martes, 21 de diciembre de 2010

Squid server proxy WL-TCOM S.A.

CONFIGURACION EN UBUNTU
scorer@Server:~$ sudo gedit /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet static
address 192.168.1.254
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1
mtu 1492
auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
#gateway 192.168.1.1
dns-nameservers 192.168.1.1
mtu 1492
------------------------------------------------------------------------------
scorer@Server:~$ sudo gedit /etc/squid/squid.conf
#    WELCOME TO SQUID 2.6.STABLE18
#    ----------------------------
# NETWORK OPTIONS
http_port 3128 transparent
visible_hostname scorer
cache_mem 512 MB
cache_dir ufs /var/spool/squid 60000 16 256
cache_access_log /var/log/squid/access.log
minimum_object_size 0 KB
maximum_object_size 10000 KB
cache_swap_low 90
cache_swap_high 95
#
# ACCESS LIST
acl all src all
acl red_local src 192.168.0.0/24
acl localhost src 127.0.0.0/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443        # https
acl SSL_ports port 563        # snews
acl SSL_ports port 873        # rsync
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 631        # cups
acl Safe_ports port 873        # rsync
acl Safe_ports port 901        # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#
# RULES LIST
#
http_access allow localhost
http_access allow red_local
----------------------------------------------------------------------------------
scorer@Server:~$ sudo gedit /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
sudo sh -c 'echo 1 > /proc/sys(net/ipv4/ip_forward'
sudo iptables -t nat -A POSTROUTING --jump MASQUERADE --source 192.168.0.0/24
#Transparent Squid
sudo iptables -t nat -A PREROUTING  -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
exit 0
------------------------------------------------------------------------------
scorer@Server:~$ sudo gedit /etc/resolv.conf
### BEGIN INFO
#
# Modified_by:  NetworkManager
# Process:      /usr/bin/NetworkManager
# Process_id:   4550
#
### END INFO
nameserver 200.48.225.130
nameserver 200.48.225.146
nameserver 192.168.1.1
-------------------------------------------------------------------------------
scorer@Server:~$ sudo -i
[sudo] password for scorer:
root@Server:~# cd /var/log/squid/
root@Server:/var/log/squid# tail -f access.log cache.log
==> access.log <==
sudo