Proxy Server (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey Cybrarians and welcome back to
00:00
the Linux+ course here at Cybrary.
00:00
I'm your instructor Rob Gail and in today's lesson,
00:00
we're going to be discussing proxy servers.
00:00
Upon completion of this lesson,
00:00
you're going to be able to understand why
00:00
proxy servers are used and we're going to
00:00
install the squid proxy server role
00:00
in both CentOS and Ubuntu.
00:00
Proxy servers are anything that really stand between
00:00
a client that is trying to reach a destination server.
00:00
They can be used for a lot of different reasons.
00:00
They can monitor network traffic,
00:00
they can also filter traffic based on content.
00:00
They can block certain websites.
00:00
They can block website access to users.
00:00
They can bypass filters.
00:00
Their traffic appears to be coming from
00:00
another system or network and then finally,
00:00
they can also cache static data to improve performance.
00:00
If you're constantly going out to a website,
00:00
it doesn't make sense to constantly download
00:00
the data when you can cache any kind of
00:00
static data on their website
00:00
and just get it from the proxy server.
00:00
Now there are two different proxy servers in use
00:00
today and they are Squid and the NGINX web server.
00:00
We've looked at the NGINIX web server in
00:00
the previous lessons but it can also
00:00
be used as a filter or a caching web proxy server.
00:00
That is another very common use for NGINIX.
00:00
Today we're going to be working with Squid.
00:00
A proxy server gently
00:00
work on web traffic but they use ports like
00:00
8080 and any non-registered port
00:00
can be used as a proxy port.
00:00
What you'll see in Squid is it actually uses Port 3128.
00:00
With that, let's go ahead and
00:00
install Squid with some demo time.
00:00
Here we are in our demo environment.
00:00
In order to install Squid, we're going to do a DNF
00:00
install Squid on CentOS.
00:00
It's going to give us the option.
00:00
We're going to go ahead and accept all of
00:00
the packages and dependencies that
00:00
>> need to be installed.
00:00
>> There we are. We've installed Squid.
00:00
Now we can clear our screen or hit "Control
00:00
L" just to get some more screen real state back.
00:00
Then in order to get this running,
00:00
we do a system CTL enable dash dash now on Squid,
00:00
the Squid package, and that will start and
00:00
enable Squid at the same time. There we go.
00:00
Now we can check and verify
00:00
that everything is up and running by
00:00
just going back and getting a status on this.
00:00
We see that everything is up and running.
00:00
It's loaded, it's enabled, it's active
00:00
>> and it's running.
00:00
>> Good. Off the races. Not quite.
00:00
What do we need to do now?
00:00
We need to look at the configuration file.
00:00
The configuration file for Squid is
00:00
stored in Etsy Squid, squid.gov.
00:00
If we go in this file, we're going to see
00:00
a bunch of good information in here.
00:00
For our purposes, we're going
00:00
to comment out all these rules and
00:00
just to find our own rule just so
00:00
that we can play around with this and set it up.
00:00
That's a little too far down. Let's go
00:00
back up to the top of the page where we were.
00:00
Apologies. There we go.
00:00
I'm just going to go ahead and comment out all of
00:00
these rules and I'm going to add in my own rule.
00:00
What I'm actually doing here is I'm setting what's
00:00
called an access control list or an ACL.
00:00
I'm going to set up an ACL and I'm going to call this,
00:00
let's call this guy proxy network.
00:00
We're going to give it the network that we have which
00:00
is a 1921681.0/24 network.
00:00
We'll call it that. We can
00:00
leave all these ports. These are fine.
00:00
Down here, let's go ahead and change
00:00
the HTTP access that's allowed or denied.
00:00
What we're going to do here is instead
00:00
of using these options,
00:00
we're going to say that we want to do HTTP
00:00
access allow but only allow it for proxy network.
00:00
Let me grab that.
00:00
I have this shared so we can do this real quickly,
00:00
save ourselves some time and frustration.
00:00
Let's go ahead and comment this out.
00:00
What I'm going to do is comment this one out actually.
00:00
What we're going to do here is paste this
00:00
in and I'm going to comment this one out.
00:00
We'll also comment out the name manager
00:00
and then we should be good to go there.
00:00
Now a couple of other things that we can deal with is,
00:00
we can also configure the proxy to
00:00
hide our internal IP address.
00:00
I'm just going to go ahead and copy
00:00
that in and show you guys here.
00:00
We're going to do that by doing this option.
00:00
We forwarded for off that
00:00
>> hides the internal IP address.
00:00
>> Then I'm also going to go ahead and
00:00
uncomment the line for caching.
00:00
If you want to turn on caching,
00:00
we can do that here by uncommenting
00:00
this line and this will set up
00:00
a cache for the proxy server.
00:00
Now that we've done all that, we can
00:00
go ahead and exit this file.
