
    access Bomb-mp3 in UK

  3. is the worlds leading publisher of native acl blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more. Our adult blacklist contains over 1.1 million domains, we have unique blacklists that you will not find any other place.

    There is room for better blacklists, we intend to fill that gap.

    It would be our pleasure to serve you.


    Benjamin E. Nichols

  4. WOW!! Very informative blog and useful article. Please visit this site if you want more detail
    access Bomb-mp3 in UK