Sunday, April 1, 2012

Setup Squid Proxy Server + Mikrotik RB750G


Got a year old ASUS Eee PC 1015PEM laid around doing nothing.
Download Ubuntu Server 11.10 32bit and installed on the netbook.
http://www.ubuntu.com/download/server/download

Follow the these video to have a good understanding of squid proxy setup.

Install & Configure Squid Proxy Server in Ubuntu - 1/3 Beginner 
http://youtu.be/LnBG_LEvvVw
Install & Configure Squid Proxy Server in Ubuntu - 2/3 Beginner 
http://youtu.be/gXVvmQuEiIs
Install & Configure Squid Proxy Server in Ubuntu - 3/3 Beginner 
http://youtu.be/cFgnP2FZZ_k

Connect to internet and download the squid application
sudo apt-get install squid3

Backup copy of the original squid configuration file.
sudo cp -p /etc/squid3/squid.conf /etc/squid3/squid.conf.ori

use vi to edit squid.conf
sudo vi /etc/squid3/squid.conf


 
To block websites
acl block_websites dstdomain .msn.com .yaho.com
http_access deny block_websites

View the log
sudo tail -f /var/log/squid3/access.log

After you've finished editing the configuration file, you can start Squid for the first time. First, you must create the swap directories. Do this by running Squid with the -z option:

sudo /etc/init.d/squid3 stop
sudo mkdir /squid_cache
sudo chown -R proxy:proxy /squid_cache


sudo squid3 -z

sudo /etc/init.d/squid3 start



Once that completes, you can start Squid and try it out. Probably the best thing to do is run it from your terminal and watch the debugging output. Use this command:

sudo squid3 -NCd1

If everything is working fine, then your console displays: "Ready to serve requests".
Squid service command
sudo service squid3 stop,status,start,restart
sudo pkill -9 squid

Mikrotik firewall rule
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=80 in-interface=ether2-local-master protocol=tcp to-addresses=192.168.3.100 to-ports=3128

https setup (1)

https_port 3129 transparent key=/etc/squid3/ssl/squid3.key cert=/etc/squid3/ssl/squid3.crt
 
sudo mkdir /etc/squid3/ssl
cd /etc/squid3/ssl/
sudo openssl genrsa -des3 -out squid3.key 1024
sudo openssl req -new -key squid3.key -out squid3.csr
sudo cp -p squid3.key squid3.key.org
sudo openssl rsa -in squid3.key.org -out squid3.key
sudo openssl x509 -req -days 365 -in squid3.csr -signkey squid3.key -out squid3.crt
 
https setup (2) 
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der 
 

 To use the Malware Block List on a Squid proxy to block user access to URLs that contain Malware you need to perform the following simple steps:

* Download the block list:
      wget -O - http://malware.hiperlinks.com.br/cgi/submit?action=list_squid > malware_block_list.txt

* Create an ACL in the main configuration file (squid.conf) pointing to a file which will have the list URLs:
      acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"

* Enable the ACL created previously:
      http_access deny malware_block_list
      deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list

* Force Squid reconfiguration:
      squid -k reconfigure
 
 awk '!/^\ *#/&&(length > 0)' /etc/squid3/squid.conf

4 comments:

  1. Appreciate...... great job, very nice everything step by step

    ReplyDelete
  2. I really appreciate this blog and I will sure promote this blog to others in my circle.
    access Bomb-mp3 in UK

    ReplyDelete
  3. Squidblacklist.org is the worlds leading publisher of native acl blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more. Our adult blacklist contains over 1.1 million domains, we have unique blacklists that you will not find any other place.

    There is room for better blacklists, we intend to fill that gap.


    It would be our pleasure to serve you.

    Signed,

    Benjamin E. Nichols
    http://www.squidblacklist.org

    ReplyDelete
  4. WOW!! Very informative blog and useful article. Please visit this site if you want more detail
    access Bomb-mp3 in UK

    ReplyDelete