Configure the adsl + squid + iptables proxy server in Ubuntu

Configure adsl + squid + iptables proxy Server in Ubuntu 1. Background: A dual Nic Server in www.2cto.com, Ubuntu Server 12.04 is installed, eth0 is empty, eth1 is connected to Lan, IP address 192.168.1.1/24, connect to the Broadband Router first. Ii. Squid3 tries to install the latest Squid3.3 in the source code. If you encounter many problems, you may be too lazy to install it. Use 3.1.19 In the Ubuntu source code. $ Sudo apt-get install squid3 configuration file in/etc/squid3/squid. conf, this configuration file contains detailed descriptions, a total of more than 5700 lines, back up a copy to study it carefully, and then search from Baidu, Bing, and Google, finally, the configuration file: acl alldst dst allacl manager proto cache_objectacl localhost src 127.0.0.1/32: 1acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 :: 1acl localnet src 192.168.1.0/16 # modified acl SSL_ports port 443acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsac L export port 70 # export Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # export portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl safe_port 777 # multiling httpacl CONNECT method CONNECT forwarded_for delete # after modification, otherwise, the remote server will receive the HTTP header data (X_Forwarded_for) acl_uses_indirect_client ondelay_pool_uses_indi containing the Intranet IP address. Rect_client on http_access allow manager localhosthttp_access deny managerhttp_access deny! Safe_portshttp_access deny CONNECT! SSL_portshttp_access allow localnet # The modified http_port 192.168.1.1: 3128 # The modified cache_mem 1024 MB # depends on the situation. Maximum_object_size_in_memory 2048 KB # maximum memory cache object. Cache_dir ufs/opt/cache 200000 16 256 #/opt is an independent partition with 240 GB allocated for cache. Coredump_dir/var/spool/squid3 logformat custcommon %> a [% tl] % 3> Hs % 8 <st % Ss: % Sh % rm "% ru" % mtaccess_log/var/log/squid3/access. log custcommon # logformat squid % ts. % 03tu % 6tr %> a % Ss/% 03> Hs % <st % rm % ru % un % Sh/% <A % mt # access_log/var/log/squid3/ access. log squid # The default log format is modified here to facilitate reading. # Original format 1361289819.737 21 192.168.1.100 TCP_DENIED/403 4295 GET (English) http://askubuntu.com/tags-NONE/-text/html # new format 192.168.1.100 [21/Feb/2013: 13: 29: 45 + 0800] 200 13813 TCP_MISS: direct get"
"Image/gif # Add any of your own refresh_pattern entries above these. refresh_pattern ^ ftp: 1440 20% 1440 10080refresh_pattern ^ gopher: 0% 1440refresh_pattern-I (/cgi-bin/| \?) 0 0% 0refresh_pattern (Release | Packages(.gz) *) $0 20% 2880 # example lin deb packages # refresh_pattern (\. deb | \. udeb) $129600 100% 129600refresh_pattern. 0 20% 4320 Intranet Firefox sets proxy 192.168.1.1: 3128 the Internet is normal! Iii. PPPOE 1. install and set $ sudo apt-get install pppoe to remove the Broadband Router and connect the broadband CAT directly to eth0. $ Sudo pppoeconf in The Wizard installation mode, the answer is yes, especially when the automatic connection is started, and then fill in the broadband user name and password, the ADSL connection is set up. Instructions for manual management of ADSL: $ ifconfig ppp0 # view the ADSL connection status $ sudo pon dsl-provider # manually connect to ADSL $ sudo poff # manually disconnect ADSL $ sudo plog # view the ADSL connection log, only the last connection is displayed. 2. Set dnsdns in the pppoeconf Wizard to be obtained from the ISP. If you prefer to set your own DNS, $ sudo vi/etc/resolv. confnameserver 8.8.8.8 3. network interface. Note: The content starting with auto dsl-provider is added by the pppoeconf wizard: $ cat/etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. for more information, see interfaces (5 ). # The loopback network interfaceauto loiface lo inet loopback auto eth1iface eth1 inet stat Ic address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 # gateway 192.168.1.254 dns-Zookeeper dnd-search domain.com auto dsl-provideriface dsl-provider inet ppppre-up/sbin/ifconfig eth0 up # line timeout by pppoeconfprovider dsl-provider auto eth0iface eth0 inet manual 4. Automatic redial of ADSL disconnection, find the following lines in the/etc/ppp/options file # Do not exit after a connection is terminate D; instead try to reopen # the connection. # Remove persist # Remove "#" before persist. Try to disconnect ADSL, restart the network, unplug the ADSL Network, and then plug in again. ADSL will be connected again soon, does it take a long time. 4. Iptables is installed in iptables Ubuntu, but iptables is not started by default, and iptables is not set as a service like RHEL/Centos. Copy an iptables configuration file from Centos and modify the file as follows: # Copied from Centos6 # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. * filter: input accept [0: 0]: forward accept [0: 0]: output accept [0: 0]-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT-A INPUT-p icmp-j ACCEPT-A INPUT-I lo-j ACCEPT-A INPUT-m state-s 192.168.1.0/24 -- state NEW-m Tcp-p tcp -- dport 22-j ACCEPT # Only allow intranet connection to ssh-a input-m state-s 192.168.1.0/24 -- state NEW-m tcp-p tcp -- dport 3128- j ACCEPT # Only allow intranet connection to the proxy service-a input-j REJECT -- reject-with icmp-host-prohibited-a forward-j REJECT -- reject-with icmp-host-prohibitedCOMMIT Edit network configuration file, add a pre-up iptables-restore/etc/iptables statement to the configuration file of the corresponding Nic. My configuration is as follows: $ sudo vi/etc/network/interfaces auto dsl-provideriface dsl-provider inet p Pppre-up/sbin/ifconfig eth0 up # line maintained by pppoeconfpre-up iptables-restore/etc/iptablesprovider dsl-provider restart the network $ sudo/etc/init. d/networking restart test with nmap: Nmap scan report for 113.227.36.81Host is up (0.25 s latency) before iptables is configured ). not shown: 992 closed portsPORT STATE SERVICE22/tcp open ssh135/tcp filtered msrpc139/tcp filtered netbios-ssn445/tcp filtered microsoft-ds593/tcp filtered Http-rpc-epmap1025/tcp filtered NFS-or-IIS1434/tcp filtered ms-sql-m4444/tcp filtered krb524 after Nmap scan report for 113.227.56.137Host is up (0.48 s latency ). not shown: 999 filtered portsPORT STATE SERVICE113/tcp closed auth Nmap scan report for 192.168.1.1Host is up (0.00022 s latency ). not shown: 998 filtered portsPORT STATE SERVICE22/tcp open ssh3128/tcp open squid-http Intranet Firefox sets proxy 192.168.1.1: 3 128 normal internet access!