Archive for April 9th, 2008

Install Squid Transparent Proxy (A.K.A httpd-accelerator)

Author: iDaemon

9 Apr

Here are for Squid 2.6+ only and here we go

# yum install squid

Then we need to make a config

# vi /etc/squid/squid.conf

by change these config,

edit http port to use transparent proxy

http_port 8080 transparent

search the line with acl QUERY urlpath_regex cgi-bin \? and add these after it

acl nc_post method POST acl nc_script urlpath_regex -i \.htm \.php /$ cache deny nc_post cache deny nc_script

edit the size to fit your server

cache_mem 512 MB maximum_object_size 8192 KB minimum_object_size 2 KB maximum_object_size_in_memory 128 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /var/spool/squid 1024 16 256

uncomment the logformat

logformat combined %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs %h” “%{User-Agent}>h” %Ss:%Sh

edit the following *ip change it to fit your server

access_log /var/log/squid/access.log combined dns_nameservers 127.0.0.1 123.123.123.123

find the line acl CONNECT method CONNECT and add the following

acl to_httpd dst 123.123.123.123 acl to_httpdport port 80 acl to_httpdport port 3080 http_access allow to_httpd to_httpdport

edit the host name

visible_hostname your.hostnameyouwant.here.com

manage service and start it.

# chkconfig --level 345 squid on # squid -z # service squid start

now you need to edit iptables to use the proxy

# iptables -t nat -A PREROUTING -p tcp -m tcp -d 123.123.123.123 --dport 8080 -j DROP # iptables -t nat -A PREROUTING -p tcp -m tcp -d 123.123.123.123 --dport 80 -j REDIRECT --to-ports 8080 # service iptables save

that’s all for running squid as transparent proxy but you need to do a following if you have problem experience with transparent proxy ip capture
add these line to php.ini at line auto_prepend_file

$refip = explode(",", $_SERVER["HTTP_X_FORWARDED_FOR"]); $_SERVER["REMOTE_ADDR"] = trim($refip[count($refip) - 1]); $_SERVER["HTTP_X_FORWARDED_FOR"] = ""; for ($i=0; $i $_SERVER["HTTP_X_FORWARDED_FOR"] .= ", ".trim($refip[$i]); } if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) $_SERVER["HTTP_X_FORWARDED_FOR"] = substr($_SERVER["HTTP_X_FORWARDED_FOR"], 2); else unset($_SERVER["HTTP_X_FORWARDED_FOR"]); ?>

0 Comments

Filed under: Server Administration

Centos 5 Network configuration, Shell method

Author: iDaemon

9 Apr

You can configure network card by editing text files stored in /etc/sysconfig/network-scripts/ directory. First change directory to /etc/sysconfig/network-scripts/:

# cd /etc/sysconfig/network-scripts/

You need to edit / create files as follows:

* /etc/sysconfig/network-scripts/ifcfg-eth0 : First Ethernet card configuration file
* /etc/sysconfig/network-scripts/ifcfg-eth1 : Second Ethernet card configuration file

To edit/create first NIC file, type command:

# vi ifcfg-eth0

Append/modify as follows:

# Intel Corporation 82801EB/ER (ICH5/ICH5R) integrated LAN Controller DEVICE=eth0 HWADDR=00:e0:81:28:5b:cc ONBOOT=yes TYPE=Ethernet NETMASK=255.255.255.0 IPADDR=192.168.2.100 GATEWAY=192.168.2.1

Save and close the file. Define default gateway (router IP) and hostname in /etc/sysconfig//network file:

# vi /etc/sysconfig/network

Append/modify configuration as follows:

NETWORKING=yes HOSTNAME=www.theidaemon.com GATEWAY=192.168.2.1

Save and close the file. Restart networking:

# /etc/init.d/network restart

Make sure you have correct DNS server defined in /etc/resolv.conf file:

# vi /etc/resolv.conf

Setup DNS Server as follows:

nameserver 192.168.2.1 nameserver 202.67.222.222

Save and close the file. Now you can ping the gateway/other hosts:

$ ping 192.168.2.101

Output:

# ping 192.168.2.101 PING 192.168.2.101 (192.168.2.101) 56(84) bytes of data. 64 bytes from 192.168.2.101: icmp_seq=1 ttl=128 time=0.195 ms 64 bytes from 192.168.2.101: icmp_seq=2 ttl=128 time=0.198 ms 64 bytes from 192.168.2.101: icmp_seq=3 ttl=128 time=0.188 ms

You can also check for Internet connectivity with nslookup or host command: