miércoles, 24 de febrero de 2016
Proxy de squid3
Primero abrimos el terminal de Ubuntu e instalamos squid3 con estas ordenes:
sudo apt-get install squid3 -y
sudo netstat -pluny | grep 3128
sudo service squid3 start
sudo gedit /etc/squid3/squid.conf y hacemos una copia de seguridad del original por si acaso
en el apartado de ALL TYPES hay que configurarlo mas o menos en las lineas 600-900
CONFIGURACION RECOMENDADA PRIMERA
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#Set ai1
acl ai1 src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
#Add related http_access before localhost
http_access allow ai1
http_access allow localhost
# Squid normally listens to port 3128
http_port 3128
#Setup cache
cache_dir ufs /var/cache/squid 10000 16 256
cache_mem 600 MB
cache_swap_low 70
cache_swap_high 85
maximum_object_size 32768 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
#Add visible_hostname if you need
visible_hostname ai1pc100.ai1.local
SEGUNDA CONFIGURACION RECOMENDADA
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install squid3 -y
sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
sudo chmod a-w /etc/squid3/squid.conf.original
sudo gedit /etc/squid3/squid.conf
# WELCOME TO SQUID 3.3.8
# ----------------------------
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl ai1 src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
http_access allow ai1
# And finally deny all other access to this proxy
http_access deny all
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
# TAG: http_port
# Usage: port [mode] [options]
# hostname:port [mode] [options]
# 1.2.3.4:port [mode] [options]
#
# Squid normally listens to port 3128
http_port 3128
sudo service squid3 start
[sudo] password for profes:
squid3 start/running, process 18260
sudo service squid3 status
squid3 start/running, process 18260
Suscribirse a:
Enviar comentarios (Atom)
No hay comentarios:
Publicar un comentario