+ Post New Thread
Results 1 to 1 of 1
How do you do....it? Thread, Rough guide to making your own wireless proxy in Technical; This is what we use on our guest wireless. These are my personal notes if I ever need to remake ...
  1. #1
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,497
    Thank Post
    101
    Thanked 84 Times in 71 Posts
    Blog Entries
    46
    Rep Power
    37

    Rough guide to making your own wireless proxy

    This is what we use on our guest wireless. These are my personal notes if I ever need to remake it from scratch. Some knowledge of linux/debian is helpful. Otherwise you're gonna have to google a lot.


    Basic proxy

    REQ. dual network card workstation. Standard hardware. Ours is an old pentium 4 fujitsu x101. No need for it to have modern power. not sure now but ours has +1 either dlink or intel 10/100 card.

    Download the netinstall version of debian. ~180mb
    Debian -- Network install from a minimal CD

    plan is to build proxy from the ground up.

    Install debian with minimal options and no GUI.

    then install
    squid
    dhcp3-server
    bind9 (dns)

    to extract squid settings as a list:


    grep -v -e "^#" -e "^$" /etc/squid/squid.conf | sed -e '/^$/d'


    http_port 3128
    cache_peer proxy.upstream.ac.uk parent 8080 0 proxy-only no-query default
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_mem 8MB
    access_log /var/log/squid/access.log
    squidhosts_file /etc/hosts
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL etc
    ...
    acl safe_ports port 901
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    acl lan src 192.168.201.1/255.255.255.0
    never_direct allow lan
    http_access allow localhost
    http_access allow lan
    http_access deny all
    http_reply_access allow all
    icp_access allow allcache_effective_group proxy
    coredump_dir /var/spool/squid
    setup dhcp and dns

    then you have a working proxy.

    to get wpad functionality

    install apache2

    need. apache2 to deliver a file wpad.dat or proxy. pac from the url wpad.domain On a standard debian install the zone files are not configured at all


    copy db.empty to db.domainname

    $ORIGIN domainame.
    @ IN SOA harlequin.domain. mail.domain. (
    etc)

    @ IN NS harlequin.domain.
    harlequin IN A ipaddress
    wpad IN CNAME harlequin

    the reverse zone file should be copy db.0 to db.3octetsofip.in-addr.arpa


    $ORIGIN 201.168.10.in-addr.arpa.
    @ IN SOA harlequin.domain.sch.uk. mail.domain.sch.uk. (
    etc)

    IN NS harlequin.domain.sch.uk.
    1 IN PTR wpad.domain.sch.uk.

    dots at the end are super important.


    After that AddType application/x-ns-proxy-autoconfig .dat in apache2 config


    wpad.dat/proxy.pac contains

    function FindProxyForURL(url, host)
    {
    return "PROXY www-cache.yourdomain.tla:3128; DIRECT";

    }

    dhcp method of wpad

    With ISC DHCP v3+, option-# options don't work. You have to do this in the global section of your configuration:

    option wpad-url code 252 = text; (define a new option)

    And add this in either the global or appropriate subnet section(s) of your configuration:

    option wpad-url "http://wpad.my.domain.tld/proxy.pac "; (use new option)

    how to make transparent

    firewall mappings:
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3130


    squid config:
    http_port 3128 transparent
    https_port 3130 transparent cert=/”path to server.crt” key=/”path to server.key”

    to get certificate install openssl

    openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/squid.pem -keyout /etc/ssl/localcerts/squid.key

    if squid 2.6 download source of 2.7 and compile with enable-ssl option

    how to recompile

    Code:
    cd /usr/src 
    
    download squid sources: 
    apt-get source squid 
    
    download squid build dependencies: 
    apt-get build-dep squid 
    
    download sources for openssh: 
    apt-get build-dep openssh 
    
    download sources for openssl: 
    apt-get build-dep openssl 
    
    download and install necessary stuff for build process: 
    apt-get install devscripts build-essential fakeroot change directory: 
    
    cd squid-<version> edit the build rules and add the –enable-ssl option to the configure section: 
    vim debian/rules configure the new options (don’t do a make or make install !!!) : 
    
    ./configure compile and build package: 
    
    debuild -us -uc -b
    then install the .deb file(s)

    nb: transparency and wpad apache2 can't both run on port 80.

  2. Thanks to browolf from:

    stevenlong1985 (10th June 2013)

SHARE:
+ Post New Thread

Similar Threads

  1. [Website] How to make your own Cut Out Paper Vertical Sundial
    By mattx in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 21st October 2010, 10:27 PM
  2. Have you built your own wireless network? Care to share?
    By m0nty in forum Wireless Networks
    Replies: 12
    Last Post: 24th November 2009, 12:04 PM
  3. What software do you use to make your jobs easier?
    By itschad in forum How do you do....it?
    Replies: 19
    Last Post: 5th May 2009, 03:01 PM
  4. Make your own games!
    By Dos_Box in forum Downloads
    Replies: 2
    Last Post: 13th December 2006, 08:17 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •