How To: Configure Squid Proxy Server
by K U L B I R S A I NI in A D M I NI S T R A T I O N, C O NF I G U R A T I O N, H O W T O , I NS T A L L A T I O N, P R O X Y S ER V ER , S ER V ER , S Q U I D


P OP U LAR P OST S How To: Install ATI C atalyst (fglrx) Drivers How To: C onfigure VNC Server Fedora 12 ATI C atalyst Drivers How To: C onfigure Squid Proxy Server R EC ENT C OM M ENTS Sandcaster on How To: Recover Deleted Files in Linux Using Photorec vaibhav on How To: FAVOR IT E LIN K S


open in browser customize

free license


The machines on your network are using 192.168.com .0. When you want to have control on what people browse on your lan.0.1 XV22 on How To: Install ATI C atalyst (fglrx) Drivers T AG C FAVOR IT E LIN K S C ache Youtube Videos Best Web Hosting S EAR C H FEDOR A Search S P ON SOR S Exchange Hosting C heap Hosting ATI Drivers Beta LOU D ATI Radeon ATI Radeon Drivers Bash Catalyst Caching Command C rash DEB Features Fedora 12 Mission To configure squid for simple proxying without caching anything.3 on C entOS 5.1 or RHEL 5.0/16 as the local network.1 Mayur Pipaliya on How To: Install PHP 5. You have a machine connected directly to internet that you are going to use as a proxy server for other machines on your network. The local IP address of the machine which will run squid proxy server open in browser customize free license pdfcrowd. 3. 2. When you want to help this holy world in saving some IPV4 addresses FAVOR IT E LIN K S Review Linux Tux Machines Ubuntu Guides and Tutorials UnixMen A R C HIVES Select Month C AT EGOR IES Administration (5) Adobe (1) AMD (11) ATI (12) Beryl (1) Bug (9) C ompiz (5) C onfiguration (26) Drivers (20) fglrx Font Funny Graphics Card Humour IMAP Indic Fonts Instant Messaging Javascript Level One Library Linux Graphics Drivers Live C D Mail Filter Microsoft MSN Padma Python Ralink Plugin Release RPM RT2500 Screenshots Assumptions 1. 2. Use Cases 1. You can use anyone/multiple address spaces of the available but for this howto we assume 192.vaibhav on How To: C onfigure Squid Proxy Server Mayur Pipaliya on How To: Install PHP 5. S Script Search Engine Spicebird Streaming Tips Tricks Windows WNC 0301 Yahoo Yahoo Meme MA RC H 2011 M T W T F S 3.3 on C entOS 5.168.0/16 as private address space.1 or RHEL 5. When number of machine is more than the number of IP addresses you can afford to buy.

0.204.0/0. Open /etc/squid/squid.0. you need to set access control in squid configuration file which resides in /etc/squid by default.168. 0 20% 4320 # Access control list to control every IP address acl all src 0.0.0. then it must not be cached acl QUERY urlpath_regex cgi­bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache # Absolute path to squid access log. You can have any IP. After installing squid.168. but for this howto we assume this.36.0 # Access control list for source machine in LAN acl lan_src src 192. squid should not check with neighbours'/parents' cache # and should go to target web-server.0/16 # Access control list for destination machine in LAN acl lan_dst dst 192.0/16 # Access control list to manage squid cache acl manager proto cache_object Games (1) Git (2) GNOME (4) Google (8) Graphics (16) Grub (2) GSOC (5) GTalk (3) Hacks (35) Hardware (24) Hard Disk (2) Motherboard (1) Wireless (8) HowTo (41) Installation (26) IntelligentMirror (5) Internet (20) Java (2) KDE (3) Kernel (10) Kopete (3) open in browser customize free license pdfcrowd.com .log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . access_log /var/log/squid/access. Drivers (20) Drupal (1) Eclipse (5) Email C lient (7) Fedora (26) FFMPEG (1) Firefox (5) Extensions (4) Fonts (4) FTP (2) Gaim (2) 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 « F EB # The port on which squid will listen for requests http_port 8080 # If 'cgi-bin' or '?' is in query.0.conf and add/edit following lines according to your preferences.0. you can add the rest. How to proceed First of all ensure that you have squid installed.168. hierarchy_stoplist cgi­bin ? # If url contains 'cgi-bin' or '?'.1 7 8 2 9 3 4 5 6 is 192. Few lines already exist in the configuration file.

