Configure the ADSL + Squid + Iptables proxy server in Ubuntu

Source: Internet
Author: User
Tags gopher squid proxy
I. Background: A dual-nic server is installed with javastuserver12.04. The eth0 is empty, eth1 is connected to the LAN, IP192.168.1.1/24, and a Broadband Router is connected first. Ii. Squid3 tries to install the latest Squid3.3 in the source code. If you encounter many problems, you may be too lazy to install it. Use 3.1.19 In the Ubuntu source code. $ Sudoapt-getinstallsquid3 configuration file in/etc/squid3/sq

I. background:

A dual-nic Server is installed with Ubuntu Server 12.04. The eth0 is empty, eth1 is connected to the LAN, IP address, and a Broadband Router is connected first.

Ii. Squid3

Try to install the latest Squid3.3 in the source code. If you encounter many problems, try 3.1.19 In Ubuntu.
$ Sudo apt-get install squid3

The configuration file is in/etc/squid3/squid. conf, this configuration file contains detailed descriptions, a total of more than 5700 lines, back up a copy to study it carefully, and then search from Baidu, Bing, and Google, finally, the configuration file is as follows:
Acl alldst all
Acl manager proto cache_object
Acl localhost src 1
Acl to_localhost dst 1
Acl localnet src # modified
Acl SSL_ports port 443
Acl Safe_ports port 80 # http
Acl Safe_ports port 21 # ftp
Acl Safe_ports port 443 # https
Acl Safe_ports port 70 # gopher
Acl Safe_ports port 210 # wais
Acl Safe_ports port 1025-65535 # unregistered ports
Acl Safe_ports port 280 # http-mgmt
Acl Safe_ports port 488 # gss-http
Acl Safe_ports port 591 # filemaker
Acl Safe_ports port 777 # multiling http

Forwarded_for delete # modified. Otherwise, the remote server receives the HTTP header data (X_Forwarded_for) containing the Intranet IP address)
Acl_uses_indirect_client on
Delay_pool_uses_indirect_client on

Http_access allow manager localhost
Http_access deny manager
Http_access deny! Safe_ports
Http_access deny CONNECT! SSL_ports
Http_access allow localnet # modified
Http_port 3128 # modified

Cache_mem 1024 MB # set the condition on your own.
Maximum_object_size_in_memory 2048 KB # maximum memory cache object.
Cache_dir ufs/opt/cache 200000 16 256 #/opt is an independent partition with 240 GB allocated for cache.

Logformat custcommon %> a [% tl] % 3> Hs % 8 Access_log/var/log/squid3/access. log custcommon

# Logformat squid % ts. % 03tu % 6tr %> a % Ss/% 03> Hs % # Access_log/var/log/squid3/access. log squid
# The default log format is modified here to facilitate reading.
# Original format 1361289819.737 21 TCP_DENIED/403 4295 GET
# New lattice [21/Feb/2013: 13: 29: 45 + 0800] 200 13813 TCP_MISS: direct get "" image/gif

# Add any of your own refresh_pattern entries above these.
Refresh_pattern ^ ftp: 1440 20% 10080
Refresh_pattern ^ gopher: 1440 0% 1440
Refresh_pattern-I (/cgi-bin/| \?) 0 0% 0
Refresh_pattern (Release | Packages(.gz) *) $0 20%
# Example lin deb packages
# Refresh_pattern (\. deb | \. udeb) $129600 100%
Refresh_pattern. 0 20% 4320

Intranet Firefox sets proxy 3128 the Internet is normal!


1. Install and set
$ Sudo apt-get install pppoe

Remove the Broadband Router and connect the broadband CAT directly to eth0.
$ Sudo pppoeconf
When you enter the wizard installation mode, the answer is yes, especially when the automatic connection is started, and then fill in the broadband user name and password, the ADSL connection is set up. Instructions for manual management of ADSL are as follows:

$ Ifconfig ppp0 # view the ADSL connection status
$ Sudo pon dsl-provider # connect to ADSL manually
$ Sudo poff # manually disconnect ADSL
$ Sudo plog # view the ADSL connection log. Only the last connection is displayed.

2. DNS
DNS settings can be set to get from ISP in the pppoeconf wizard. If you prefer to set your own DNS
$ Sudo vi/etc/resolv. conf

3. network interface. Note: The content starting with auto dsl-provider is added by the pppoeconf Wizard:
$ Cat/etc/network/interfaces
# This file describes the network interfaces available on your system
# And how to activate them. For more information, see interfaces (5 ).

# The loopback network interface
Auto lo
Iface lo inet loopback

Auto eth1
Iface eth1 inet static
# Gateway

Auto dsl-provider
Iface dsl-provider inet ppp
Pre-up/sbin/ifconfig eth0 up # line maintained by pppoeconf
Provider dsl-provider

Auto eth0
Iface eth0 inet manual

4. Automatic redial of ADSL disconnection. Find the following lines in the/etc/ppp/options file:
# Do not exit after a connection is terminated; instead try to reopen
# The connection.
# Persist

Remove "#" before # persist, try to disconnect ADSL, restart the network, unplug the ADSL network cable, and then plug in again for a moment. ADSL will be reconnected soon. Is this time ,,, a little long.


Iv. Iptables

Iptables is installed in Ubuntu, but iptables is not started by default, and iptables is not set as a service like RHEL/CentOS. Copy an iptables configuration file from Centos and modify the file as follows:
# Copied from Centos6
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
-A input-m state -- state ESTABLISHED, RELATED-j ACCEPT
-A input-p icmp-j ACCEPT
-A input-I lo-j ACCEPT
-A input-m state-s -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT # Only allow intranet connection to ssh
-A input-m state-s -- state NEW-m tcp-p tcp -- dport 3128-j ACCEPT # Only allow intranet connection to the proxy service
-A input-j REJECT -- reject-with icmp-host-prohibited
-A forward-j REJECT -- reject-with icmp-host-prohibited

Edit the network configuration file and add a sentence to the configuration file of the corresponding Nic.
Pre-up iptables-restore/etc/iptables
My configuration is as follows:
$ Sudo vi/etc/network/interfaces

Auto dsl-provider
Iface dsl-provider inet ppp
Pre-up/sbin/ifconfig eth0 up # line maintained by pppoeconf
Pre-up iptables-restore/etc/iptables
Provider dsl-provider

Restart the network
$ Sudo/etc/init. d/networking restart

Test with nmap:
Before configuring iptables
Nmap scan report for
Host is up (0.25 s latency ).
Not shown: 992 closed ports
22/tcp open ssh
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1025/tcp filtered NFS-or-IIS
1434/tcp filtered ms-SQL-m
4444/tcp filtered krb524

Nmap scan report for
Host is up (0.48 s latency ).
Not shown: 999 filtered ports
113/tcp closed auth

Nmap scan report for
Host is up (0.00022 s latency ).
Not shown: 998 filtered ports
22/tcp open ssh
3128/tcp open squid-http

Intranet Firefox sets proxy 3128 the Internet is normal!

Next, try transparent proxy ~~~~~


Configure Squid proxy http and rsync

Linux Firewall iptables detailed explanation of usage rules

Squid: high-speed Web Access

CentOS 6.2 compilation and installation Squid configuration reverse proxy server

Simple configuration of Squid proxy and reverse proxy

CentOS 6.4 DNS + Squid + Nginx + MySQL to build a high availability Web Server

Squid: Click here
Squid: Click here

For more information about Ubuntu, see Ubuntu special page Tid = 2

This article permanently updates the link address: Http://

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.