Squid

From LinuxReviews
Jump to navigationJump to search
squid


Squid is a software proxy server and web caching daemon which can be used as a web proxy for browsing the Internet and a reverse proxy to take load off web-servers.

Web proxy[edit]

Squid can be used as a personal web proxy cache to reduce bandwidth consumption. This is specially nice if you have little bandwidth. Squid leaks too much information. This configuration will allow you to use Squid together with Privoxy.

The chain will go Browser -> Squid -> Privoxy (-> Tor) -> Websites you visit

File: /etc/squid/squid.conf
httpd_accel_port 3128
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_peer      localhost       parent  8118    7       no-query default
header_access Via deny all
header_access From deny all
forwarded_for off
File: /etc/privoxy/config
listen-address  127.0.0.1:8118
forward-socks4a         /       127.0.0.1:9050  .

Transparent proxy[edit]

Using iptables:

INTF=eth1 # internal network interface
ONTF=eth0 # external default route / public interface
File: iptables config script
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to 3128

This configuration may leak DNS requests, so you may want a rule which prevents this:

File: iptables config script
$IPTABLES -t nat -A PREROUTING -i $INTIF -p udp --dport 53 -j REDIRECT --to 65533

..where 65533 is where dns-proxy-tor is listening.