Showing posts with label Server. Show all posts
Showing posts with label Server. Show all posts

Wednesday, September 24, 2014

How to set up a squid Proxy with basic Username and Password Authentication Using NCSA

You can configure Squid to prompt users for a username and password.
Squid comes with a program called ncsa_auth that reads any NCSA-compliant encrypted password file. You can use the htpasswd program that comes installed with apache2-utils to create your passwords. Here is how it's done:

1) Create the password file. The name of the password file should be /etc/squid/squid_passwd, and you need to make sure that it's universally readable.

[root@tmp]# touch /etc/squid/squid_passwd
[root@tmp]# chmod o+r /etc/squid/squid_passwd

2) Use the htpasswd program to add users to the password file. You can add users at anytime without having to restart Squid. In this case, you add a username called www:

[root@tmp]# htpasswd /etc/squid/squid_passwd www
New password:
Re-type new password:
Adding password for user www
[root@tmp]#

3) Find your ncsa_auth file using the locate command.

[root@tmp]# locate ncsa_auth
/usr/lib/squid/ncsa_auth
[root@tmp]#

4) Edit squid.conf; specifically, you need to define the authentication program in squid.conf, which is in this case ncsa_auth. Next, create an ACL named ncsa_users with the REQUIRED keyword that forces Squid to use the NCSA auth_param method you defined previously. Finally, create an http_access entry that allows traffic that matches the ncsa_users ACL entry. Here's a simple user authentication example; the order of the statements is important:

#
# Add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED

#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users

5) This requires password authentication and allows access only during business hours. Once again, the order of the statements is important:

#
# Add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED
acl business_hours time M T W H F 9:00-17:00

#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users business_hours

Remember to restart Squid for the changes to take effect.
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , ,

Wednesday, July 10, 2013

Setup PPTP Server on Ubuntu 12.4 Server.

This guide has been tested with Ubuntu 12.4 Server.

Setup PPTP Server

First we need to install pptp server using apt-get 
 
# sudo apt-get install pptpd

Then we need to configure the pptpd. 
 
# sudo nano /etc/pptpd.conf

Add server IP and client IP at the end of the file. You can add like below: 
 
localip 192.168.0.1
remoteip 192.168.0.100-200

This sets up the PPTP server to use IP 192.168.0.1 while distributing the IP range 192.168.0.100 to 192.168.0.200 to PPTP clients. Change these as you wish as long as they are private IP addresses and do not conflict with IP addresses already used by your server.

Configure DNS servers to use when clients connect to this PPTP server 
 
# sudo nano /etc/ppp/pptpd-options

Uncomment the ms-dns and add google like below or OpenDNS 
 
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Now add a VPN user in /etc/ppp/chap-secrets file. 
 
# sudo nano /etc/ppp/chap-secrets

The column is username. Second column is server name, you can put “pptpd” in there. Third column is password. The last column is the IP addresses, you can put * to allow all IP. 
 
# client        server  secret                  IP addresses
username * myPassword *

Finally start your server 
 
# /etc/init.d/pptpd restart

Setup IP Forwarding

To enable IPv4 forward. Change /etc/sysctl.conf file, add forward rule blew. 




 


# sudo nano /etc/sysctl.conf







Uncomnent the line 


 


net.ipv4.ip_forward=1







Then reload the configuration 


 


sudo sysctl -p







Add forward rule in iptables 


 


# sudo nano /etc/rc.local







adding to the bottom just before the exit 0 


 


iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j TCPMSS --set-mss 1356







This example is using 192.168.0 for its PPTP subnet. The second rule adjusts the MTU size : 

You
 are done. Just reboot your server and you should be able to connect to 
using PPTPD and send all your traffic through this server. 









Posted by



at





No comments:
  

















Labels:
,
,
,























        

      









Subscribe to:
Posts (Atom)