+ Post New Thread
Results 1 to 1 of 1
How do you do....it? Thread, Rough guide to making your own wireless proxy in Technical; This is what we use on our guest wireless. These are my personal notes if I ever need to remake ...
  1. #1
    browolf's Avatar
    Join Date
    Jun 2005
    Thank Post
    Thanked 88 Times in 74 Posts
    Blog Entries
    Rep Power

    Rough guide to making your own wireless proxy

    This is what we use on our guest wireless. These are my personal notes if I ever need to remake it from scratch. Some knowledge of linux/debian is helpful. Otherwise you're gonna have to google a lot.

    Basic proxy

    REQ. dual network card workstation. Standard hardware. Ours is an old pentium 4 fujitsu x101. No need for it to have modern power. not sure now but ours has +1 either dlink or intel 10/100 card.

    Download the netinstall version of debian. ~180mb
    Debian -- Network install from a minimal CD

    plan is to build proxy from the ground up.

    Install debian with minimal options and no GUI.

    then install
    bind9 (dns)

    to extract squid settings as a list:

    grep -v -e "^#" -e "^$" /etc/squid/squid.conf | sed -e '/^$/d'

    http_port 3128
    cache_peer proxy.upstream.ac.uk parent 8080 0 proxy-only no-query default
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_mem 8MB
    access_log /var/log/squid/access.log
    squidhosts_file /etc/hosts
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl all src
    acl manager proto cache_object
    acl localhost src
    acl to_localhost dst
    acl SSL etc
    acl safe_ports port 901
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    acl lan src
    never_direct allow lan
    http_access allow localhost
    http_access allow lan
    http_access deny all
    http_reply_access allow all
    icp_access allow allcache_effective_group proxy
    coredump_dir /var/spool/squid
    setup dhcp and dns

    then you have a working proxy.

    to get wpad functionality

    install apache2

    need. apache2 to deliver a file wpad.dat or proxy. pac from the url wpad.domain On a standard debian install the zone files are not configured at all

    copy db.empty to db.domainname

    $ORIGIN domainame.
    @ IN SOA harlequin.domain. mail.domain. (

    @ IN NS harlequin.domain.
    harlequin IN A ipaddress
    wpad IN CNAME harlequin

    the reverse zone file should be copy db.0 to db.3octetsofip.in-addr.arpa

    $ORIGIN 201.168.10.in-addr.arpa.
    @ IN SOA harlequin.domain.sch.uk. mail.domain.sch.uk. (

    IN NS harlequin.domain.sch.uk.
    1 IN PTR wpad.domain.sch.uk.

    dots at the end are super important.

    After that AddType application/x-ns-proxy-autoconfig .dat in apache2 config

    wpad.dat/proxy.pac contains

    function FindProxyForURL(url, host)
    return "PROXY www-cache.yourdomain.tla:3128; DIRECT";


    dhcp method of wpad

    With ISC DHCP v3+, option-# options don't work. You have to do this in the global section of your configuration:

    option wpad-url code 252 = text; (define a new option)

    And add this in either the global or appropriate subnet section(s) of your configuration:

    option wpad-url "http://wpad.my.domain.tld/proxy.pac "; (use new option)

    how to make transparent

    firewall mappings:
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3130

    squid config:
    http_port 3128 transparent
    https_port 3130 transparent cert=/”path to server.crt” key=/”path to server.key”

    to get certificate install openssl

    openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/squid.pem -keyout /etc/ssl/localcerts/squid.key

    if squid 2.6 download source of 2.7 and compile with enable-ssl option

    how to recompile

    cd /usr/src 
    download squid sources: 
    apt-get source squid 
    download squid build dependencies: 
    apt-get build-dep squid 
    download sources for openssh: 
    apt-get build-dep openssh 
    download sources for openssl: 
    apt-get build-dep openssl 
    download and install necessary stuff for build process: 
    apt-get install devscripts build-essential fakeroot change directory: 
    cd squid-<version> edit the build rules and add the –enable-ssl option to the configure section: 
    vim debian/rules configure the new options (don’t do a make or make install !!!) : 
    ./configure compile and build package: 
    debuild -us -uc -b
    then install the .deb file(s)

    nb: transparency and wpad apache2 can't both run on port 80.

  2. Thanks to browolf from:

    stevenlong1985 (10th June 2013)

+ Post New Thread

Similar Threads

  1. [Website] How to make your own Cut Out Paper Vertical Sundial
    By mattx in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 21st October 2010, 10:27 PM
  2. Have you built your own wireless network? Care to share?
    By m0nty in forum Wireless Networks
    Replies: 12
    Last Post: 24th November 2009, 12:04 PM
  3. What software do you use to make your jobs easier?
    By itschad in forum How do you do....it?
    Replies: 19
    Last Post: 5th May 2009, 03:01 PM
  4. Make your own games!
    By Dos_Box in forum Downloads
    Replies: 2
    Last Post: 13th December 2006, 08:17 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts