Step by Step Squid Proxy Installation on Untangle
Overview:-
Hardware Requirement:-
http://wiki.untangle.com/index.php/Hardware_Requirements
Resource | Processor | Memory | Hard Drive | NICs |
Minimum | Intel/AMD-compatible Processor (800+ Mhz) | 512 MB | 20 GB | 2 |
1-50 Users | Pentium 4 equivalent or greater | 1 GB | 80 GB | 2 or more |
51-150 Users | Dual Core | 2 GB | 80 GB | 2 or more |
151-500 Users | 2 or more Cores | 2 or more GB | 80 GB | 2 or more |
501-1500 Users | 4 Cores | 4 GB | 80 GB | 2 or more |
1501-5000 Users | 4 or more Cores | 4 or more GB | 80 GB | 2 or more |
I am using normal desktop machine with 4GB Ram, 2 NIC & 250 GB Hard Drive.
Untangle Install Steps:-
- Install Untangle from CD or ISO image file on VMware ESX or on a physical machine. Physical machine is always preferred for Untangle. Untangle installation is straight forward follow below steps to install untangle,
1) Begin by starting your computer with the Untangle Install CD inserted.
2) If after a couple minutes you do not see the Choose Language screen, you may need to instruct your computer to boot from the CD drive.
3) Follow the steps in the wizard.
4) When the Installation is complete, the system will reboot. Remember to remove the CD. You are ready to begin configuring Untangle.
- Edit below file & comment first line to install APPS on Untangle.
vi /etc/apt/sources.list.d/untangle.list
Also disable the automatic updates on 6.2 version (go to http://yourproxy config?Upgrades?Upgrade Setup?Do not automatically install upgrades.)
To enable ssh on untangle follow below steps,
rm /etc/ssh/sshd_not_to_be_run
/etc/init.d/ssh start
- Install WEBMIN
Increase the APT cache
echo 'APT::Cache-Limit 30000000;' >| /etc/apt/apt.conf
Backup the Original sources.list
cp /etc/apt/sources.list /etc/apt/sources.list.orig
Create List Repository Debian Lenny
vi /etc/apt/sources.list
deb http://ftp.debian.org/debian lenny main contrib non-free
deb http://security.debian.org lenny/updates main contrib non-free
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
deb http://www.backports.org/debian lenny-backports main contrib non-free
deb http://download.webmin.com/download/repository sarge contrib
Clean & Update Apt Cache
apt-get clean
apt-get update
apt-get install webmin
Start Webmin
/etc/init.d/webmin start
Confirm Webmin is listening on TCP port 10000
lsof -i | grep webmin
Webmin install completed. You can now login to https://yourproxy:10000/
Configure a packet filter for webmin (Packet Filter)
Login to admin page, click on CONFIG, NETWORKING. At the top right click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After ADVANCED mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Click on the EDIT icon and make your screen match the following:
Login to admin page, click on CONFIG, NETWORKING. At the top right click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After ADVANCED mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Click on the EDIT icon and make your screen match the following:
NAME: Webmin Access
ACTION: PASS
DESTINATION LOCAL
SOURCE INTERFACE: Internal
PROTOCOL: TCP
DESTINATION PORT 10000
- INSTALL SQUID ( to Monitor internet traffic)
Clean & Update Apt Cache
apt-get clean
apt-get update
#Install squid 2.7
apt-get install squid squid-cgi
#configure squid Edit
/etc/squid/squid.conf
vi /etc/squid/squid.conf
acl mytricks src 192.168.175.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
access_log /var/log/squid/access.log squid
Add transparent to http_port 3128
http_port 3128 transparent
Add the following under their respective sections:
http_access allow mytricks
cache_mem 32 MB
cache_dir ufs /var/spool/squid 5000 16 256
httpd_suppress_version_string on
#Configure a port forwarding in Untangle for all users you want to monitor
Login to admin page, click on CONFIG, NETWORKING. At the top click on PORT FORWARDS. Click on ADD which will add it to the selection. Make your screen match the following:
Login to admin page, click on CONFIG, NETWORKING. At the top click on PORT FORWARDS. Click on ADD which will add it to the selection. Make your screen match the following:
ENABLED: Checked
DESCRIPTION: Squid Redirect
DESTINATION PORT: 80
SOURCE INTERFACE: Internal
PROTOCOL: TCP
NEW DESTINATION: 192.168.175.230 (change this to YOUR internal Untangle IP)
NEW PORT: 3128
#Configure a packet filter for webmin (Packet Filter)
Login to admin page, click on CONFIG, NETWORKING. At the top click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After advanced mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Make your screen match the following:
Login to admin page, click on CONFIG, NETWORKING. At the top click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After advanced mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Make your screen match the following:
NAME: Squid Proxy
ACTION: PASS
SOURCE INTERFACE: Internal
DESTINATION PORT 3128
PROTOCOL: TCP Destined local
# Restart UT affected UT services
/etc/init.d/untangle-net-alpaca restart
/etc/init.d/untangle-net-alpaca-iptables restart
#restart squid
/etc/init.d/squid restart
9. Deny logging of particular URL in access.log
I am denying logging of the few URL’s such sharepoint server (e.g 192.168.100.200) as all uses contacts Sharepoint server & it generates lots of internet logs. We do not want these logs.
Vi /etc/squid/squid.cong
Add below entries
acl logging url_regex http://192.168.100.200 (create acl & deny that acl form logging to access.log)
log_access deny logging
- To generate Internet usage report by hostname:-
Edit squid.conf & add below line
set log_fqdn on
Also modify the group policy DNS client
11. Few Commands to monitor Squid Proxy …to check disk usage on proxy
# df –h
to check current squid cache size….
Du –hs /var/spool/squid
To view real time intertnet usage logs from cnsole
tail –f /var/log/squid/access.log
- To generate Squid reports by hostname use below syntax in squid.conf,
Set log_fqdn on
Set dns_defnames on
- To restrict Download file size limit
reply_body_max_size
For Lightsquid squid proxy analyzer check below post,
http://www.mytricks.in/2011/07/how-to-install-lightsquid-for-squid.html
For Lightsquid squid proxy analyzer check below post,
http://www.mytricks.in/2011/07/how-to-install-lightsquid-for-squid.html
