TUTORIAL - HOW TO CONFIGURE SQUID PROXY TRANSPARENT PORT 80 THAT CAN BE USED FOR LISTEN HTTP PROXY ON VPN OR SSH -SQUID 3.1 (CENTOS 6) - PORT BINDING SQUID

hello, 

lets begin with this simple tutorial
all of us, face the difficulty to configure squid on port 80 or 8080 or 3128 that can be used for TCP protocol as HTTP_PROXY on VPN or something like that.

First :

1. Login to your server as root

yum -y install squid

yum - y install nano

2. Configuring Squid

 nano /etc/squid/squid.conf

PORT 80
=======

# squid.conf 3.1 # ------------- # GROUNDMANS MODIFICATION # -------------------------- auth_param basic casesensitive off # ACL acl localnet src 10.0.0.0/8    # RFC1918 possible internal network acl localnet src 172.16.0.0/12    # RFC1918 possible internal network acl localnet src 192.168.0.0/16    # RFC1918 possible internal network acl localnet src fc00::/7       # RFC 4193 local private network range acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 777 acl CONNECT method GET HEAD POST # HTTP ACCESS http_access allow localnet http_access allow SSL_ports http_reply_access allow localnet http_reply_access allow SSL_ports ##FINALLY--- http_access deny !SSL_ports http_access deny all http_reply_access deny all http_port 80 transparent # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # -------------------- # MEMORY CACHE OPTIONS # -------------------- cache_mem 16 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF # --------------------------- # cache_dir # --------------------------- cache_replacement_policy heap LFUDA cache_dir aufs /var/spool/squid 1000 14 256 minimum_object_size 0 KB maximum_object_size 64 MB cache_swap_low 98 cache_swap_high 99 # LOGFILE OPTIONS # --------------- access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log #cache_store_log /var/log/squid/store.log cache_store_log none logfile_rotate 10 # OPTIONS FOR TROUBLESHOOTING # --------------------------- # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # OPTIONS FOR TUNING THE CACHE # ---------------------------- # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 10080 90% 43200 refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|pptx|doc|docx|xls|xlsx|tiff)$ 10080 90% 43200 refresh_pattern -i \.(zip|bz2|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 refresh_pattern -i \.(html|htm|css|js|php|asp|aspx) 1440 40% 40320 refresh_pattern -i download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i download.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i ntservicepack.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i wustat.windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims # TIMEOUTS # -------- forward_timeout 2 minutes connect_timeout 1 minute read_timeout 10 minutes request_timeout 3 minutes persistent_request_timeout 1 minutes client_lifetime 1 day half_closed_clients off shutdown_lifetime 10 seconds # ADMINISTRATIVE PARAMETERS # ------------------------- cache_mgr groundmanlove@gmail.com cache_effective_user squid visible_hostname groundmans.tk # OPTIONS INFLUENCING REQUEST FORWARDING # -------------------------------------- prefer_direct off #always_direct allow ipserver always_direct deny all # DNS OPTIONS # ----------- dns_retransmit_interval 2 seconds dns_timeout 1 minutes dns_nameservers 8.8.8.8 8.8.4.4 hosts_file /etc/hosts ignore_unknown_nameservers on ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024

#now all setup

#squid config by groundmans.tk

 as you can see the red lines above  

 acl SSL_ports port 777

  The Proxy Squid Can Only Be Used for VPN // SSH on port defined above, in this case port 777
So, All you have to do is, Opening your VPN or SSH on Port 777

Note ***
----------
How If you Can not change the port into port 80
------------------------------------------------------------------------------------
Please follow this guide

see the line above, wrote :

 http_port 80 transparent

change it to :

 http_port 8080 transparent

 or

http_port 3128 transparent

  and then enter the following IPTABLES RULES :

In Case you put Port 8080
  

  iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

 service iptables save

in case you put Port 3128 

 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128

  service iptables save

3. Starting Squid 

We'll lets be clear, all we gonna do is used Port 80 that usually being used by HTTPD,
we gonna kill the process, and clear Port 80 for SQUID
enter this COMMAND :

 killall httpd

service squid start

now all setup, this squid proxy will on IP:80
your configuration on VPN or SSH should Bind into Port 777
==========================================

thanks