squid 2.7.STABLE9 + TPROXY-4.1

install squid 2.7.STABLE9 + TPROXY-4.1 di ubuntu 10.04

Posted: juni 12, 2012 in 

tweaking dulu system ubuntu anda1. tweaking limit open file & ip forwardingCode:echo "* soft nofile 65535" >> /etc/security/limits.confecho "* hard nofile 65535" >> /etc/security/limits.confecho "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.confecho "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

2. install build essential & libcap-devCode:apt-get install build-essentialapt-get install libcap-dev

setelah itu selesai semua barulah kita install squid1. download squid2.7.STABLE9 & patchCode:wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE9.tar.gzwget http://www.visolve.com/squid/tproxy4/squid-2.7s9-tproxy-4.patch

2. extract & patch squidCode:tar -zxvf squid-2.7.STABLE9.tar.gzcd squid-2.7.STABLE9patch -p1 < ../squid-2.7s9-tproxy-4.patch

3. compile & install squidCode:./configure '--prefix=/usr/local/squid' \'--enable-async-io=24' \'--enable-storeio=ufs,aufs,null,diskd' \'--enable-auth=basic' \'--enable-err-languages=English' \'--disable-ident-lookups' \'--disable-cache-digests' \'--enable-follow-x-forwarded-for' \'--enable-delay-pools' \'--enable-http-violations' \'--enable-arp-acl' \'--with-maxfd=65535' \'--enable-linux-netfilter' \'--enable-linux-tproxy' \'--with-libcap'makemake install

option2 diatas optional bisa ditambah/dikurangi pake option2 yang anda inginkan4. di squid.conf anda tambahkan option ini pada bagianCode:http_port 8080 tansparent tproxymax_filedescriptors 65535

baris ke2 optional, nilai defaultnya 10245. setting iproute2 & iptables untuk intercepting tproxy (transparent proxy)Code:ip rule add fwmark 1 lookup 100ip route add local 0.0.0.0/0 dev lo table 100

iptables -t mangle -N DIVERTiptables -t mangle -A DIVERT -j MARK --set-mark 1iptables -t mangle -A DIVERT -j ACCEPTiptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERTiptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080

jalankan squid seperti biasa