Re: [squid-users] [MASSMAIL] Squid: forward to another squid server with authentication
Thank you. I will follow you instructions. Amaury. On 15/12/15 19:03, Amaury Viera Hernández wrote: Hello everyone. This is a more detailed explanation about my trouble: I have two network cards: a shared Wifi card(wlp2s0) : 10.42.0.1 a Network card with access to my LAN(enp4s0): 10.8.77.1 In short, I am looking for a simple way to do the following (please give code samples if possible): Set up and start a transparent proxy server on my computer (wifi card, say that squid will listen at 10.42.0.1:3128) that can capture all web requests from my phone, once the http request from phone comes to this proxy, it will forward it to the university proxy (say address is 10.0.0.1:8080 with user and password authentication) Note: Is posible that one of the authentication methods of my proxy server will be ntlm Now, more details to fully explain my situation: In my university, authentication is needed to pass through a proxy so that we can connect to the internet. I normally enter my active directory username/password to authenticate when the pop up appears in the web browser Now, I want to connect my phone to my hared wifi(10.42.0.1) and using the network card with access to the lan(10.8.77.1), forward de http request of my phone to the proxy server in the university( 10.0.0.1:8080 with user and password authentication) because some application of my phone require a direct connection, without proxy and without proxy authentication. So, I am planning to set up a transparent proxy on my laptop to catch all requests from my phone. Of course, I don't need to use the proxy for local domains (uci.cu in this case) I'm using ubuntu 15.10 with squid3 (3.3.8) I have this configuration in squid.conf (This is very functional for local domain(without proxy authentications, against the local domains, for example: intranet.uci.cu, but for internet domains I need to authenticate(cache_peer my proxy with the proxy of my university)) ) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localdst dstdomain acl mi_red src 10.42.0.0/24 http_access allow mi_red http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost http_access deny all http_port 10.42.0.1:3128 transparent coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 cache_mem 512 MB cache_dir ufs /var/spool/squid3 2048 16 256 cache_effective_user proxy cache_effective_group proxy half_closed_clients off maximum_object_size 1024 KB cache_swap_low 90 cache_swap_high 95 memory_pools off error_directory /usr/share/squid3/errors/es/ access_log /var/log/squid3/access.log squid cache_peer 10.0.0.1 parent 8080 0 no-query default no-digest login=avhernandez:MyPass never_direct allow all I'm using this firewall script #!/bin/sh # IP del servidor SQUID SQUID_SERVER="10.42.0.1" # Interface conectada a Internet INTERNET="enp4s0" # Interface interna LAN_IN="wlp2s0" # Puerto Squid SQUID_PORT="3128" # Limpia las reglas anteriores iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Carga los modulos IPTABLES para NAT e IP con soporte conntrack modprobe ip_conntrack modprobe ip_conntrack_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Politica de filtro por defecto iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Acceso ilimitado a loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Permite UDP, DNS y FTP pasivo iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # Establece el servidor como router para la red iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # acceso ilimiato a la LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # Redirige las peticiones de la red interna hacia el proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # Redirige la entrada al proxy iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT Best regards. Amaury. ___ squid-users mailing
[squid-users] Squid: forward to another squid server with authentication
Hello everyone. This is a more detailed explanation about my trouble: I have two network cards: a shared Wifi card(wlp2s0) : 10.42.0.1 a Network card with access to my LAN(enp4s0): 10.8.77.1 In short, I am looking for a simple way to do the following (please give code samples if possible): Set up and start a transparent proxy server on my computer (wifi card, say that squid will listen at 10.42.0.1:3128) that can capture all web requests from my phone, once the http request from phone comes to this proxy, it will forward it to the university proxy (say address is 10.0.0.1:8080 with user and password authentication) Note: Is posible that one of the authentication methods of my proxy server will be ntlm Now, more details to fully explain my situation: In my university, authentication is needed to pass through a proxy so that we can connect to the internet. I normally enter my active directory username/password to authenticate when the pop up appears in the web browser Now, I want to connect my phone to my hared wifi(10.42.0.1) and using the network card with access to the