Sunday, 31 December 2017

https://pi-hole.net/

Pi-hole on Docker

Troubleshooting tips:
1. Custom blocking domain not working from web interface
- cp /etc/.pihole/gravity.sh /opt/pihole/
Some others scripts might need to be copy over.

2.Optimize DNS configuration
- vi /etc/dnsmasq.d/01-pihole.conf

cache-size=10000
local-ttl=300

Saturday, 22 April 2017

Mikrotik Squid Ubuntu

Setup Requirement:

Mikrotik RB
Squid 3.5.12
Ubuntu 16.04 LTS

I am using Mikrotik router as default gateway for more than 5 years.
Due to insufficient bandwidth, an idea to set up Squid 3.5 as local cache to speed things up.

Client -LAN-> Mikrotik -NAT-> WWW
Squid -LAN-> Mikrotik -NAT-> WWW

Squid and client are both on the same LAN segment.

First method : Using NAT *Obsolete since Squid 3.2

Use Mikrotik built in NAT to forward HTTP request (port 80) from clients to Squid proxy.

DO NOT USE first method.

Second method : Using built-in mangle

Use Mikrotik built in mangle to mark www requests from all clients to use route to Squid proxy.

/ip route add check-gateway=ping distance=1 gateway=$your_squid_ip routing-mark=to-ext-proxy
/ip firewall mangle add action=mark-routing chain=prerouting comment="toproxy" dst-port=80 new-routing-mark=to-proxy protocol=tcp src-address=$your_LAN_ip/24

On your Squid server

route add default gateway 192.168.90.1
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s $your_LAN_ip/24 -d 0/0 --dport 80 --to-ports 3128

/etc/squid/squid.conf
http_port 3128 intercept
http_port 8080

Reference:
https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
https://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
http://myconfigure.blogspot.my/2013/03/squid-332-328-example-squidconf.html
http://www.fazar.net/external-proxy-server-mikrotik/