I am setting up an http proxy.
# cd /xen # mkdir www1 # cd www1/ # tar xjvf ../debian-4.0-20070801.tar.bz2 debian-4.0.img debian-4.0.xen3.cfg debian.swap # mv debian-4.0.xen3.cfg proxy.cfg # dd if=/dev/zero of=debian.swap bs=1M count=256 #dd if=/dev/urandom bs=1 count=3 2>/dev/null | od -tx1 | head -1 | cut -d' ' -f2- | tr -d ' ' | tr '[a-f]' '[A-F]' 7E0E41 # vi proxy.cfg kernel = "/boot/vmlinuz-2.6-xenU" memory = 128 name = "proxy" vif = [ 'bridge=xenbr0,mac=00:16:3e:7E:0E:41' ] dhcp = "dhcp" disk = ['file:/xen/debian/debian-4.0.img,sda1,w' , 'file:/xen/debian/debian.swap,sda2,w' ] root = "/dev/sda1 ro" ramdisk = "/boot/initrd-2.6-xenU.img" # xm create -c ./proxy.cfg ... DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 receive_packet failed on eth0: Network is down DHCPOFFER from 192.168.0.36 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.0.36 bound to 192.168.0.215 -- renewal in 300 seconds. done. ... # ssh 192.168.0.215 Password: password # vi /etc/hostname proxy # passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully # apt-get update ... # vi /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.0.52 netmask 255.255.255.0 gateway 192.168.0.1 auto lo iface lo inet loopback # /etc/init.d/networking restart ...lost network connection... # ssh 192.168.0.52 # apt-get install squid3 # apt-get dist-upgrade
I will continue the configuration tomorrow. It will only allow local connections (192.168.0.x).
nano /etc/squid3/squid.conf
I searched for acl all to find the area and added two acls.
acl privnat src 192.168.0.0/255.255.255.0
acl dmz src 10.0.0.192/255.255.255.224I searched a couple of times for “http_access all” and following the INSERT line, added my new rules:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow privnat
http_access allow dmzSave and close the file, then restart squid.
/etc/init.d/squid3 restart