lan(10.8.77.1), forward de http request of my phone to the proxy server in the university( 10.0.0.1:8080 with user and password authentication) because some application of my phone require a direct connection, without proxy and without proxy authentication. So, I am planning to set up a transparent proxy on my laptop to catch all requests from my phone. Of course, I don't need to use the proxy for local domains (uci.cu in this case) I'm using ubuntu 15.10 with squid3 (3.3.8) I have this configuration in squid.conf (This is very functional for local domain(without proxy authentications, against the local domains, for example: intranet.uci.cu, but for internet domains I need to authenticate(cache_peer my proxy with the proxy of my university)) ) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localdst dstdomain acl mi_red src 10.42.0.0/24 http_access allow mi_red http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost http_access deny all http_port 10.42.0.1:3128 transparent coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 cache_mem 512 MB cache_dir ufs /var/spool/squid3 2048 16 256 cache_effective_user proxy cache_effective_group proxy half_closed_clients off maximum_object_size 1024 KB cache_swap_low 90 cache_swap_high 95 memory_pools off error_directory /usr/share/squid3/errors/es/ access_log /var/log/squid3/access.log squid cache_peer 10.0.0.1 parent 8080 0 no-query default no-digest login=avhernandez:MyPass never_direct allow all I'm using this firewall script #!/bin/sh # IP del servidor SQUID SQUID_SERVER="10.42.0.1" # Interface conectada a Internet INTERNET="enp4s0" # Interface interna LAN_IN="wlp2s0" # Puerto Squid SQUID_PORT="3128" # Limpia las reglas anteriores iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Carga los modulos IPTABLES para NAT e IP con soporte conntrack modprobe ip_conntrack modprobe ip_conntrack_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Politica de filtro por defecto iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Acceso ilimitado a loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Permite UDP, DNS y FTP pasivo iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # Establece el servidor como router para la red iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # acceso ilimiato a la LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # Redirige las peticiones de la red interna hacia el proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # Redirige la entrada al proxy iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT Best regards. Amaury. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Authenticate against the squid of my organization
Hello everyone: This is my main doubt: I'm using an authenticated proxy (squid) in my university but i do not have access to change any configuration in that proxy. I need to install squid in my local machine and specify in some place that this squid will use my user and password of the squid of my university (Please, note that I can't make configurations in the main proxy) Regards. Amaury ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Offtopic message (Invitation to the 6th FOSS International Workshop)
Hello to everyone. As you can read in the subject, this message is off topic, but if you forgive me I want to invite you to participate in the 6th FOSS International Workshop that will be held in Havana, Cuba, from March 14th to 18th, 2016 organized by the Free Software Center from the University of Informatics Sciences. Workshop site: http://www.informaticahabana.cu/en/eventos/show/98 Event site: http://www.informaticahabana.cu/en/ You can participate as a delegate or as a researcher and to exchange with colleagues of many places in the world about free and open source technologgies. As a researcher and with the goal to get a publication you need to know this things about the sending of the papers: IMPORTANT DATES Convention Presentation of abstracts and papers: October 20th, 2015 Notification on acceptance: November 20th, 2015 Sending of final paper for publication: December 7th, 2015 Fair Applications for exhibition samples: up to January 28th, 2016 Confirmation of acceptance of exhibition samples: up to February 18th, 2016 Regards, Amaury. 17 de octubre: Final Cubana 2015 del Concurso de Programación ACM-ICPC. http://coj.uci.cu/contest/contestview.xhtml?cid=1407 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] about squid trouble
Hi everyone: I recently subscribe to this list and I'm going to introduce myself briefly. I work at the University of Computer Sciences at Havana, Cuba (6000 users aproximately). We surf using squid, but in many ocassions when we are surfing I get an error page of exceed quota telling me that the cuota of other user is finished. I'm worried, because I think that is possible that others users will be surfing with my account and i will be surfing with the account of others users. Could you help me please. Thanks in advance. Best regards, Amaury. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
