Friday 19 April 2013

SQUID 3.3.3 COMPILATION ON UBUNTU 12


Compilation of Squid 3.3.3 on Ubuntu 12
## Switch to root user
sudo su

apt-get update

apt-get upgrade


tar -xzvf squid-3.3.3.tar.gz

apt-get install g++ gawk m4 gcc-multilib

NOTE: if found any error regarding gcc then install it
------------------------------------------------------------------------
sudo add-apt-repository ppa:ubuntu-toolchain-r/test
sudo apt-get update
sudo apt-get install gcc-4.7
------------------------------------------------------------------------

apt-get install smbclient

apt-get install openssl*

apt-get install libcap-*

## SQUID COMPILATION
./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid3 --enable-delay-pools --enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-arp-acl --enable-snmp --enable-gnuregex && echo $?

NOTE: for squid 3.3.3
--enable-arp-acl replaced with --enable-eui

make all && echo $?

make install && echo $?

## GENERATE CERTIFICATE
cd /usr/share/ssl-cert

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem

openssl x509 -in myCA.pem -outform DER -out myCA.der

The result file should be imported into the 'Authorities' section of users' browsers.
For example, in FireFox:
  1. Open 'Preferences'
  2. Go to the 'Advanced' section, 'Encryption' tab
  3. Press the 'View Certificates' button and go to the 'Authorities' tab
  4. Press the 'Import' button, select the .der file that was created previously and pres 'OK'
## CONFIGURE SQUID
nano /etc/squid3/squid.conf

http_port 192.168.5.239:3128 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/share/ssl-cert/myCA.pem

##Also add the following lines to enable SSL bumping:
always_direct allow all
ssl_bump allow all
# the following two options are unsafe and not always necessary:
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

# Uncomment and adjust the following to add a disk cache directory.
cache_mem 100 MB
cache_dir ufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

## CREATE CACHE LOG FILE
touch /var/logs/cache.log
chown nobody:adm /var/logs/cache.log

touch /var/logs/access.log
chown nobody:adm /var/logs/access.log

chown nobody:adm /var/cache/squid

## TO INITIALIZE CACHE
/usr/sbin/squid -z

## TO RUN SQUID
/usr/sbin/squid &

NOTE: if you face below issue then disable or change this line “ssl_bump allow all” accordingly in /etc/squid3/squid.conf
SECURITY NOTICE: auto-converting deprecated "ssl_bump allow <acl>" to "ssl_bump client-first <acl>" which is usually inferior to the newer server-first bumping mode. Update your ssl_bump rules.

## IPTABLES ENTRIES FOR TRANSPARENT PROXY

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 3128

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

## TO ENABLE FORWARDING
echo "1">/proc/sys/net/ipv4/ip_forward

No comments:

Post a Comment