Views
JonDos GmbH thanks www.secure-internet.org for the right to publish the following article. We made some changes in it but the original text was provided www.secure-internet.org
Contents |
HowTo install squid proxy (only exit mixes)
The squid proxy can be installed using the ports system. Do NOT install squid3, please use the latest stable version of squid v.2.7. Only for testing purposes lynx may be installed, too. Perl-Template-Toolkit is needed to process the config template file. Alternatively you con do this job by hand.
cd /usr/ports/www/lynx && make install clean
cd /ports/www/p5-Template-Toolkit && make install clean
cd /usr/ports/www/squid && make install clean
options for Squid are: SQUID_AUFS / SQUID_COSS / SQUID_LARGEFILE
Add a line to /etc/rc.conf
squid_enable="YES"
Make a backup of the original squid.conf.
cd /usr/local/etc/squid/
mv squid.conf squid.conf.orig
Replace the configuration file with an optimized configuration and add the block list squid-block.acl. You may find the squid configuration files provided by Jondos GmbH in the mix source code, subdirectory misc/FreeBSD/ of the mix source code. There are two squid.conf templates: one template for free services and one for premium services. Choose the suitable template and replace all occurrences of [% extIP %] by the external IP address of your server. You may use tpage from the Perl Template Toolkit for this job. In the example the template for free services is used and the external IP address is 123.123.123.123. Alternatively you may do this job by hand.
cd /home/mix/stable/misc/FreeBSD
tpage --define extIP=123.123.123.123 squid.conf.free.template > /usr/local/etc/squid/squid.conf
cp squid-block.acl /usr/local/etc/squid/
touch /etc/squid/squid-block.acl.local
If you were using an editor and apply the changes by hand, you have to change the following lines in /usr/local/etc/squid/squid.conf:
line 9: acl localhost src 123.123.123.123
line 12: acl to_localhost dst 123.123.123.123
Local extensions of the blocklist: If you extended the squid-blocklist.acl for your mix, please use the file /etc/squid/squid-blocklist.acl.local. It will not be overwritten by updates of the JonDonym blocklist. At least you have to create an empty file because it will included in squid.conf. For local blocked websites a special error message will be displayed to the user. It gives the information about possible access to the website by other cascades.
Error messages: The Squid configuration provided by JonDos GmbH replace the default error messages of Squid by special pages for JonDonym. The HTML pages are part of the mix source. You will find it in the subdirectory misc/squid-messages. Because some error pages are added, you have to use these messages. If you did not checkout the mix sources to the directory /home/mix/stable you have to edit your squid.conf. The value of error_directory has to point to the error message directory.
error_directory /home/mix/stable/misc/squid-messages
Afterward create the cache directories and wait, until the cache is created....
squid -z -d -3
... and start the squid proxy.
/usr/local/etc/rc.d/squid start
... and check if squid is working.
http_proxy=http://127.0.0.1:3128; lynx http://www.anonymous-proxy-servers.net
Updating the JonDonym blocklist
Time by time the JonDonym blocklist will be updated. You will receive a notice by the mix operator mailing list.
cd /home/mix/stable
svn update
cp -f misc/FreeBSD/squid-block.acl /usr/local/etc/squid/squid-block.acl
/usr/local/etc/rc.d/squid reload
The Dante SOCKS proxy can be installed from the ports tree.
cd /usr/ports/net/dante && make install clean
Add a line to /etc/rc.conf
sockd_enable=“YES“
Keep a copy of the original sockd.conf.
cd /usr/local/etc/
mv sockd.conf sockd.conf.orig
Install the configuration file sockd.conf provided by JonDos GmbH. It contains the JonDonym block list and blocks port 25. You will find the sample configuration file in the subdirectory misc/FreeBSD/ of the mix source code. Replace all occurrence of [% extIP %] by the extern IP address of your server. You may use tpage from the Perl Template Toolkit for this job. In the example the extern IP address is 123.123.123.123. Alternatively you may do this job by hand.
cd /home/mix/stable/misc/FreeBSD
tpage --define extIP=123.123.123.123 sockd.conf.template > /usr/local/etc/sockd.conf
And now start the Dante SOCKS proxy.
/usr/local/etc/rc.d/sockd start
Updating the JonDonym blocklist
If an update of the Jondonym blocklist is necessary the configuration sockd.conf must be renewed as well:
cd /home/mix/stable
svn update
cd misc/FreeBSD
tpage --define extIP=123.123.123.123 sockd.conf.template > /usr/local/etc/sockd.conf
/usr/local/etc/rc.d/sockd restart
