Tiny Web Proxy And Content Filtering Appliance On CentOS 6 (Version 1.4)
This small HOWTO will show you how to set up a small virtual machine to speed up and secure your home / small enterprise web surfing network using CentOS 6, Squid 3.1 and QuintoLabs Content Security 1.4 applications deployed in a VMware Virtual Player running on Windows 7 x64 as a host operating system. This howto is targeted at novice users and may sometimes seem too thorough for more advanced gurus.
See previous versions of this HOWTO for examples of creating similar virtual appliances running on Debian 6 or Ubuntu 10.04 Linux.
Step 1. Download and Install CentOS 6
Go to http://www.centos.org and get the latest i386 based ISO image of CentOS 6 (CentOS-6.0-i386-minimal.iso). Although the usual recommended version for a modern server is x64 but as we are trying to create a small virtual machine the i386 will suffice for our purposes.
Start up the VMware Virtual Player and create a new virtual machine with the following hardware parameters: name - virtual-proxy, hard disk - 8Gb. Press the "Customize the hardware" button and delete the floppy, USB controller, printer and sound card, set the amount of memory to 512Mb. Switch the network adapter from "NAT" mode into "Bridged". Point the virtual CDROM to the ISO image that you have downloaded earlier and start the virtual machine.
Follow the steps of the CentOS install wizard mostly accepting the defaults. Configure machine hostname as "proxy" and root password as "[email protected]" (without quotation marks). Now wait a little until the installation is complete and then reboot the system.
Step 2. Perform post install configuration of CentOS
CentOS 6 deployed in VMware Player does not have network subsystem enabled by default. In order to set the static IP address and enable networking we need to modify the scripts located in the /etc/sysconfig/network-scripts. So start the root terminal and open the script file in vi.
NOTE: The provided above settings (IP addresses) are valid for my environment that connects to the ISP using the LinkSys Wireless N Broadband Router (with custom dd-wrt firmware) that has a DHCP server build in that gives out internal IP addresses from the 192.168.1.* private subnet. Your router may give other addresses so please beware :) !
Add these lines to the ifcfg-eth0 file:
BOOTPROTO=static NETMASK=255.255.255.0 IPADDR=192.168.1.4 ONBOOT=yes
Then save the file (ESC + : + wq) and exit vi. Next we need to set the gateway settings in /etc/sysconfig/network configuration file. Open the file...
... and add this line:
Save the file and exit vi. Now we need to set the DNS server settings that are stored in /etc/resolv.conf. Open the file...
... and add the IP address of the DNS server that runs on router:
Now restart your network subsystem by typing
in the root terminal or by just restarting the virtual machine. After restart confirm that the network functions correctly by typing in the terminal (there should not be any errors in the outputs on these commands):
ping -c 3 192.168.1.1
Before we do any further installation it is recommended to update the freshly installed system with the latest security patches that may have come out after ISO has been released. So type in the root terminal and reboot the virtual machine after update completes.
Step 3. Install VMware tools
It is recommended to install VMware tools in a virtual machine to make it perform faster and enable some useful host integration features (like easy click out of the VM and clipboard sharing). As we are building the console only server this might not be a thing of the first priority but still here are the detailed instructions on how to do it.
Select Virtual Machine -> Install VMware Tools from the VMware player interface, wait until VM mounts the virtual ISO disk and type in the root terminal:
mount /dev/cdrom /mnt
cp /mnt/VMwareTools-8.4.6-385536.tar.gz /root
taf -xvf VMwareTools-8.4.6-385536.tar.gz
Follow the installation wizard mostly pressing Enter (i.e. accepting [yes]). Then reboot the VM.
Step 4. Install Squid Web Caching Proxy
Next we need to install the latest version of Squid proxy server. In order to do that type the following in the root terminal
yum install squid
All squid related packages are downloaded from the Internet and installed automatically.
The only thing to do is to let the external users from our home network to access the Squid. Open the Squid configuration file by typing
and add the following line
Also check that http_access allow localnet and acl localnet src 192.168.0.0/16 are present in the config file.
Now make Squid proxy service autostart on system boot by typing
chkconfig squid on
in the command prompt. Reboot your VM or just start squid for the first time manually:
service squid start