Archives pour la catégorie Blog systeme linux et reseaux

Blog systeme linux et reseaux.
Ingénieur en systèmes linux et reseaux.

squid passerelle

squid passerelle

 

squid passerlelle

Configurer et paramétrer une squid  passerelle sans avoir à paramétrer les navigateurs.

squid-fabblog
squid passerelle fabblog

Lorsque qu’une paquet arrive depuis le réseau 192.168.0.0/24 à destinationd’internet il est routé par la passerelle vers la passerelle par default.

Mais notre squid passerelle  n’étant pas un routeur il faut altérer l’adresse d”origine du paquet par l”adresse 192.168.0.20.

 

Routage Routage des paquets http port 80 vers squid passerelle:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Pour tous les clients du réseau 192.168.0.0/24 qui n”ont pas leur navigateur configuré on redirige leurs requêtes http vers squid passerelle.

iptables -t nat -A PREROUTING -p tcp ! -d 192.168.0.0/24 --dport 80 -j DNAT --to-destination 192.168.0.20

 

Configuration squid passerelle

yum install squid

vi /etc/squid/sqquid.conf

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl all src 0.0.0.0/0.0.0.0
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
# Squid listens to port 80
http_port 192.168.0.20:80 transparent
http_port 127.0.0.1:80 transparent
udp_outgoing_address 0.0.0.0
#
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

 

 

 

IP packet forwarding pour

squid passerelle

 

vi /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0