• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: Proxy

Pidgin behind proxy (Ubuntu Desktop)

28 Wednesday Dec 2011

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

Pidgin, Proxy, ubuntu

If you face problem to access your google chat from pidgin when you are behind proxy; please do the following settings:

1. Go to Tools > Manage Accounts > Modify Account
2. Go to Advance Tab. Uncheck “Require SSL/TLS” & “Allow plaintext auth over unencrypted streams”. Please check “Force old (port 5223) SSL”
3. Change the connect port to 443
4. Change connect server to “talk.google.com”
5. Go to proxy tab. Select HTTP and put your proxy related information.

How to use apt-get behind proxy server (Ubuntu/Debian) : mypapit gnu/linux blog

21 Tuesday Dec 2010

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

Debian, Proxy, ubuntu

How to use apt-get behind proxy server (Ubuntu/Debian) : mypapit gnu/linux blog

Transparent Squid Proxy Server with WCCP support

11 Thursday Dec 2008

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

cisco, FreeBSD, My Work, Proxy, Squid, Transparent, WCCP

For Squid Proxy with WCCP support we need to recompile the kernel. We need to enable firewall & IP forward option. We use FreeBSD 7.0 as server.

[root@proxy ~]# cd /usr/src/sys/i386/conf
[root@proxy ~]# cp GENERIC to DCOM
[root@proxy ~]# vi DCOM

cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
#ident GENERIC Commented on 29/06/08
ident DCOM #Change the ident name

# To statically compile in device wiring instead of /boot/device.hints#hints “GENERIC.hints”
# Default places to look for devices.
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD

[root@proxy ~]# /usr/sbin/config DCOM
[root@proxy ~]# cd ../compile/DCOM
[root@proxy ~]# make depend
[root@proxy ~]# make
[root@proxy ~]# make install


Reboot the server.
Download the latest stable version of Squid.



[root@proxy ~]# wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE10.tar.gz
[root@proxy ~]# tar –zxvf squid-3.0.STABLE10.tar.gz
[root@proxy ~]# cd squid-3.0.STABLE10
[root@proxy ~]# ./configure —prefix=/usr/local —enable-async-io —enable-icmp —enable-useragent-log —enable-snmp —enable-cache-digests —enable-follow-x-forwarded-for —enable-storeio=”aufs” —enable-removal-policies=”heap,lru” —with-maxfd=16384 —enable-poll —disable-ident-lookups —enable-truncate —exec-prefix=/usr —bindir=/usr/local/sbin —sbindir=/usr/local/sbin —datadir=/usr/local/etc/squid —libexecdir=/usr/local/libexec/squid —enable-external-acl-helpers=ip_user session unix_group wbinfo_group —enable-default-err-language=English —mandir=/usr/local/man —enable-ipfw-transparent ‘i386-portbld-freebsd7.0’ ‘build_alias=i386-portbld-freebsd7.0’ ‘host_alias=i386-portbld-freebsd7.0’ ‘target_alias=i386-portbld-freebsd7.0’ ‘CC=cc’ ‘CFLAGS= -DNUMTHREADS=150 -O2 -fno-strict-aliasing -pipe ’ ‘LDFLAGS=’ ‘CPPFLAGS=’
[root@proxy ~]# make
[root@proxy ~]# make install


Next we need to do some fine tune to our firewall and kernel parameters.


[root@proxy ~]# echo if_gre_load=”YES” > /boot/loader.conf


Add the following lines to the /etc/rc.local


/sbin/ifconfig gre0 plumb
/sbin/ifconfig gre0 link2
/sbin/ifconfig gre0 tunnel 172.16.1.2 172.16.1.1
/sbin/ifconfig gre0 inet 192.192.192.1 192.192.192.2
/sbin/sysctl -w net.inet.icmp.icmplim=50
/sbin/sysctl -w net.inet.tcp.msl=3000
/sbin/sysctl -w kern. =65536
/sbin/sysctl -w kern.maxfiles=32768
/sbin/sysctl -w kern.ipc.somaxconn=8192
/sbin/sysctl -w net.inet.tcp.sendspace=65535
/sbin/sysctl -w net.inet.tcp.recvspace=65535
/sbin/sysctl -w net.inet.udp.recvspace=65535
/sbin/sysctl -w net.local.stream.recvspace=65535
/sbin/sysctl -w net.local.stream.sendspace=65535
/sbin/sysctl -w kern.ipc.nmbclusters=32768
/sbin/sysctl -w kern.ipc.maxsockets=32768
We need to take care of gre0 inet line. Here first IP is the Proxy Server IP and the second IP is the Cisco Router External IP. 192.192.192.1 and 192.192.192.2 are the fake IP used to establish the GRE tunnel.

[root@proxy ~]# echo net.inet.ip.forwarding=1 > /etc/sysctl.conf


Add the following lines to /etc/rc.conf


inetd_enable=”NO”
keymap=”us.iso”
linux_enable=”YES”
router_enable=”YES”
sendmail_enable=”YES”
sshd_enable=”YES”
squid_enable=”YES”
firewall_enable=”YES”
firewall_type=”open”
gateway_enable=”YES”
natd_enable=”YES”


Lastly, add the following lines to /etc/rc.firewall


#!/bin/sh
ipfw -f flush
ipfw add fwd 127.0.0.1,8080 tcp from any to any 80 recv gre0

Reboot the server.

In this point we are done with the installing the proxy and fine tune the firewall parameter. Next we configure the squid proxy server.

Usually squid installed in /usr/local/etc/squid.conf. Backup the original squid.conf file and use the following configuration.

#——-start of squid.conf file———-
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl DCOM src 172.16.0.0/16 # your ip block which are allowed to use the proxy.

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access allow DCOM
http_access deny all
icp_access deny all
htcp_access deny all

http_port 172.16.1.2:8080 transparent
http_port 127.0.0.1:8080 transparent

hierarchy_stoplist cgi-bin ?


cache_mem 100 MB
maximum_object_size_in_memory 50 KB
cache_replacement_policy heap LFUDA
cache_dir ufs /cache 18000 16 256

maximum_object_size 25600 KB
cache_swap_low 90
cache_swap_high 95

access_log /usr/local/var/logs/access.log squid
cache_log /usr/local/var/logs/cache.log
cache_store_log /usr/local/var/logs/store.log

logfile_rotate 10
pid_filename /usr/local/squid/squid.pid
buffered_logs on

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|?) 0 0% 0
refresh_pattern . 0 20% 4320

quick_abort_min 0 KB
quick_abort_max 0 KB

half_closed_clients off
cache_effective_user squid

wccp2_router 172.16.1.1 # Router IP
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0

icp_port 3130log_icp_queries off
dns_nameservers 4.2.2.2
hosts_file /etc/hosts

memory_pools off
client_db off
coredump_dir /cache

#——End of squid.conf file———-
As we are storing the cache in /cache we need to create the folder and change the permission.

[root@proxy ~]# mkdir /cache
[root@proxy ~]# chown squid:squid /cache
[root@proxy ~]# /usr/local/sbin/squid –k
[root@proxy ~]# /usr/local/sbin/squid


At this point our squid is installed. Next we configure the router to forward the HTTP traffic to the proxy server.


core-router# config t
core-router(config)# ip wccp web-cache redirect-list 110
core-router(config)# access-list 110 permit ip any any
core-router(config)# interface FastEthernet1/0
core-router(config-if)# ip wccp web-cache redirect out



Troubleshoot
To check whether we are receiving the http request from the router through GRE tunnel we can use the following syntax.


[root@proxy ~]# tcpdump -nn -i re1 | grep gre-proto
[root@proxy ~]# tcpdump -nn -i gre0 | more


Check the log from tail –f /usr/local/var/log/access.log

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar