• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 721
  • Last Modified:

how to share internet through squid

How can I share internet through squid (Linux 5 Enterprise). There are two ethernet cards in squid machine. DHCP is configured on win server 2008 enterprise. Dont explain such procedure in which I would have to go to every pc for giving proxy in browser.
0
imz-ez
Asked:
imz-ez
  • 14
  • 11
  • 9
  • +1
1 Solution
 
farzanjCommented:
You need to setup what is called a transparent proxy.

This is from my notes, a little old though, so I expect there would be changes on Squid configuration side.
Settings for Transparent Proxy
Uncomment the label http_accel_host virtual where virtual is added.
Uncomment the label http_accel_port 80
Set the label on http_accel_with_proxy on
Set the label to on http_accel_uses_host_header on

Now using iptables command -- (SAMPLE IP tables NAT)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
0
 
farzanjCommented:
0
 
imz-ezAuthor Commented:
Dear Farzanj,
Can u tell me step by step if you dont mind. Actually I am not expert in linux.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
upanwarCommented:
Hi imz-ez,

Is it necessary to have squid proxy only? Is there any specific reason behind this?

Since you are not a Linux guy and if the internet sharing is only concern then I would suggest you to have a look at ipcop and untangle firewall, and install one which you like.

http://www.ipcop.org/

http://www.untangle.com/

These will not only share your internet but also make it secure as well.

These are very easy to setup and manage. Just come as ISO and you need to install it. you can setup them by using there documents no any extra efforst required.

If you are going to setup squid then after some time you would require a content filtering software to stop bad content and you may also require to setup linux firewall, all these would be a challenging task for you.

If you require any further help, Please update.
0
 
farzanjCommented:
My last comment has step by step guide link.

You need to
1.  Your web gateway server--the machine through which every client's web traffic would pass.
2.  Put IP tables rules for NAT, that would force port 80 (apache) to pass through port 3128
3.  Some configuration in your squid.conf file.
0
 
Pierre FrançoisSenior consultantCommented:
I deduce from all the stuff above that:
1. Security is not an issue.
2. emz-ez is not familiar with Linux.
3. He has a Win 2008 server running on his LAN acting as DHCP server but he can't configure it to share an Internet connection.
4. His ISP only allows one computer to access directly the Internet, otherwise his question makes no sense.
5. He has an (Red-Hat?) Entreprise 5 server with two NICs where squid is already installed or can be installed.

From 1, I further deduce that it is not his goal to put the Linux computer as gateway between the LAN and the Internet. If it was the case, as upanwar correctly says, it would be much easier to install something like IPCop for making his network more secure (and forgetting by the way about Win 2008 acting as a DHCP. In that case, squid comes configured right of the box and in 15 minutes, he has a proxy server up and running, sharing the Internet connection and acting even as an Internet accelerator by default.

I would like to know if the Linux server also acts as a server for more applications than only sharing the connection with squid for further help. I would be glad also to have a confirmation of my 5 assumptions above.
0
 
imz-ezAuthor Commented:
pfrancois you are rite. Actually my plan is to share internet , monitor bandwidth and see the logs that which computer are watching which websites and restrictions implementations on websites.
0
 
imz-ezAuthor Commented:
Pfrancois your 5 assumptions are correct.
0
 
Pierre FrançoisSenior consultantCommented:
@imz-ez: I also would like to know if your Linux server runs anything valuable you want to save. If you can miss the server, I advise you to install IPCop (or Untangle or Pfsense) on it instead of Linux Red-Hat Entreprise 5. My intuition is that IPCop is easier to install and to configure than Untangle (which is heavier in terms of CPU power) and Pfsense.

A new element is that you want to limit bandwidth and log Internet activities. You can do all these things with Red-Hat Entreprise, but not right of the box. IPCop is made for that by default. You will need some addons for IPCop.
0
 
imz-ezAuthor Commented:
I have installed ipcop and its just like same as linux. How can i share internet via ipcop?
0
 
upanwarCommented:
Have you configured the Green and Red interface properly at the time of installation to share the internet.

Red: for internat
Green: for Local Network
0
 
Pierre FrançoisSenior consultantCommented:
1. The RED interface of IPCop must be plugged into the modem, the LAN switch must be plugged into GREEN interface.

2. Since your LAN configuration has an own DHCP server (the Windows 2008 server) on the LAN, it is quite sure the RED interface of IPCop must have a static IP address. That static IP address must belong to the same subnet as the modem/router, i.e. the RED subnet.

3. The issue is probably this: the LAN (i.e. the GREEN subnet) and the RED subnet must be different! You have probably 192.168.0.x for both, and that can't work.

4. Your RED subnet (connecting IPCop to the modem/router) could be 192.168.0.x; your GREEN subnet, anything else, v.gr. 192.168.n.x where n > 0 and n < 256; I will suppose the modem/router has 192.168.0.1 as IP address. If this is not the case and you don't understand how to adapt this to your case, write me back providing the IP address of your modem/router.

5. Solution:

a) disable your Win 2008 DHCP server which is the one that introduces settings on whole your LAN that are not suited for connecting through a firewall (incorrect IP range for the LAN, incorrect gateway, ...)

b) setup your modem/router to give a IP address to the RED interface of IPCop through DHCP; if you can't do that, write me back;

c) setup the  RED interface on IPCop to get a dynamic IP address from the router/modem. This will get also the correct DNS server and gateway for IPCop.

d) setup the GREEN interface of IPCop into a range like 192.168.n.x.; you can choose any 192.168.n.x where n > 0 and n < 256. If you are perplex, take n = 1.

