Installing SQUID Proxy Server on Ubuntu and CentOS/RedHat

What is Squid?
 
Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other computer network lookups for a group of people sharing network resources, to aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols like TLS, SSL, Internet Gopher and HTTPS. Squid was originally developed by Duane Wessels as the Harvest object cache, part of the Harvest project at the University of Colorado at Boulder. Further work on it was completed at the University of California, San DiegoNational Science Foundation. Squid is now developed almost exclusively through volunteer efforts. and funded via two grants from the rom the National Science Foundation. Squid is now developed almost exclusively through volunteer efforts. Squid is primarily designed to run on Unix-like systems but it also runs on Windows-based systems. It is released under the GNU General Public License.

Installing SQUID Proxy Server on Ubuntu

Installing squid and squid-common packages :
Code: 
sudo aptitude install squid squid-common

Open Squid’s configuration file foe editing :

Code: 
sudo gedit /etc/squid/squid.conf
http_access allow internal_network
Code: 
acl internal_network src x.x.x.x/x

In the above command, x.x.x.x = your IP address /x will be your subnet. Example : 192.168.0.0/24 or 192.168.10.0/16

Give appropriate permissions :

Code: 
sudo chown -R proxy:proxy /var/log/squid/
sudo chown proxy:proxy /etc/squid/squid.conf

Restart squid :

Code: 
sudo /etc/init.d/squid restart

Set your proxy to point your new squid server on port 3128 from your web browser.

If you want to setup authentication with your proxy server you will need apache2 utilities.

Code: 
sudo aptitude install squid squid-common apache2-utils

Add your first user :

Code: 
sudo htpasswd -c /etc/squid.passwd username1

For adding more users use :

Code: 
sudo htpasswd /etc/squid.passwd username2

Edit your squid configuration file :

Code: 
sudo gedit /etc/squid/squid.conf

Now set Access Control List [acl] and authentication parameters :

Code: 
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic realm NFYE Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive off
acl users proxy_auth REQUIRED
acl sectionx proxy_auth REQUIRED
http_access allow users

You squid configuration [squid.conf] file should look like this :

Code: 
acl all src 0.0.0.0/0.0.0.0
acl internal_network src 192.168.0.0/24
acl users proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl sectionx proxy_auth REQUIRED
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow users
http_access allow internal_network
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all

You can redirect all the http traffic through proxy server.
All the application needs to manually setup for the proxy. But if you
want to avoid this you can set rules in iptables file :

Code: 
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Here eth0 is your LAN device and eth1 is your WANT device while 192.168.0.1 is your LAN IP [IP of eth0]

You can change the configuration file as per your requirement.

Installing SQUID on CentOS/RedHat

Installing squid package :

Code: 
# yum install squid

Configuring Squid :

Code: 
# su
# vi /etc/squid/squid.conf

Define atleast one ACL for squid on its default port 3128

Code: 
acl our_networks src x.x.x.x/x
http_access allow our_networks

Again x.x.x.x = IP and /x = subnet

Save the squid configuration file close it and start squid :

Code: 
# chkconfig squid on
# /etc/init.d/squid start

Make sure port number 3128 is open :

Code: 
netstat -tulpn | grep 3128

Edit you iptables so that it allows access to your squid :

Code: 
# vi /etc/sysconfig/iptables

Using vi editor for the configuration :

Code: 
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT

Restart iptables for changes to take effect :

Code: 
# /etc/init.d/iptables restart

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here