0/8 # Access control list to define Safe ports that should be allowed by default acl SSL_ports port 443 563 1863 5190 5222 5050 6667 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025­65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Allow cache management only from localhost http_access allow manager localhost # Deny cache management from remote hosts http_access deny manager # Deny http access via all the ports which are not listed as safe http_access deny !Safe_ports # Deny all connections via all ports which are not listed as safe http_access deny CONNECT !SSL_ports # Allow http access from localhost http_access allow localhost # Allow http access from machines on LAN http_access allow lan_src http_access deny all http_reply_access allow all icp_access allow all # Deny caching for everyone so that there is not caching at all cache deny all LAMP (4) Laptop (1) Linux (45) Messenger (3) MySQL (1) Ndiswrapper (2) News (20) NVIDIA (4) Open Source (12) PHP (7) Programming (15) Python (5) Rails (1) Remote Desktop (4) Review (7) Ruby (1) Screenshot (15) Security (4) Server (20) Apache (4) FTP Server (1) Nameserver (1) Proxy Server (11) Shell (6) Sound (1) Spam (2) Squid (10) SSH (1) Themes (2) Tips – Tricks (29) Twitter (2) open in browser customize free license pdfcrowd.0.0.com .Kopete (3) # Access control list to define IP address allowed for source localhost acl localhost src 127.255 # Access control list to define IP addresses allowed for localhost as destination acl to_localhost dst

oscar.255.aol.12.messaging.co.com acl AIM_hosts dstdomain login.0/255.blue.Twitter (2) coredump_dir /var/spool/squid Video (1) # Never allow direct connection to machines on the internet Virtualization (2) prefer_direct off VNC Server (2) never_direct allow all VNC Viewer (3) # Allow direct connetion if the destination machine is on LAN Wordpress (4) always_direct allow lan_dst Memepress (3) # Delete this line if you don't have /etc/hosts file Xorg (9) hosts_file /etc/hosts # Allow AIM connections Yum (1) # Delete the following 9 lines if you don't want people to connect to AIM acl AIM_ports port 5190 9898 6667 acl AIM_domains dstdomain .jp acl YIM_hosts dstdomain scs.google.aol.msg.aim.com cs.com toc.com login.glogin.com .aol.0.co.oscar.com .com acl GTALK_methods method CONNECT http_access allow GTALK_methods GTALK_ports GTALK_hosts open in browser customize free license pdfcrowd.yahoo.net acl AIM_domains dstdomain .0 acl AIM_methods method CONNECT http_access allow AIM_methods AIM_ports AIM_nets http_access allow AIM_methods AIM_ports AIM_hosts http_access allow AIM_methods AIM_ports AIM_domains # Allow connections to Yahoo Messenger # Delete the following 6 lines if you don't want people to connect to Yahoo Messenger acl YIM_ports port 5050 acl YIM_domains dstdomain .net acl AIM_nets dst 64.google.aol.yahoo.freenode.com irc.oscar.com .messaging.com acl GTALK_hosts dstdomain talk.com .aol.yahoo.freenode.yahoo.com .aol.0.jp acl YIM_methods method CONNECT http_access allow YIM_methods YIM_ports YIM_hosts http_access allow YIM_methods YIM_ports YIM_domains # Allow connections to Google Talk # Delete the following 6 lines if you don't want people to connect to Google Talk acl GTALK_ports port 5222 5050 acl GTALK_domains dstdomain .

168.msft. export http_proxy='http://192.0/255.36.com acl MSN_nets dst 207. wget etc.microsoft.255. Users can also add these lines to ~/. can be asked to use proxy by exporting http_proxy variable as below.204:8080' open in browser customize free license pdfcrowd.bashrc file to avoid exporting every-time.com .hotmail.168.com .net .36.111. lynx.http_access allow GTALK_methods GTALK_ports GTALK_domains # Allow connections to MSN # Delete the following 6 lines if you don't want people to connect to Google Talk acl MSN_ports port 1863 443 1503 acl MSN_domains dstdomain .168.com acl MSN_hosts dstdomain messenger. execute the following command chkconfig ­­level 345 squid on You have a squid proxy server running now. You can ask clients to configure there browsers to use 192. start the squid proxy server as service squid start Also.204 as a proxy server with 8080 as proxy port. yum.46.passport.204:8080' export ftp_proxy='http://192.com .hotmail.live.com .com .msn.36.0 acl MSN_methods method CONNECT http_access allow MSN_methods MSN_ports MSN_hosts Now. if you want squid to be started every time you boot the machine.255. Command line utilities like elinks.

[amazon-product alink="0000FF" bordercolor="000000" height="240"]0596001622[/amazon-product] open in browser customize free license pdfcrowd.com .I highly recommend the book “Squid: The Definitive Guide (Paperback)” for further reading.

Traffic Monitoring { 1 trackback } A problen with iptables and proxy server July 1.1) IntelligentMirror: RPM and DEB Caching Improved (0.4) IntelligentMirror: Available for Testing Tagged as: Caching.0. 2010 at 1:57 PM { 56 comments… read them below or add one } ← P R EV I O U S C O M M ENT S open in browser customize free license pdfcrowd.5) How To: Configure Caching Nameserver (named) IntelligentMirror Gets Even More Intelligent (1.com .Related Posts IntelligentMirror: RPM and DEB Caching Improved (0.

0.0 gateway=172.peyank April 27.10 mask=255.1 open in browser customize free license pdfcrowd. gateway= 172. Network configuration scenario: Router-> proxy server-> switch -> clients(LAN) where Router = 172. May 2010 at 5:09 PM 1 how to cache for dinamic content like video from youtube R EP LY Adnan Hi .0.2 mask=255.1 Porxy server: eth0: ip= clients: ip= 172.1 mask=255.15.0.com . 2010 at 11:13 AM 2 i have configured squid proxy server with two NIC in fedora gateway= 172.255.1 eth1: ip= 172.

1 port number= 8080 iptables: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended.ESTABLISHED.1.proxy ip address= 172. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT – [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A INPUT -m state –state ESTABLISHED. Did I miss something or wrong config? any idea? thanks R EP LY Kennedy Mwanza open in browser customize free license September 19.RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT -A INPUT -j REJECT –reject-with icmp-host-prohibited -A FORWARD -j REJECT –reject-with icmp-host-prohibited -A RH-Firewall-1-INPUT -m state –state NEW. 2010 at 2:03 PM 3 pdfcrowd.com .16.RELATED m tcp -p tcp –dport 8080 -j ACCEPT COMMIT my problem is that i cannot open websites from Client.

December 21. kindly note we are using squid 2.How can I use a Proxy server to connect other people world wide with my internet connection on my ubuntu lucid 10. PARASHURAM R EP LY vaibhav Dear all. R EP LY Parashuram hello. 2011 at 1:02 PM 5 solution required for (104) connection reset by peer .04 server. February 23.5 stable1 Vaibhav open in browser customize free license pdfcrowd. how do i do it??? I want to setup this configuration on blackfin BF537 STAMP BOARD… HOW TO DO THIS ANY HELP WILL BE GREATLY APPRICIATED THANKS.com .. 2010 at 5:07 AM 4 My requirment is to use squid proxy for wireless sensor nodes. here squid should collect data from wireless sensor nodes and store it in cache and provide it to external internet world when requested.

R EP LY ← P R EV I O U S C O M M ENT S Leave a Comment Name * E-mail * Website You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped=""> Notify me of followup comments via e-mail Submit open in browser customize free license pdfcrowd.com .

The Fedora logo is used by permission. the Fedora logo. All the articles on this blog are licensed under a Creative Commons Attribution-Share Alike 3.0 License.com . open in browser customize free license pdfcrowd. Inc. Fedora Project and Red Hat are trademarks of Red Hat.P R EVI O U S P O ST : How To: Write Custom Redirector or Rewritor Plugin For Squid in Python NEX T P O S T : Review: Spicebird – A Collaboration Platform Fedora.