Proxy

by jakeashburn
3 deployments · 3 still active · last rev. 6 months ago

Compatible with: CentOS 6.8
						#!/bin/sh

PROXY_USER=fire
PROXY_PASS=boy
PROXY_PORT=3128

# Clear the repository index caches
yum clean all

# Update the operating system
yum update -y

# Install httpd-tools to get htpasswd
yum install httpd-tools -y

# Install squid
yum install squid -y

# Create the htpasswd file
htpasswd -c -b /etc/squid/passwords $PROXY_USER $PROXY_PASS

# Backup the original squid config
cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

# Set up the squid config
cat << EOF > /etc/squid/squid.conf
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
forwarded_for delete
http_port 0.0.0.0:$PROXY_PORT
EOF

# Set squid to start on boot
chkconfig squid on

# Start squid
/etc/init.d/squid start

# Set up the iptables config
cat << EOF > /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT

#######################################################
# BEGIN CUSTOM RULES
#######################################################

# Allow SSH from anywhere
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

# Allow squid access from anywhere
-A INPUT -m state --state NEW -m tcp -p tcp --dport $PROXY_PORT -j ACCEPT

#######################################################
# END CUSTOM RULES
#######################################################

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF

# Restart iptables
/etc/init.d/iptables restart