Install & Configure Squid Proxy Server on RHEL 5
By errajib
Sure Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.
Commands:
Install Squid on CentOS / RHEL 5
# yum install squid
Output:
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
squid i386 7:2.6.STABLE6-4.el5 updates 1.2 M
Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: squid ######################### [1/1]
Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!
Squid Basic Configuration
Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start
Output:
init_cache_dir /var/spool/squid... Starting squid: . [ OK ]
Verify port 3128 is open:
# netstat -tulpn | grep 3128
Output:
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 20653/(squid)
Open TCP port 3128
Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
Output:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n [ OK ]
Client configuration
Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.
Comments
i want to add gdbm support for squid.....but i am new to the makefile concept can u tell me how should i modify makefile to add squid service
i have fifty PC. and configure squid in rhel 5 .please guide me how will i configure. it is very urgent.
I exactly followed the the 1st 2 steps - until squid service start
But I am facing this error :
init_cache_dir /var/spool/squid... Starting squid: [FAILED]
office to times 9.00am 5.00pm
i have created a squid server but i have problem
that my client machine is window machine and they cannot access outlook express from squid proxy and some file too
Dear Augustine,
Outlook Express cant run under proxy.
To run Outlook Express you have to enter the dns IP of your network. If you don't have any DNS Server, Then make the squid server to act as a DNS Server. Use IPROUTE command.
ples i need a command for downloading and picuture block
Dear Hamidkust,
I cant get u. If u want to download anything from internet then use wget command.
Syntex: -
wget URL
average
A.A
sir i have configure Linux RHEL Server 5.But i need a command to stop the downloading for apply specific group ip address and 2nd I m require to apply user based restriction
Hello Sir,
I want to use outlook with squid proxy... pls help me how to configure.
for outlook you should configure iptables..for port 110 AND 25
if all is runnig fine just problem with outlook use below
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
Want to ask how to make FTP works using SQUID Proxy. I know it is supported by SQUID but mine doesn't work.
OS - CentOS
SQUID Version - squid-2.6.STABLE21-6.el5
I tried other procedure from different forums but fails.
Whenever I visit the FTP website this is what i get:
An FTP protocol error occurred while trying to retrieve the URL: ftp://ftp.software.ibm.com/
Squid sent the following FTP command:
NLST
and then received this reply
Can't build data connection: Connection timed out.Your cache administrator is root
access log:
1293766956.474 59869 192.xx.xx.xx TCP_MISS/000 0 POST http://98.136.49.52/ - DIRECT/98.136.49.52 -
1293766986.962 162577 192.xx.xx.xx TCP_MISS/502 1516 GET ftp://ftp.software.ibm.com/ - DIRECT/170.225.15.40 text/html
If anyone can give the basic/working squid.conf, i would appreciate it.
Thanks
i want to set passwork on proxy server when will be start then ask me passwork how can i set that password
yum install squid
su root
chmod 777 -R /etc/squid
/usr/sbin/squid -z
/sbin/service squid start
Now open the port 3128 :
vi /etc/sysconfig/iptables
append the following after that,
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
save and exit
/sbin/service restart iptables
then proceed with editting the /etc/squid/squid.conf line as mentioned above....
/sbin/service restart squid
HI golu,
It means u r finding for user level authentication.
It is in the squid.conf file.
I am getting TCP_DENIED/403
how to https part forwarding on local ip in redhat 5.
An FTP authentication failure occurred while trying to retrieve the URL: ftp://203.199.17.105/
Squid sent the following FTP command:
PASS and then received this reply
User anonymous cannot log in.
plz give me reply on this e-mail
ermonusingh@gmail.com
Hi Monu,
I think you are asking for FTP authentication problem.
It's not a big deal. You just need to configure transparent transparent proxy with Squid. Read my another blog "Transparent proxy with Squid"
sir please tell me how to apply acl for websites
Hi Abhilash,
Here I am giving some steps and examples to apply acl for website.
Here it follows.........
Squid is also capable of reading files containing lists of web sites and/or domains for use in ACLs. In this example we create to lists in files named /usr/local/etc/allowed-sites.squid and /usr/local/etc/restricted-sites.squid.
# File: /usr/local/etc/allowed-sites.squid
www.openfree.org
linuxhomenetworking.com
# File: /usr/local/etc/restricted-sites.squid
www.porn.com
illegal.com
These can then be used to always block the restricted sites and permit the allowed sites during working hours. This can be illustrated by expanding our previous example slightly.
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
acl GoodSites dstdomain "/usr/local/etc/allowed-sites.squid"
acl BadSites dstdomain "/usr/local/etc/restricted-sites.squid"
#
# Add this at the top of the http_access section of squid.conf
#
http_access deny BadSites
http_access allow home_network business_hours GoodSites
I am enclosing documents pertaining to IOC.
I am enclosing documents pertaining to IOC.
Hi
I Have loded RHEL-4 in my System. Know I want add squid.conf in my
System. Please give steps, how to install squid.cong in RHEL-4 System.
i need this concept more briefly
I NEED CONCEPT MORE BRIEFLY ACCEPT
I have blocked Internet Access on the router for all PC's and use SQUID proxy for redirecting traffic. Only Microsoft outlook dosent seems to work in this config.
can any one help me please?
sandeep 4 years ago
hello sir i want t