Friday, July 15, 2011

Share Internet with squid & Iptables

implement a nice trick to share internet with squid and block website using port redirection.
open your sysctl.conf
vim /etc/sysctl.conf and change line
net.ipv4.ip_forward = 1 (by default its 0)
save & exit from file 
1. Install Squid
yum -y install squid*
2. Edit Squid.conf file 
To Block website apply copy and paste this below lines as per your source network
acl blocksite dstdomain
http_access deny blocksite 
acl our_networks src
http_access allow our_networks
vim /etc/squid/squid.conf then search for http_port you will see 3128 by default port there so change it to 8888
save & exit from file
3. service squid restart
4.Now share your internet using iptables by executing following command:-
iptables -t nat -A POSTROUTING -o eth1 < Live-IP-Lan-Card> -j MASQUERADE
5. Now redirect your 80 port to 8888 
iptables -t nat -A PREROUTING -i eth0 (Local-Lan-Card) -p -tcp –dport 80 -j REDIRECT –to-port 8888
Now your Outlook will work directly without doing anything but client will not able to surf block websites which you blocked in squid.