How to setup Squid as transparent proxy in Ubuntu Server 13.04 with Mikrotik Router OS

[hmtad name=”Adsense Unit 3″ align=”floatright”]

SQUID Proxy Server setup in Ubuntu Server 13.04

First we’ll setup squid in ubuntu server 13.04. It is completely a basic setup without any custom mods.

In this scenario I’ll be using two HDDs.

  • One will be used for OS – 20 GB.
  • Second one will be used for Caching purposes – 40 GB.

Steps:

Firstly we are going to create and initialise our second HDD partition for cache storage.

1. sudo fdisk -l

The above command will report something like:

/dev/sda1 * 1 18709 150280011 83 Linux
/dev/sda2 18710 19457 6008310 5 Extended
/dev/sda5 18710 19457 6008278+ 82 Linux swap / Solaris

But will include a listing for your new drive. If you only see listings for /dev/sda* then your new drive has not been recognized and there is a problem with the physical installation.

2. Once you know where your drive is located (again we’ll use /dev/sdb for our example) it’s time to create a new directory where this drive will be mounted. We are mounting our drive to the directory /data so we’ll create this directory with the following command:

sudo mkdir /data

3. Now let’s make it available to all users:

sudo chmod -R 777 /data

4. With a place to mount the drive, it’s time to format the new drive. The formatting will be done with the command:

sudo mkfs.ext3 /dev/sdb

5. When this is complete you are ready to mount the drive. Before you edit fstab entry (so the drive will be automatically mounted) make sure it can be successfully mounted with the command:

sudo mount /dev/sdb /data

6.If this is successful let’s create an entry in /etc/fstab. open that file with the command

sudo nano /etc/fstab

7. Now add the following entry at the end of that file:

/dev/sdb /data ext3 defaults 0 0

8.Once you save that file, mount the drive (without having to reboot) with the command:

sudo mount -a

9. To make sure the drive mounted successfully issue the command:

df

The above should include in the report:

/dev/sdb   /data

10. If that’s the case, success! You can run one file test by trying to write a file to the new drive with the command:

touch /data/test

If you can write that file all is well.

11. Create a directory for storing cache files.

mkdir /data/cache

12 Now let’s make it available to all users:

chmod -R 777 /data/cache

 

Now, Squid and network setup for ubuntu server 13.04:

1. Ubuntu Server 13.04 Network Configuration :

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.50
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-nameservers 8.8.8.8

auto eth1
iface eth1 inet static
address 192.168.50.50
netmask 255.255.255.0

Here,
eth0 = WAN Interface
eth1 = LAN Interface

2. apt-get install squid

3. nano /etc/squid3/squid.conf

4. Uncomment :

acl localnet src 192.168.0.0/16
http_access localnet

Change :

http_port 8080 transparent
visible_hostname proxy.domain.net
cache_dir ufs /data/cache 800 16 256

5. Save and Exit (Ctrl+O -> Y)

6. nano /etc/rc.local

Add these before exit

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.50.50:8080
route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.50.254 dev eth1

where

eth1=LAN Interface
192.168.50.50 = IP of Squid Proxy Server LAN interface (eth1)
192.168.100.0/24 = Network for LAN users
192.168.50.254 = IP Mikrotik Proxy Interface IP (Squid)

The last line is added so that squid box can access LAN users IP and transfer cached contents to them.

7. Initialise directories.

squid3 -z

8. Execute the following:

/etc/rc.local

9. service squid3 restart

For your reference, you can download my working squid.conf file here.
SQUID with Mikrotik Setup Network Diagram

Mikrotik Setup:

 

[admin@MikroTik] > export
# aug/23/2013 11:06:54 by RouterOS 6.0
# software id 
#
/interface ethernet
set 0 name=LAN
set 1 name=SQUID
set 2 mac-address=00:50:56:31:A4:F0 name=WAN
/ip pool
add name=dhcp_pool1 ranges=192.168.100.200-192.168.100.253
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
/ip address
add address=192.168.0.254/24 interface=WAN network=192.168.0.0
add address=192.168.50.254/24 interface=SQUID network=192.168.50.0
add address=192.168.100.254/24 interface=LAN network=192.168.100.0
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.254,8.8.4.4,8.8.4.4 gateway=192.168.100.254
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-routing chain=prerouting dst-port=80 new-routing-mark=http protocol=tcp
/ip firewall nat
add chain=srcnat dst-port=80 protocol=tcp
add action=masquerade chain=srcnat out-interface=WAN
/ip route
add distance=1 gateway=192.168.50.50 routing-mark=http
add check-gateway=ping distance=1 gateway=192.168.0.1
/tool graphing interface
add

 

After you have finished your setup, execute the following on your squid server to monitor logs:

tail -f /var/log/squid3/access.log

 

To be continued….

Video Tutorial

Enjoyed this post? Share it!