00:00
We can just save, I'm going to hit "Escape,
00:00
colon WQ" to get out of that because we are in Vim.
00:00
Now what we can do is we can make sure that
00:00
this is ready to go by adding it to the firewall.
00:00
Remember, we always want to
00:00
check and see if a firewall is running.
00:00
Firewall D is used here in CentOS.
00:00
You do a system CTL status,
00:00
firewall D, and you can see that it is running.
00:00
In order to update this,
00:00
we can do a firewall-cmd,
00:00
and then we're going to do a dash, dash add,
00:00
dash service,
00:00
equals Squid because it's
00:00
one of the services it knows about.
00:00
Then we'll do a dash,
00:00
dash permanent because we do want this to
00:00
stick and not get reverted once we reboot.
00:00
We'll do a double ampersand.
00:00
We can do a firewall reload as well.
00:00
With the firewall-cmd dash,
00:00
dash reload and that
00:00
will add the rule and also reload the firewall.
00:00
We can see that it's done so.
00:00
The first success is that the rule's been added,
00:00
the second success message says that that has
00:00
been successfully reloaded in the firewall,
00:00
it has been reloaded with the new rule.
00:00
Now let's take a look at this on our Ubuntu system.
00:00
Here we are on our Ubuntu environment.
00:00
If we're going to be installing this in
00:00
our Ubuntu environment, really know the differences.
00:00
We have to use apt or apt-get.
00:00
We're going to do an app install Squid.
00:00
[NOISE] It'll go ahead and accept that.
00:00
Then we're going to see a bunch of lovely progress
00:00
across the bottom there with
00:00
their nice hash words and a GUI interface.
00:00
Eventually, we're going to get
00:00
back our prompt, and there we are.
00:00
We're going to type clear to clear our screen.
00:00
Now, what we can do is we can do a system CTL.
00:00
Let's just do a system CTL status
00:00
on Squid and look at that.
00:00
It's already running, it's already enabled.
00:00
Because remember when you're using app,
00:00
it takes care a lot of that stuff for you.
00:00
It assumes if you're installing something that can be
00:00
installed and enabled to run and started,
00:00
it'll just take care of that and do it for you.
00:00
But we're not quite ready to go.
00:00
Same thing we have to do as we did before,
00:00
we just have to go in here and do vim Etsy Squid,
00:00
squid.conf, it configure this as well.
00:00
That is a lot more information in here, isn't there?
00:00
Yes, it's a ton of information.
00:00
This is the motif
00:00
you'll actually find whenever
00:00
>> you're working with Ubuntu.
00:00
>> They put a lot of information into
00:00
these [LAUGHTER] configuration files.
00:00
Sometimes a lot more than you need.
00:00
I'm going to use the same trick that
00:00
we used previously when we
00:00
were looking at another one
00:00
>> of these configuration files.
00:00
>> I'm going to copy this configuration file
00:00
into a.bak file.
00:00
Then what I'm going to do is use this bash
00:00
one-liner to make it simpler and easier
00:00
>> to read version.
00:00
>> What I'm actually doing here is I'm using bash and I'm
00:00
telling bash to run the command grep to
00:00
grep and remove anything that starts with
00:00
a pound sign or anything that
00:00
has a semicolon at the beginning of it.
00:00
Then use that, grab that information out of
00:00
that file and then put it back
00:00
into the original.com file.
00:00
Now we go back and we actually do
00:00
a vim Etsy Squid squid.conf.
00:00
That file looks a lot more readable, doesn't it?
00:00
Yes. We would have to do the
00:00
>> same thing that we did here
00:00
>> or in the previous configuration file in CentOS here.
00:00
I'm not going to do that because we've already gone and
00:00
done that on CentOS.
00:00
Just to show you the process,
00:00
if we have that file, we'll reconfigure that file.
00:00
What we would deem to do now is
00:00
actually add it to the firewall here in Ubuntu.
00:00
Remember, Ubuntu uses
00:00
the UFW firewall, the uncomplicated firewall.
00:00
What we do is we tell Ubuntu to use Port 3128,
00:00
that is the port for Squid and that's going to be TCP,
00:00
and then we just a double ampersand.
00:00
You have w enabled.
00:00
Really what it's going to do is it's going to run
00:00
this UFW allow command and then
00:00
provided that that works
00:00
properly which is what double ampersand says,
00:00
it's going to also run and enable the firewall.
00:00
Let's hit "Enter" and we can see the rules are
00:00
updated and the firewall has been reloaded as well.
00:00
But with that, that's really all that we need to
00:00
know about installing Squid.
00:00
With that, we've reached the end of the lesson.
00:00
In this lesson, we covered
00:00
some common use cases for proxy servers and
00:00
we talked about installing
00:00
the squid proxy server on CentOS and Ubuntu.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in our next lesson
00:00
>>
Up Next