Please Review my Proxy Server

Discussion in 'Installation/Configuration' started by sayurganja, Jul 9, 2012.

  1. sayurganja

    sayurganja New Member

    Hello, please review my proxy setup :)

    I have CentOS 5.4 setup as a Proxy + Squid 2.7 Stable9 (transparent).

    Processor : Intel(R) Pentium(R) D CPU 3.00GHz, 2 cores
    Ram : 1Gb + 512Mb DDR2
    HDD : 250Gb
    Client : 70 user using Windows XP
    IP Setting on client :
    IP Static
    Gateway : 192.168.0.10
    DNS : 192.168.2.10

    Modem ADSL : 192.168.2.10
    eth0 : Internet (192.168.2.20)
    eth1 : LAN (192.168.0.10)
    Client : 192.168.0.0/24

    The following network topology that I use :
    Code:
    [B]Modem ADSL[/B] -------- [B][COLOR="Blue"][eth0][/COLOR]CentOS 5.4[COLOR="Red"][eth1][/COLOR][/B] -------- [B]PC Client[/B]
    and here's my iptables
    here's my squid.conf

    I'm confused, why squid is always TCP_MISS?
    and how to block FTP using IPTables?
     
    sayurganja, Jul 9, 2012
    #1
  2. TiTex

    TiTex Member

    for the second question , assuming that eth1 is your LAN interface
    Code:
    iptables -t nat -I PREROUTING -i eth1 -p tcp --dport ftp -j DROP
    this will insert the rule in top of the chain
     
    TiTex, Jul 9, 2012
    #2
  3. sayurganja

    sayurganja New Member

    ok thanks, i will try
     
    sayurganja, Jul 9, 2012
    #3
  4. TiTex

    TiTex Member

    ok :)

    by the way the TCP_MISS it's normal for dynamic pages like (http://www.howtoforge.com/forums/showthread.php?p=28178)

    this is my squid.conf ... i'm also getting TCP_MISS'es but only for images and dynamic pages because those are not cached

    Code:
    http_port 8080
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_replacement_policy lru
memory_replacement_policy lru
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
log_ip_on_direct on
redirect_rewrites_host_header on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 53          # dns
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 5050         # yahoo default port
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.1.0/24
http_access allow localhost
http_access allow lan
http_reply_access allow all
icp_access allow all
cache_mgr admin@localhost
visible_hostname localhost
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
snmp_port 0
cache_dir ufs /var/spool/squid 1024 16 256
coredump_dir /var/spool/squid
http_access deny all
     
    Last edited: Jul 9, 2012
    TiTex, Jul 9, 2012
    #4

Share This Page