This small HOWTO will show you how to set up a small virtual machine to speed up and secure your home / small enterprise web surfing network using Debian 6, Squid 3.1 and QuintoLabs Content Security 1.2 applications deployed in a VMWare Virtual Player running on Windows 7 x64 as a host operating system. This howto is targeted at novice users and may sometimes seem too thorough for more advanced gurus.
While preparing this howto I have tried several different Linux distributions to act as the base for the virtual appliance we are going to create and found out that the one easiest to deploy, having smallest memory footprint and latest packages available is Debian Linux 6. In case you disagree please adjust the instructions of this howto for your favorite distribution and mention the needed changes in comments. I will try to integrate them into the next version of the howto.
Go to http://www.debian.org/ and get the smallest ISO image of the latest version of Debian 6 32-bit. The site says the recommended version for a modern server is x64 bit but as we are trying to create a small virtual machine the 32bit will suffice for our purposes.
Start up the VMWare Virtual Player and create a new virtual machine with the following hardware parameters: name - virtual-proxy, hard disk - 8Gb. Press the "Customize the hardware" button and delete the floppy, USB controller, printer and sound card, set the amount of memory to 256Mb. Switch the network adapter from "NAT" mode into "Bridged". Point the virtual CDROM to the ISO image that you have downloaded earlier and start the virtual machine.
Follow the steps of the Debian install wizard mostly accepting the defaults. Deselect all packages in the "Software Selection" wizard step except for "SSH server" and "Standard system utilities". Configure machine hostname as "proxy" and root password as "P@ssw0rd" (without quotation marks). Now wait a little until the installation is complete and then reboot the system.
The following screenshots of the installation show most important steps of the installation process.
After reboot check the amount of free memory available and note that it is around 200Mb (kind of cool comparing to default CentOS 5 installation with 140Mb of free memory available after similar install).
The IP address of the network interface card of our freshly installed Debian server is set to DHCP. While it is possible to leave it like this it means that every time the server is restarted it may be assigned a different IP address so accessing this server later by IP address may become a little irritating. The easiest way is to set the IP address to static one. To do it we must change the file located at /etc/network/interfaces by typing the following in the terminal
# nano /etc/network/interfacesFind the line with iface eth0 inet dhcp in the file, remove or comment it out and add the following:
# iface eth0 inet dhcpiface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1NOTE: The provided above settings (IP addresses) are valid for my environment that connects to the ISP using the LinkSys Wireless N Broadband Router (with custom dd-wrt firmware) that has a DHCP server build in that gives out internal IP addresses from the 192.168.1.* private subnet. Your router may give other addresses so please beware :) !
One more thing left to do is adjust the DNS settings. Run the following command in the terminal and add the IP address of the DNS server that runs on router:
# nano /etc/resolv.confnameserver 192.168.1.1
Now restart your networking by typing #/etc/init.d/networking in the root terminal or just restarting the virtual machine. After restart confirm that the networking functions correctly by typing in the terminal (there should not be any errors in the outputs on these commands):
ping -c 3 192.168.1.1nslookup google.com
Next small step prior to installing squid is to update the system to the latest version of packages. This will require disabling Debian repositories that refer to CDROM that we used to install the system from and enabling the online repositories.
Type the following in the root terminal #nano /etc/apt/sources.list then find and comment all lines that start with deb cdrom:. Save the file by pressing CTRL+o followed by CTRL+x and exit nano. Then perform system update by typing
# apt-get update && apt-get upgradein the root terminal. Wait until the system downloads all the updates.
Next we need to install the latest version of the squid proxy server. In order to do that type the following in the root terminal:
# apt-get install squid3The squid packages is downloaded from the Internet and installed automatically. The only thing to do is to let the external users from our network access the squid. Open the squid configuration file by typing
# nano /etc/squid3/squid.confand uncomment the following lines: acl localnet src 192.168.0.0/16 (approximately line 651) and http_access allow localnet (approximately line 786).
Save the file and restart the squid by typing
# service squid3 restartTo verify that squid runs correctly point your browser to the IP address of the proxy server (192.168.1.2) and surf to some of your favorite websites.
Tiny Web Proxy And Content Filtering Appliance (Version 1.2) With Debian Squeeze - Page 2
Tidak ada komentar:
Posting Komentar