logIt Log Around The Clock

Basic squid In A Gateway

This trial is done in a RedHat (RHEL 5.2) inside VirtualBox. The required squid package is using squid-3.0.STABLE13-1.el5.i386.rpm. Two interfaces is configured in this box as shown in the following NAT masquerading which build a simple router at 192.168.40.40 (eth1) :

1
2
3
4
5
6
7
8
WAN=wan0
LAN=eth1
IPTABLES=/sbin/iptables
 
$IPTABLES --flush                         # Flush all the rules in filter and nat tables
$IPTABLES --table nat --flush
$IPTABLES --delete-chain                  # Delete all chains that are not in default filter and nat table
$IPTABLES --table nat --delete-chain

the real script is just two command line below:

1
2
$IPTABLES --table nat --append POSTROUTING --out-interface $WAN -j MASQUERADE
$IPTABLES --append FORWARD --in-interface $LAN -j ACCEPT

Default route gateway is wan0 and /etc/resolv.conf is edited with relevant DNS. Internet works perfectly and then after squid is installed, I use the following /etc/squid.conf :

1
2
3
4
5
6
visible_hostname mithrandir
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
cache_access_log /var/log/squid/access.log
acl intranet src 192.168.40.0/24
http_access allow intranet

It is pretty straightforward and simple, a listening proxy 192.168.40.40 in port 3128. It is also a router to the internet, NAT, via wan0.


Leave a Reply