Please Review my Proxy Server

Discussion in 'Installation/Configuration' started by sayurganja, Jul 9, 2012.

  1. sayurganja

    sayurganja New Member

    Hello, please review my proxy setup :)

    I have CentOS 5.4 setup as a Proxy + Squid 2.7 Stable9 (transparent).

    Processor : Intel(R) Pentium(R) D CPU 3.00GHz, 2 cores
    Ram : 1Gb + 512Mb DDR2
    HDD : 250Gb
    Client : 70 user using Windows XP
    IP Setting on client :
    IP Static
    Gateway :
    DNS :

    Modem ADSL :
    eth0 : Internet (
    eth1 : LAN (
    Client :

    The following network topology that I use :
    [B]Modem ADSL[/B] -------- [B][COLOR="Blue"][eth0][/COLOR]CentOS 5.4[COLOR="Red"][eth1][/COLOR][/B] -------- [B]PC Client[/B] 
    and here's my iptables
    here's my squid.conf

    I'm confused, why squid is always TCP_MISS?
    and how to block FTP using IPTables?
  2. TiTex

    TiTex Member

    for the second question , assuming that eth1 is your LAN interface
    iptables -t nat -I PREROUTING -i eth1 -p tcp --dport ftp -j DROP
    this will insert the rule in top of the chain
  3. sayurganja

    sayurganja New Member

    ok thanks, i will try
  4. TiTex

    TiTex Member

    ok :)

    by the way the TCP_MISS it's normal for dynamic pages like (

    this is my squid.conf ... i'm also getting TCP_MISS'es but only for images and dynamic pages because those are not cached

    http_port 8080
    icp_port 0
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_replacement_policy lru
    memory_replacement_policy lru
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log
    emulate_httpd_log on
    log_ip_on_direct on
    redirect_rewrites_host_header on
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern .               0       20%     4320
    acl all src
    acl manager proto cache_object
    acl localhost src
    acl to_localhost dst
    acl SSL_ports port 443 563
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 53          # dns
    acl Safe_ports port 443 563     # https, snews
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl Safe_ports port 5050         # yahoo default port
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    acl lan src
    http_access allow localhost
    http_access allow lan
    http_reply_access allow all
    icp_access allow all
    cache_mgr admin@localhost
    visible_hostname localhost
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    snmp_port 0
    cache_dir ufs /var/spool/squid 1024 16 256
    coredump_dir /var/spool/squid
    http_access deny all
    Last edited: Jul 9, 2012

Share This Page