Posts Tagged ‘squid’

LDAP authentication with Squid

Wednesday, December 14th, 2011

A snippet from squid.conf allowing LDAP authentication from Mon-Fri business hours. Done on Ubuntu 10.04.2 (lucid) and Squid 2.7.STABLE7.

  1. # Configure LDAP auth helper
  2. auth_param basic program /usr/lib/squid/ldap_auth -v 3 -b "ou=Int,ou=People,dc=domain,dc=org" -u "uid" -h ldaps.domain.org
  3.  
  4. acl int-lan src 192.168.11.0/24
  5. acl daytime time M T W H F 08:30-12:30
  6. acl evening time M T W H F 13:30-17:30
  7.  
  8. http_access allow ldapauth int-lan daytime evening

Forwarding outgoing http requests to another server

Sunday, August 7th, 2011

In this article I’ll show iptables rule to forward outgoing http requests from one server to another. Both servers are single connected, in the same subnet and running Ubuntu with iptables. In my case I needed to forward or reroute outgoing http requests from one server to a server running Squid.

In the net you’ll find a lot of articles for dual connected servers (read gateways) on how to forward incoming traffic to the internal servers, or how to do port rewriting (forwarding a local port to another local port on the same server), or how to do transparent proxying and so on. My case is trivial: all outgoing http request should be forwarded to the server with Squid running in transparent mode. Nothing needs to be rewrited or changed in terms of source/destination/port.

  1. iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 1.2.3.4:3128

where 1.2.3.4 is the server running Squid and 3128 is the port it’s listening on.

On the server running Squid make sure that it’s in transparent mode:

  1. #cat /etc/squid/squid.conf | grep transparent
  2. http_port 3128 transparent

I didn’t realize OUTPUT could be used with DNAT, but guess what — it works!