###configure Tproxy+Squid3 in Ubuntu 11.10## #################################################### && Squid Configuration file: nano /etc/squid3/squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 #acl to_localhost dst 127.0.0.0/8 acl localnet src 155.75.73.40/29 acl kol src all acl FTP proto FTP acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 563 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #http_access deny to_localhost http_access allow localhost http_access allow localnet http_access deny kol ##the below line for deny of detect your proxy server request_header_access Via deny all http_port 3128 http_port 3129 tproxy #visible_hostname yourdomain.com #cache_mgr your domain mailbox cache_mem 160 MB half_closed_clients off cache_swap_high 100% cache_swap_low 80% maximum_object_size 10000 KB maximum_object_size_in_memory 256 KB minimum_object_size 1 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LRU memory_pools on cache_dir aufs /etc/cache 410000 256 512 quick_abort_min 32 KB quick_abort_max 32 KB quick_abort_pct 95 negative_ttl 3 minutes positive_dns_ttl 1 hours dead_peer_timeout 30 seconds acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY forwarded_for on hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid3 acl snmpkey snmp_community my_com_r32 snmp_port 3401 snmp_access allow snmpkey localhost snmp_access deny all dns_nameservers 8.8.8.8 4.2.2.4 #acl blockfiles url_regex -i \.mp3$ \.asx$ \.wma$ \.wmv$ \.avi$ \.mpeg$ \.raw$ \.wav$ \.mov$ \.swf$ \.mkv$ \.rmvb$ \.mp4$ \.3gp$ \.divx$ #\.xvid$ \.flv$ \.ogg$ #deny_info NOTE_FILETYPES_FILTERED blockfiles #deny_info ERR_ACCESS_DENIED denied_domains #http_access deny blockfiles refresh_pattern windowsupdate.com/.*\.(cab|exe|psf) 4320 100% 43200 reload-into-ims refresh_pattern download.microsoft.com/.*\.(cab|exe|psf) 4320 100% 43200 reload-into-ims refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|psf) 4320 100% 43200 reload-into-ims refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 refresh_pattern -i .htm 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .html 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .js 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .exe 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .zip 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .dat 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .rar 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .cap 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .pdf 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .cab 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .rpm 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .bz2 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .tar 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .gz 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .EXE 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .ZIP 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .CAB 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .msi 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .PDF 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .doc 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .z 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .txt 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .rfc 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .jpg 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .gif 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .bmp 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .ico 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .swf 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .png 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .mpg 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .mpeg 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .wmv 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .mov 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .avi 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .mp3 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .wav 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .wma 10080 80% 28800 reload-into-ims override-lastmod refresh_pattern -i .mid 10080 80% 28800 reload-into-ims override-lastmod logfile_rotate 5 cache_access_log /var/log/squid3/access.log cache_store_log none pid_filename /var/run/squid3.pid access_log /var/log/squid3/access.log #DELAY POOLS #delay_pools 1 #delay_class 1 2 #delay_access 1 allow localnet #delay_access 1 deny kol #delay_parameters 1 -1/-1 -1/-1 always_direct allow FTP ************************************************************** && iptable & routing information content in : nano /etc/rc.local iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 *************************************************************** && enable Forwarding in : nano /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.all.rp_filter = 2 net.ipv4.conf.eth0.rp_filter = 0 ********************************************************************** && interface static ip Addressing: nano /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 155.75.64.6 netmask 255.255.255.252 gateway 155.75.64.5 auto eth1 iface eth1 inet static address 155.75.64.13 netmask 255.255.255.252 ****************************************************************************************** && configure permanent iptables configure in ubuntu ##Add your rules in below file nano /etc/ufw/before.rules ********************************************** && Squid Commands for help squid3 -k reconfigure squid3 -z squid3 -d 1 /etc/init.d/squid3 restart ********************************************************************* && Static Routing route add -net 155.75.73.40 netmask 255.255.255.248 gw 155.75.64.14 dev eth1 ************************************************************************************* && Increase File Descriptor gedit /etc/security/limits.conf Add command line at end for each user: follow users: root & squid root hard nofile 65535 root soft nofile 65535 squid hard nofile 65535 squid soft nofile 65535 && or use this configure: echo "fs.file-max = 64000" >> /etc/sysctl.conf echo "* soft nofile 8192" >> /etc/security/limits.conf echo "* hard nofile 8192" >> /etc/security/limits.conf echo "ulimit -n 8192" >> /etc/profile ********************************************************************** && edit DNS File: nano /etc/resolv.conf nameserver 4.2.2.4 nameserver 8.8.8.8 **********************************************************