Share Internet with squid & Iptables

Posted in January 13, 2009 ¬ 7:07 amh.Tejas Barot9 Comments »

Hi Friends,

Mr. Kalpesh Patel implement a nice trick to share internet with squid and block website using port redirection.

open your sysctl.conf

vim /etc/sysctl.conf and change line
net.ipv4.ip_forward = 1 (by default its 0)

save & exit from file 

1. Install Squid

yum -y install squid*

2. Edit Squid.conf file 

To Block website apply copy and paste this below lines as per your source network

acl blocksite dstdomain .orkut.com
http_access deny blocksite 

acl our_networks src <your-network>
http_access allow our_networks

vim /etc/squid/squid.conf then search for http_port you will see 3128 by default port there so change it to 8888

save & exit from file

3. service squid restart

4.Now share your internet using iptables by executing following command:-

iptables -t nat -A POSTROUTING -o eth1 < Live-IP-Lan-Card> -j MASQUERADE

5. Now redirect your 80 port to 8888 

iptables -t nat -A PREROUTING -i eth0 (Local-Lan-Card) -p -tcp –dport 80 -j REDIRECT –to-port 8888

Now your Outlook will work directly without doing anything but client will not able to surf block websites which you blocked in squid.

Special thanks to Mr. Kalpesh Patel for implementing this trick.

Share This Post
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • StumbleUpon
  • Twitter
  • email
  • Reddit
  • RSS
  • Technorati
  • Yahoo! Buzz

Fedora 10, Fedora 8, Fedora 9, Linux, Open source, OpenSUSE, RHCE, RHCSS, RHEL (Red Hat Enterprise Linux), Red Hat Certified Engineer, Redhat, Ubuntu, Ubuntu Desktop Edition, Ubuntu Server Edition, VGLUG, , , , , , , , , , , , , , , ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

9 Comments »

 
  • Bruno from Brazil says:
    April 8, 2009 at 10:05 pm

    hi, I just setup thesquid as u said.
    squid.conf:

    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    acl localnet src 192.168.4.0/255.255.255.0 # RFC1918 possible internal network
    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localnet
    http_access allow localhost
    http_access deny all
    icp_access allow localnet
    icp_access deny all
    htcp_access allow localnet
    htcp_access deny all
    http_port 8888
    hierarchy_stoplist cgi-bin ?
    access_log /var/log/squid/access.log squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern (cgi-bin|\?) 0 0% 0
    refresh_pattern . 0 20% 4320
    icp_port 3130
    coredump_dir /var/spool/squid

    eth0 my machine, dinamyc ip = 192.164.254.17 gat 192.168.254.1
    eth2 network behind proxy = 192.168.4.1 gat none
    machine connected to eth2 192.168.4.10 gat 192.168.4.1

    as a test a connects a machine with the proxy with a cross-over cable, machine os windows vista.
    proxy setting 192.168.4.1:8888
    not working
    i got some problemas to redirect the port but i did like this:
    iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8888

    now, everything is fine but not working.
    any ideias??? thanks

  • Tejas Barot says:
    April 9, 2009 at 2:58 pm

    What kind of error you are getting ??

    First check that did you allow 8888 port for your Network from iptables ?

  • Jane Goody says:
    April 22, 2009 at 12:37 pm

    I follow your posts for quite a long time and should tell that your posts are always valuable to readers.

  • Tejas Barot says:
    April 22, 2009 at 2:49 pm

    Thanks a lot…..Keep Reading and do feedback for any mistake or improvements.

  • hari says:
    June 15, 2009 at 4:38 pm

    i using fedora 10.i need to use squid transparent proxy i followed your above tutorial.when i give below command i getting error message.
    iptables -t nat -A PREROUTING -i eth0 (Local-Lan-Card) -p -tcp –dport 80 -j REDIRECT –to-port 8888

    ECT –to-port 8888
    iptables v1.4.1.1: unknown protocol `-tcp’ specified
    Try `iptables -h’ or ‘iptables –help’ for more information.

    please help in this regards.i want transparent proxy in fedora 10

  • Tejas Barot says:
    June 15, 2009 at 6:20 pm

    –tcp-dport 80 , –to-port 8888 having two hyphens are you entering two hyphens or only one?

    You dont need to write (Local-Lan-Card) because its for example… So try this and let me know what happens

    Hope it helps you

  • Rashid Iqbal says:
    June 27, 2009 at 3:27 pm

    hi I am new to this forum.. please help me to setup the squid.. I dont want the transparent…
    users should configure the proxy settings…
    seconly users traffic should redirect to port 3128 after putting the proxy gateway into client mechines.

  • Tejas Barot says:
    June 29, 2009 at 12:04 pm

    Look at some old posts hopefully you will get the solutions.

  • Share Internet with squid & Iptables « All Linux User’s Blog says:
    August 9, 2009 at 10:22 pm

    [...] Click on Below link to Continue Reading at Ask4 IT Solutions ( IT Solutions Provider India) Click on this link to continue reading :- http://blog.ask4itsolutions.com/2009/01/13/share-internet-with-squid-iptables/ [...]

 

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>