Linux

Script to automatically turn your CentOS 5.2 installation into a Router with Squid Caching

Posted on by Greenwire Technology Solutions

I’ve put a lot of time into this guy! And I’m proud to share it with you. This script and configuration files, when configured correctly for your network will turn your CentOS 5.2 installation into a network router with dhcp, dns, squid, samba, iptables and webmin. I’ve also provided all of these files tarballed together so that you can just untar them and use my configuration. Make sure you change the admin password in the first section of install.sh

NOTE: This script is missing one function. You must change net.ipv4.ip_forward = 0 to 1 inside of/etc/sysctl.conf

To run my script automatically just login as root and run the following commands:

wget https://greenwireit.com/blog/wp-content/uploads/2009/03/install.tar
tar xf install.tar
./install.sh

Notes: For this configuration eth0 is your WAN interface and eth1 is LAN. I actually have no method of testing this configuration because I had to sanitise it to get rid of my own network variables. If you have any problems PLEASE post them in the comments and I will adjust them.

install.sh

echo Setting Root Password
echo yourpasswordhere > /tmp/tmppass
passwd --stdin root < /tmp/tmppass
rm /tmp/tmppass
echo Password Changed
#
echo Setting up Repositories
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
echo Installing Dependencies
yum -y install perl-Net-SSLeay
echo Installing Webmin
rpm -Uhv http://internap.dl.sourceforge.net/sourceforge/webadmin/webmin-1.450-1.noarch.rpm
echo Installing Squid
yum -y install squid
echo Installing Samba
yum -y install samba
echo Installing dhcpd
yum -y install dhcp
echo Installing named
yum -y install bind
#
echo Copying Config Files
cp named.conf /var/named/chroot/etc/named.conf
cp dhcpd.conf /etc/dhcpd.conf
cp smb.conf /etc/samba/smb.conf
cp squid.conf /etc/squid/squid.conf
cp iptables /etc/sysconfig/iptables
echo Config Files Copied
#
echo Finishing Up
echo Starting Services
/etc/init.d/webmin start
/etc/init.d/squid start
/etc/init.d/smb start
/etc/init.d/dhcpd start
/etc/init.d/named start
/etc/init.d/iptables restart

iptables

*mangle
:PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT
*nat
:PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 111 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 135:139 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 445 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9022 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 4445 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 1720 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 5038 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 79 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 143 -j REJECT --reject-with tcp-reset
-A OUTPUT -o lo -j ACCEPT
COMMIT

squid.conf, configured for transparent NAT. Which means as long as iptables is pointed to it, it will automatically cache and accelerate your internet connection.

acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.1.0/24
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localhost
http_access allow lan
cache_mem 64 MB
cache_store_log none
http_access allow lan
http_access deny all
icp_access allow all
miss_access allow all
cache_mgr [email protected]
http_port 3128 transparent

dhcpd.conf

ddns-update-style interim;
ignore client-updates;

DHCPARGS=eth1;
subnet 192.168.1.0 netmask 255.255.255.0
{
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1, 4.2.2.1;
range 192.168.1.10 192.168.1.150;
}

smb.conf

[global] workgroup = workgroup
server string = Router
local master = no
domain master = no
preferred master = no
password server = None
guest ok = yes
guest account = root
security = SHARE
dns proxy = no
bind interfaces only = true
interfaces = eth1 192.168.1.1

path = /share
guest ok = yes
writeable = yes
create mask = 0777

[backup] path = /backup
guest ok = yes
writeable = yes
create mask = 0777

named.conf
options {
forwarders {4.2.2.1; 4.2.2.2;};
forward only;
listen-on {192.168.1.1;};
};

Greenwire Technology Solutions