Configuring DSL Connection and Squid Proxy Server

Dear Expert,

1. I have already a DSL 128kbps connection running on Windows XP. I like to run it on Linux Server machine. Please let me know how to configure it. I tried from the network wizard and having xDSL configure option. It is activated and on booting shows "OK" status. But i am not able to open any site in Mozilla or any other browser. I checked the Preference of the Browser, it's all ok. Please give me solution

2. I also want to make this linux server machine an internet proxy server. Please let me know how to configure the squid or any other proxy server on it.

I am using a Windows 2000 network with Win2K Domain Controller and Win2k Prof & WinXP as Clients.

Thanx
Sher Singh Rawat
shersinghrawatAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ranadastidarCommented:
dear friend i can give u detail idea of how to configure squid proxy server and also how to configure your DSL

1 For DSL configuration

Run the adsl-setup configuration script
 
[root@bigboy network-scripts]# adsl-setup
 
It will prompt you for your ISP username, the interface to be used (eth0) and whether you want to the connection to stay up indefinitely. We'll use defaults wherever possible.
 
Welcome to the ADSL client setup.  First, I will run some checks on
your system to make sure the PPPoE client is installed properly...
 
LOGIN NAME
 
Enter your Login Name (default root): bigboy-login@isp
 
INTERFACE
 
Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0):
 
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped.  If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses.  You might have some problems with demand-activated links.
Enter the demand value (default no):
 
It will then prompt you for your DNS server information. This step edits your /etc/resolv.conf file. If you're running BIND on your server in a caching DNS mode then you might want to leave this option blank. If you want your ISP to provide the IP address of its DNS server automatically then enter the word server.
Please refer to Chapter 18 for more information on BIND and DNS.
 
DNS
 
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses', enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here:
 
The script will then prompt you for your ISP password
 
PASSWORD
 
Please enter your Password:
Please re-enter your Password:
 
Then it will ask whether you want regular users (not superuser root) to be able to activate/deactivate the new ppp0 interface. This may be required if non-root members of your family or home office need to get access to the Internet:
 
USERCTRL
 
Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes):
 
The rp-pppoe package has two sample iptables firewall scripts located in the /etc/ppp directory named firewall-standalone and firewall-masq. They are very basic and don't cover rules to make your Linux box a web server, DNS server, or mail server. I'd recommend selecting none and using a variant of the basic script samples in Chapter 14, or the more comprehensive one found in the Appendix.
 
FIREWALLING
 
Please choose the firewall rules to use.  Note that these rules are
very basic.  You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security.  If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc.  If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
 
The firewall choices are:
0 - NONE: This script will not set any firewall rules.  You are responsible
          for ensuring the security of your machine.  You are STRONGLY
          recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
                for a LAN
Choose a type of firewall (0-2): 0
 
You'll then be asked whether you want the connection to be activated upon booting. Most people would say yes.
 
Start this connection at boot time
 
Do you want to start this connection at boot time?
Please enter no or yes (default no):yes
 
Just before exiting, you'll get a summary of the parameters you entered and the relevant configuration files will be updated to reflect your choices when you accept them:
 
** Summary of what you entered **
 
Ethernet Interface: eth0
User name:          bigboy-login@isp
Activate-on-demand: No
DNS:                Do not adjust
Firewalling:        NONE
User Control:       yes
Accept these settings and adjust configuration files (y/n)? y
 
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
  (But first backing it up to /etc/ppp/chap-secrets.bak)
  (But first backing it up to /etc/ppp/pap-secrets.bak)
 
At the very end it will tell you the commands to use to activate /deactivate your new ppp0 interface and to get a status of the interface's condition.
 
Congratulations, it should be all set up!
 
Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.
 
Note: This example recommends using the adsl-status command with the name of the PPPoE interface configuration file. This command defaults to show information for interface ppp0, and therefore listing the ifcfg-ppp0 filename won't be necessary in most home environments.
 
After you have completed installing rp-pppoe you should be able to access the Internet over your DHCP DSL connection as expected.
 


For Squid configuration

Download and Install The Squid Package
Most RedHat Linux software products are available in the RPM format. Downloading and installing RPMs isn't hard. If you need a refresher, Chapter 6, "Installing RPM Software," provides details. It is best to use the latest version of Squid.
Starting Squid
Use the chkconfig configure Squid to start at boot::
 
[root@bigboy tmp]# chkconfig squid on
 
Use the service command to start, stop, and restart Squid after booting:
 
[root@bigboy tmp]# service squid start
[root@bigboy tmp]# service squid stop
[root@bigboy tmp]# service squid restart
 
You can test whether the Squid process is running with the pgrep command:
 
[root@bigboy tmp]# pgrep squid
 
You should get a response of plain old process ID numbers.
The /etc/squid/squid.conf File
The main Squid configuration file is squid.conf, and, like most Linux applications, Squid needs to be restarted for changes to the configuration file can take effect.
The Visible Host Name
Squid will fail to start if you don't give your server a hostname. You can set this with the visible_hostname parameter. Here, the hostname is set to the real name of the server bigboy.
 
visible_hostname bigboy
 
Access Control Lists
You can limit users' ability to browse the Internet with access control lists (ACLs). Each ACL line defines a particular type of activity, such as an access time or source network, they are then linked to an http_access statement that tells Squid whether or not to deny or allow traffic that matches the ACL.
Squid matches each Web access request it receives by checking the http_access list from top to bottom. If it finds a match, it enforces the allow or deny statement and stops reading further. You have to be careful not to place a deny statement in the list that blocks a similar allow statement below it. The final http_access statement denies everything, so it is best to place new http_access statements above it
Note: The very last http_access statement in the squid.conf file denies all access. You therefore have to add your specific permit statements above this line. In the chapter's examples, I've suggested that you place your statements at the top of the http_access list for the sake of manageability, but you can put them anywhere in the section above that last line.
Squid has a minimum required set of ACL statements in the ACCESS_CONTROL section of the squid.conf file. It is best to put new customized entries right after this list to make the file easier to read.
Restricting Web Access By Time
You can create access control lists with time parameters. For example, you can allow only business hour access from the home network.
 
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
 
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow home_network business_hours
 
Or, you can allow morning access only:
 
#
# Add this to the bottom of the ACL section of squid.conf
#
acl mornings time 08:00-12:00
 
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow mornings
 
 
Restricting Web Access By IP Address
You can create an access control list that restricts Web access to users on certain networks. In this case, it's an ACL that defines a home network of 192.168.1.0.
 
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.1.0/255.255.255.0
 
You also have to add a corresponding http_access statement that allows traffic that matches the ACL:
 
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow home_network
 
Password Authentication Using NCSA
You can configure Squid to prompt users for a username and password. Squid comes with a program called ncsa_auth that reads any NCSA-compliant encrypted password file. You can use the htpasswd program that comes installed with Apache to create your passwords. Here is how it's done:
1.      Create the password file. The name of the password file should be /etc/squid/squid_passwd, and you need to make sure that it's universally readable
 
[root@bigboy tmp]# touch /etc/squid/squid_passwd
[root@bigboy tmp]# chmod o+r /etc/squid/squid_passwd
 
2.      Use the htpasswd program to add users to the password file. You can add users at anytime without having to restart Squid. In this case, you add a username called www:
 
[root@bigboy tmp]# htpasswd /etc/squid/squid_passwd www
New password:
Re-type new password:
Adding password for user www
[root@bigboy tmp]#
 3.      Locate your ncsa_auth file using the rpm command.
 
[root@bigboy tmp]# rpm -ql squid | grep ncsa
/usr/lib/squid/ncsa_auth
[root@bigboy tmp]#
 
4.      Edit squid.conf; specifically, you need to define the authentication program in squid.conf, which is in this case ncsa_auth. First, create an http_access entry that allows traffic that matches a special ACL entry called ncsa_users. Next, create the ACL named ncsa_users with the REQUIRED keyword that forces Squid to use the NCSA auth_param method you defined. Here's a simple user authentication example.
 
#
# Add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
 
#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED
 
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users
 
This requires password authentication and allows access only during business hours.
 
#
# Add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
 
#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED
acl business_hours time M T W H F 9:00-17:00
 
 
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users business_hours
 
Remember to restart Squid for the changes to take effect.
Forcing Users To Use Your Squid Server
If you are using access controls on Squid, you may also want to configure your firewall to allow only HTTP Internet access to only the Squid server. This forces your users to browse the Web through the Squid proxy.
Making Your Squid Server Transparent To Users
It is possible to limit HTTP Internet access to only the Squid server without having to modify the browser settings on your client PCs. This called a transparent proxy configuration. It is usually achieved by configuring a firewall between the client PCs and the Internet to redirect all HTTP (TCP port 80) traffic to the Squid server on TCP port 3128, which is the Squid server's default TCP port.
The examples below are based on the discussion of Linux iptables in Chapter 14, "Linux Firewalls Using iptables." Additional commands may be necessary for you particular network topology.
In both cases below, the firewall is connected to the Internet on interface eth0 and to the home network on interface eth1. The firewall is also the default gateway for the home network and handles network address translation on all the network's traffic to the Internet.
Only the Squid server has access to the Internet on port 80 (HTTP), because all HTTP traffic, except that coming from the Squid server, is redirected.
If the Squid server and firewall are the same server, all HTTP traffic from the home network is redirected to the firewall itself on the Squid port of 3128.
 
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
         -j REDIRECT --to-ports 3128
iptables -A OUTPUT -j ACCEPT -m state --state NEW -o eth0 \
         -p tcp --dport 80
 
If the Squid server and firewall are different servers, all HTTP traffic from the home network except from the Squid server at IP address 192.168.1.100 is redirected to the Squid server on the Squid port of 3128.
 
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
         -j DNAT --to 192.168.1.100:8080 -s ! 192.168.1.100/32
iptables -A OUTPUT -j ACCEPT -m state --state NEW -o eth0 \
         -p tcp --dport 80
 
You will also need to make a few transparent proxy modifications to your squid.conf file.
 
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
 
 
Manually Configuring Web Browsers To Use Your Squid Server
If you don't have a firewall that supports redirection, then you need to configure your firewall to only accept HTTP Internet access from the Squid server, as well as configure your PC browser's proxy server settings manually to use the Squid server. The method you use depends on your browser.
For example, to make these changes using Internet Explorer
 
1.      Click on the "Tools" item on the menu bar of the browser.
2.      Click on "Internet Options"
3.      Click on "Connections"
4.      Click on "LAN Settings"
5.      Configure with the address and TCP port (3128 default) used by your Squid server.
 
Here's how to make the same changes using Mozilla or Firefox.
 
1.      Click on the "Edit" item on the browser's menu bar.
2.      Click on "Preferences"
3.      Click on "Advanced"
4.      Click on "Proxies"
5.      Configure with the address and TCP port (3128 default) used by your Squid server under "Manual Proxy Configuration"
Squid Disk Usage
Squid uses the /var/spool/squid directory to store its cache files. High usage squid servers need a large amount of disk space in the /var partition to get optimum performance.
Every webpage and image accessed via the Squid server is logged in the /var/log/squid/access.log file. This can get quite large on high usage servers. Fortunately, the logrotate program automatically purges this file.
Troubleshooting Squid
Squid logs both informational and error messages to files in the /var/log/squid/ directory. It is best to review these files first whenever you have difficulties.
Another source of errors could be unintended statements in the squid.conf file that cause no errors; mistakes in the configuration of hours of access and permitted networks that were forgotten to be added are just two possibilities.
By default, Squid operates on port 3128, so if you are having connectivity problems, you'll need to follow the troubleshooting steps in Chapter 4, "Simple Network Troubleshooting," to help rectify them.
Note: Some of Squid's capabilities go beyond the scope of this book, but you should be aware of them. For example, for performance reasons, you can configure child Squid servers on which certain types of content are exclusively cached. Also, you can restrict the amount of disk space and bandwidth Squid uses.


or u can read this articles

http://www.linuxsolved.com/forums/ftopic115.html

give me the feedback.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.