Before going further, you will have understand you need separate ranges of IP addresses for RED and GREEN.
0
 
imz-ezAuthor Commented:
Dear pfrancois: I have tried to install ipcop. please tell me which one is red interface. Its written that Green (Red is modem/isdn), Green + Orange (Redi is modem/isdn), Green+Red, Green + Orange + Red
0
 
upanwarCommented:
Red is interface is the Internet Interface and Green is for your Local LAN.

So the interface connected to the Moden/Internet  is Red interface.

Configure your LAN with Green Interface.
0
 
imz-ezAuthor Commented:
Now i have installed with correct setting. Please tell me what should I do now?
0
 
imz-ezAuthor Commented:
upanwar please tell me what should I do now?
0
 
upanwarCommented:
Please give me some time, Since I am in office and busy in a task.
0
 
imz-ezAuthor Commented:
Ok no problem. If u dont mind just txt me ur cell number on my cell. +92-300-5455554
0
 
upanwarCommented:
Please dont mind but I can not share my cell no. but I can chat with on gmail.

panwar.umesh@gmail.com

This URL will help to configure your IPCop.

http://www.ipcop.org/1.4.0/en/install/html/initial-configuration.html
0
 
Pierre FrançoisSenior consultantCommented:
If you have two NICs, you have to choose the configuration RED + GREEN.
A simple way to find which is the RED and which is the GREEN NIC is to look at the output of the command
ifcongif eth0

Open in new window

and
ifconfig eth1

Open in new window

In its output, you will see RX packets and TX packets, which strands for received and transmitted packets. If one of your NIC's is unplugged, the counter of that interface will remained unchanged.
RED is eth1 and GREEN is eth0.
You can also see the output of ifconfig looking at the web interface of IPCop, under: System > Network status.
0
 
Pierre FrançoisSenior consultantCommented:
Sorry for the tipos...
0
 
imz-ezAuthor Commented:
I have configured both the interfaces now plz tell what should I do now? Can I apply restrictions on download and can i see logs like which computer have seen which sites?
0
 
Pierre FrançoisSenior consultantCommented:
I deduce IPCop is up and running. Congratulations.

You have to enable proxy transparent on the green interface and enable the log functionality: go to Services > Proxy and check the three box near "Enabled on Green", "Transparent on Green" and "Log Enabled".

From now, you will see the websites your users visited in the logs. Go to Logs > Proxy logs.

If you want to enable restrictions for the users, you will have to install some add-on like urlfilter. You can download this latter from http://www.urlfilter.net/ 

0
 
imz-ezAuthor Commented:
Can u tell me how can I create pppoe dialer on linux and ipcop?
0
 
imz-ezAuthor Commented:
Will outlook work while using ipcop?
0
 
upanwarCommented:
Since your IPCop has configured as a transparent proxy so it should work.
0
 
Pierre FrançoisSenior consultantCommented:
Obviously. POP, POP2, POP3, POPS, IMAP, IMAPS, SMTP, all all the protocols you can imagine pass through IPCop.
0
 
Pierre FrançoisSenior consultantCommented:
@upanwar: the proxy doesn't affect the mail traffic, only http, https and some other protocols.
0
 
upanwarCommented:
I have used squid proxy and was accessing on port 3128 and outlook express and MS outlook was not working. I have tried to get it fix but no luck so finally I have configured transparent squid proxy and it fixed my issue.

I have done all these two years ago.

One of my friend was facing the same issue and I have suggest him the IPcop to get ride on this issue.

I don't know where to provide proxy IP and port in outlook express, If you now then please let me know.
0
 
Pierre FrançoisSenior consultantCommented:
@upanwar: I never used the proxy in non transparent mode, so I am not able to contradict what you've said, but I am very surprised... Do Outlook Express and MS Outlook use other ports than POP, POP2, POP3, POPS, IMAP, IMAPS and SMTP?
0
 
imz-ezAuthor Commented:
Yesterday I installed squid. My outlook was not working while using squid and its uses ports (smtp 587 and pop3 995) TLS encryption. I tried it both with transparent and non transarent.
0
 
Pierre FrançoisSenior consultantCommented:
What do you mean "I installed squid"? There is already one squid instance running on IPCop. If you install another one, you risk to mess up the settings of IPCop.
0
 
imz-ezAuthor Commented:
I mean I installed linux enterprise 5. One more thing I have tested IPCOP on vmware software and now I am going to install ipcop on machine. Please tell linux should be installed on the system?
0
 
Pierre FrançoisSenior consultantCommented:
OK, if you install squid on Linux Entreprise 5 (you mean probably Linux Red Hat Entreprise 5) you need to configure everything by yourself. On IPCop, squid will work right of the box. There will be no problem with mails.

IPCop actually is a Linux distribution, it is an OS. With other words, you don't need to install IPCop + Linux, you just install IPCop on a computer or a virtual machine. It is wise to have IPCop standing alone on the machine you use as gateway/firewall. The installation process of IPCop wipes the whole hard disk.
0
 
upanwarCommented:
Completely agree with pfrancois.
0
 
imz-ezAuthor Commented:
Thanks dude. You helped me alot and resolved my issue. thanks
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

  • 14
  • 11
  • 9
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now