CONFIGURING A PROXY SERVER IN LINUXBYROHIT KAUL CS , BITS-PILANI

PRESENTATION LAYOUTBrief introduction to LINUXWhat is a proxy???Its Uses and Need???Security aspects and Web Caching Connecting a PC to LANIntroduction and Configuration of SquidConfiguration of clients BrowserConclusions

Introduction to LinuxLinux a phenomenon?Linux has provided a common platform for the Free software that was being created all over the world.Linus Torvalds, 1991 , University of HelsinkiGPL (General Public License)Distributions in market Red Hat , Debian etcWHY LINUX ????

What is a Proxy Server ??Intermediary server between clients and the actual serverProxy processes requestProxy processes responseReceives the client requestDecides if request will go on to the serverMay have cache & may respond from cacheActs as the client with respect to the serverUses one of its own IP addresses to get page from server

Uses of Proxy-ServerEnhancing Security not individual security concerns, saves resources, money etc

Caching faster web surfing

FirewallFiltering Contents

A normal web transaction

SecurityHow Do I Care???

Transaction through a proxyMore secure.Add firewallpacket filter; block access to sites

Caching Proxy (Cache MISS!!)Cache MISS

Caching Proxy ( cache HIT)Cache HITImproves speed of surfing

Proxy In LinuxInstallationConnecting Linux PC to LANConfiguring proxy module/applicationConfiguring prospective clients browsers

INSTALLATION easy!!!

Connecting Linux PC to LANRed Hat menu , System Settings Network( or type neat as root )Network configuration window appearsDevices tab eth0 interface ( double-click)A pop-up window appears asking for:DHCP / Static AddressingChoose Static.and fill inIP Address, Netmask, Default Gateway Address. click OK , close the window and click ACTIVATE

Default Gateway ???Like routers

Configuring DNS informationDNS ???Click DNS tab in network configuration window..Enter primary and secondary DNS nameservers .in case local DNS is configured enter the address as primary DNSClick APPLY button at the bottomClick CLOSE , and ACTIVATE

Configuring SQUIDSquid????it is a proxy caching server which runs on *nix based platforms.Why Squid?apart from others..Available free of cost , open-sourceFeatures content-filtering and password authentication for users using external programs

Installation of squid

From RPM packagesUse Package Manager and install from CDFrom SourceUnzip in some temporary directoryMove to itand run ./configRun make make install make cleanSimilar to WINZIP

Squid.conf fileOpen in any standard editor vi/vim emacsLots of options, anybody with basic knowledge of proxy and networking can configure it.http port default 3128 Cache_mem default 8MBCache_dir directory subdirectory subsub directories /var/squid/cache

Restricting Internet AccessACLs ( access control Lists )Acl acl_name acl_type dataAcl node scr 10.10.7.239Acl node2 scr 10.10.7.72Acl lunchtime time M 13:00-14:00http_access deny node lunctimehttp_access deny node

Starting squid squid start /etc/init.d squid start / restart Stopping squidSquid stop /etc/init.d squid stop

Dummy interface??What is dummy interface???eth0 eth1eth0 eth0:0

Interface at startup.bashrc file

Configuring Internet Explorer

Click Start, Programs, Internet Explorer

Click Tools, Internet Options

Click Connections

Select Your ConnectionFor LAN connection (within RRL)

For Dial-UP Connection (from Home)

Click LAN SettingsLAN connections ONLY

Select Use a proxy server for this connection.In Address box, type 10.10.7.245 & in Port box 8080Select Bypass proxy server for local addresses

Select Use the same proxy server for all protocols.Type *.ou.ac.lk; 192.248.73.* in Do not use proxy server for addresses beginning with box

Click OK.Click OK.Click OK.Similarly one can configure graphical browsers like MOZILLA or OPERA

Conclusions

In an era where even a single click of mouse is potent enough to cause a full fledged attack , installing proxies and other security modules is no more a luxury that every system administrator enjoysIts a necessity.