By Jack Wallen
A proxy server is one of those ubiquitous servers that can offer up a number of possible services. But until the likes of Webmin arrived, setting up a proxy server in Linux was a daunting task, with configuration files filled with parent and sibling nodes that would give many a GUI-centric administrator a heart attack. Those days are gone; now, the Linux administrator has a number of GUI tools to choose from.
The left navigation is where you'll find all the listings of services.
For the task of setting up a proxy server, none of those tools are better than Webmin. Its ease of installation and use far surpass its competition. On top of that, it's one of the few server administration tools that covers proxy configuration. In this article, I'll show you how it works.
Before we get into the thick of things, it might be best to let you know that Webmin is really just a front-end for the configuration of the Squid Proxy Server. Squid is a very powerful, flexible Web-caching proxy daemon. If you don't already know, Squid is configured in the /etc/squid/squid.conf file. The squid.conf file runs approximately 4,273 lines in length, so having a GUI that can handle nearly 100% of the configuration of this file is most helpful.
Setting up a Web proxy
So let's get working. We are going to do is set up a simple Web proxy, which can do a number of important tasks: Block offensive Web content (with the help of SquidGuard), reformat content for specific purposes, and confine viruses served from hostile sources. Let's take a look at setting up a Web proxy to block offensive content.
This installation is based on a full install of OpenSuSE 10.2 (all five CDs). You need to have two network interfaces and your server set up as a router. In order to get routing working, you can use this script (we will call this route_on) and place it in /etc:
# Shell "debug" on
# define variables
#WHERE XX.XX.XX.XX IS YOUR ACTUAL EXTERNAL IP ADDRESS
# flash all firewall and NAT rules
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
iptables -t raw -F
# delete user defined chains
# define default policies
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# allow all locally
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
# activate FORWADING
echo 1 > /proc/sys/net/ipv4/ip_forward
# activate SNAT
iptables -t nat -A POSTROUTING -o $XETH -j SNAT --to $IP_X
The above script will need to be run after the server is up.
You'll also need to ensure that Webmin has been installed. Installing Webmin is a simple matter of getting the RPM, installing it, and pointing your browser to http://Webmin_server_address:10000. Log in as root (the same root as on your system). Once there, you will see the Webmin welcome screen shown.
Select the Servers menu entry to get a full list of services. Initially, you may not see SquidGuard listed. If not, you'll need to install. So log out of Webmin and install SquidGuard. SquidGuard The first thing you need to do is install the squidGuard Webmin module. The installation is handled in the same way Webmin was installed. Open up a terminal window and change to the directory the SquidGuard file was downloaded into (most likely ~/Desktop.) As root, issue the command:
rpm -ivh Webmin-squidGuard-0.91.2-2.noarch.rpm
where -0.91.2-2 is the current release number.
You will also have to install two other packages: squidGuard and db. Download those files, place them in a temporary directory and run the command:
rpm -ivh *rpm