Please Review my Proxy Server

Discussion in 'Installation/Configuration' started by sayurganja, Jul 9, 2012.

  1. sayurganja

    sayurganja New Member

    Hello, please review my proxy setup :)

    I have CentOS 5.4 setup as a Proxy + Squid 2.7 Stable9 (transparent).

    Processor : Intel(R) Pentium(R) D CPU 3.00GHz, 2 cores
    Ram : 1Gb + 512Mb DDR2
    HDD : 250Gb
    Client : 70 user using Windows XP
    IP Setting on client :
    IP Static
    Gateway : 192.168.0.10
    DNS : 192.168.2.10

    Modem ADSL : 192.168.2.10
    eth0 : Internet (192.168.2.20)
    eth1 : LAN (192.168.0.10)
    Client : 192.168.0.0/24

    The following network topology that I use :
    Code:
    [B]Modem ADSL[/B] -------- [B][COLOR="Blue"][eth0][/COLOR]CentOS 5.4[COLOR="Red"][eth1][/COLOR][/B] -------- [B]PC Client[/B] 
    and here's my iptables
    here's my squid.conf

    I'm confused, why squid is always TCP_MISS?
    and how to block FTP using IPTables?
     
  2. TiTex

    TiTex New Member

    for the second question , assuming that eth1 is your LAN interface
    Code:
    iptables -t nat -I PREROUTING -i eth1 -p tcp --dport ftp -j DROP
    this will insert the rule in top of the chain
     
  3. sayurganja

    sayurganja New Member

    ok thanks, i will try
     
  4. TiTex

    TiTex New Member

    ok :)

    by the way the TCP_MISS it's normal for dynamic pages like (http://www.howtoforge.com/forums/showthread.php?p=28178)

    this is my squid.conf ... i'm also getting TCP_MISS'es but only for images and dynamic pages because those are not cached

    Code:
    http_port 8080
    icp_port 0
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_replacement_policy lru
    memory_replacement_policy lru
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log
    emulate_httpd_log on
    log_ip_on_direct on
    redirect_rewrites_host_header on
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern .               0       20%     4320
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 53          # dns
    acl Safe_ports port 443 563     # https, snews
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl Safe_ports port 5050         # yahoo default port
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    acl lan src 192.168.1.0/24
    http_access allow localhost
    http_access allow lan
    http_reply_access allow all
    icp_access allow all
    cache_mgr admin@localhost
    visible_hostname localhost
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    snmp_port 0
    cache_dir ufs /var/spool/squid 1024 16 256
    coredump_dir /var/spool/squid
    http_access deny all
    
     
    Last edited: Jul 9, 2012

Share This Page