SQUID PROXY DEBIAN UNDER MIKROTIK ROUTER

Posted: June 4, 2012 in Linux

Setting IP Mikrotik

To see interface NIC

[admin@MikroTik] > interface print

Flags: D – dynamic, X – disabled, R – running, S – slave

# NAME TYPE MTU

0 R PFSense ether 1500

1 R NetZap ether 1500

2 R LAN ether 1500

IP WAN :

[admin@MikroTik] > ip address

[admin@MikroTik] /ip address> add address=172.16.1.30/24 interface=PFSense

IP LAN :

[admin@MikroTik] /ip address> add address=10.10.10.1/24 interface=LAN


Open Mikrotik Configuration with WinBox

Check Interface

clip_image002

Check IP after you assign

clip_image003

Seting Routing

clip_image005

Setting Firewall NAT

clip_image007

Setting DNS

clip_image008

Configuration SQUID

http_port 8080 transparent

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin ?

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

cache_mem 256 MB

cache_swap_high 96

cache_swap_low 94

maximum_object_size 2048 KB

minimum_object_size 64 KB

maximum_object_size_in_memory 64 KB

ipcache_size 2048

ipcache_low 90

ipcache_high 95

fqdncache_size 2048

cache_dir ufs /var/spool/squid 15000 34 256

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

ftp_user admin@gmail.com

dns_nameservers 10.10.10.1

hosts_file /etc/hosts

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

negative_ttl 1 minute

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 # https

acl SSL_ports port 563 # snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl Safe_ports port 3389 # RDP

acl Safe_ports port 5900 # VNC

acl Safe_ports port 7071 # zimbra admin

acl Safe_ports port 8333 # HTTPS VM

acl Safe_ports port 8222 # HTTP VM

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl localhost src 10.10.10.10 255.255.255.0

http_access allow localhost

acl Local src 10.10.10.1-10.10.10.99/255.255.255.255

acl sex dstdomain "/etc/squid/porno.txt"

acl porn url_regex -i "/etc/squid/ktporno"

http_access deny sex

http_access deny porn

http_access allow Local

http_access deny all

http_reply_access allow all

icp_access allow all

cache_mgr admin@yahoo.com

cache_effective_user squid

cache_effective_group squid

visible_hostname proxy.squid

acl local-servers dstdomain domain.com

cache deny QUERY

always_direct allow local-servers

coredump_dir /var/spool/squid

Create User Group Squid

groupadd squid

useradd squid -g squid -d /dev/null -s /etc/shells

debian:/var/spool# chown squid:squid squid/

debian:/var/log# chown squid:squid squid/

Setting Iptables

debian:/etc/squid# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j DNAT –to-destination 10.10.10.10:8080

Save Iptables:

debian:/etc/squid# iptables-save > /etc/iptables.conf

debian:/etc/squid# echo "iptables-restore < /etc/iptables.conf" >> /etc/network/if-up.d/iptables

debian:/etc/squid# chmod 755 /etc/network/if-up.d/iptables

debian:/etc/squid# nano /etc/network/if-up.d/iptables

#!/bin/sh

iptables-restore < /etc/iptables.conf

echo 1 > /proc/sys/net/ipv4/ip_forward

Result Transparent Proxy When User Access Internet

clip_image010

CMIIW, Thanks J

Leave a Reply

Your email address will not be published. Required fields are marked *