Linux Squid Proxy Server

Descriptions and Purpose of Lab Exercise Squid is caching proxy server, which improves the bandwidth and the reponse time by caching the recently requested web pages. Now a days many servers in the world are configured with squid in order to provide high delivery speeds to the clients. Configuring the squid in transparent mode, special configuartion is not required on the client side. All the requests originatinating from client and going to internet on port 80 are automatically redirected by proxy. Depending on the requirement we need to configure the squid as transparent or non transparent proxy. This lab aims to enable readers implement a Proxy server in the network so that other users of the LAN can leverage the functionalities of accessing internet through proxy. Prerequisite •Latest version of Squid should be used.(version 2.5 or greater) •A web server for testing purpose which can be used instead of Internet. •Squid Version greater than 2.6 is required for Transparent squid proxy configuartion in this lab. Estimated Completion Time 85 Minutes Lab Setup Reference Diagram

Client PC

Squid Proxy Server NIC1: NIC2:

Webserver/Intern et


It is imperative that you get written permission from the proper authority in your organization before using these tools and techniques and that you advise your facilities network and computer operations teams of your testing schedule.

The information on this site is for educational purposes only. The author of this article and/or C- DAC cannot be held responsible for any act(s) any person(s) has (have) done as a result of reading this article.

Copyright © 2009, Centre for Development of Advanced Computing, Hyderabad

5. one should have a sufficient amount of memory for maintaining the cache which inturn increase the performance.4E. effective bandwidth utilisation etc . Centre for Development of Advanced Computing.12.STABLE6-3. Hyderabad . Now through the command prompt. used by webserver instead of public ip address assigned to that interface. which is a free software released General Public License.rpm Copyright © 2009.5. Squid provides proxy and cache services for Hyper Text Transfer Protocol (HTTP).4E. squid-2. Note: In case if the internet connection is not available.i386. With the increase in internet usage. users are allowed for unlimited access to the resources due to less number of users. One method of overcoming these issues is. So there were less issues related to accessing speed over internet.rpm. and various other protocols.Introduction: ● ● ● ● ● During the period of development of internet. maintaining a copy of webpage visited by a user in the cache so that the other user who visits the same webpage will access the same website with in a short period of time. File Transfer Protocol (FTP). Like for example. This method not only increases the accessing speed but also helps in utilising the bandwidth effectively.rpm. Lab 1: Installing the Squid Proxy (Estimated Completion Time: 10 mins) Download the squid proxy related rpm package from the internet which has an extension . root@boss[~]#rpm -ivh squid-2. go to location where the squid package is present and issue the following command at the command prompt as shown below. The most widely used proxy server in Linux is Squid Proxy.STABLE6-3. The above said functionality. can be achieved by maintaining a proxy server through which all the users in the organisation or a group access the internet.12. setup one host as a web server in place of internet and assign the ipaddress to the proxy server network interface in the network. many issues raised related to accessing speed.i386. To configure a system as a proxy server.

in Note : In the above example.conf file. Providing a name for the proxy server machine. Lab 3: Editing the squid configuration file ( Estimated Completion Time: 15 mins) 1.conf Then the content of the configuration file can be viewed as shown below in the figure.Lab 2: Accessing the Proxy Server configuration file (Estimated Completion Time: 2 mins) To configure squid proxy server we need to edit the /etc/squid/squid.cdac. Copyright © 2009. locate the variable visible_hostname and specifiy the hostname in the format shown below in the example. instead of proxy. To specify a hostname for the proxy server in the squid. Note : To add/ modify data of a configuration file using vi editor window press i to go in to the insert mode and the same can be noticed at the bottom of the vi editor window.conf file varies from distribution to distribution and from version to version. Centre for Development of Advanced Computing. Example: visible_hostname proxy. We can edit the configuration file using vi editor through command prompt.conf file and the default location of squid. Example: root@boss[~]#vi /etc/squid/ specify the hostname of your machine. Hyderabad .

After specifying the access control for your local LAN.168. Example: To allow the above specified access control ( i.0/255. specify the acl as acl mylan src 192. By default. Allow or Deny based on Access Control.2.0 In the above example.0/24 and you want the server to listen for requests from your LAN through a particular port say 3456. locate the acl section in the squid configuration file starting with acl and at the end of the last acl line specify your access control.70 which belongs to the local area network 192. src specifies the source network.60.e acl mylan src 192.70:3456 3. no user machine is allowed to connect to the proxy server except the localhost. we need to provide allow permission for the specified LAN using http_access variable in the squid configuration file as shown in the example below. then change the variable http_port 3128 in the squid configuration file to desired ipaddress and port number in the format shown below. For example to allow local area network 192.60.0/255. we need to specify the http_access variable as Copyright © 2009.255.60. Then in order to make you proxy server to listen for requests from your Local Area Network through aparticular port.255. For Example. Assigning Access Controls By default.60. Specifying the interface and port number on which the proxy server should listen.168.60. 4. http_port <ip address belonging to LAN>:<port number> Example: For example.168.0/24 machines to access your proxy server. mylan specifies the name of my access control.255. We can specify any name other than my lan for access control. Centre for Development of Advanced Computing. the proxy server will listen on all the available network interfaces on the system for requests.255.60.168. Hyderabad .168. if your proxy server has an ip address 192.0). if one interface card is assigned a public ip from which it is connected to internet and the other interface card is assigned an ip address which belongs to your local area network. http_port 192.168. then you can change the variable http_port as shown. To allow the local machines access your proxy server.

reload and force-reload are used to reload the contents of configuration file incase of modifications done to configuration file. Hyderabad . ● Testing the Squid configuartion To test the squid configuration. open a browser in any one of the pc in local area network or on the proxy server and specify the proxy settings as the ipaddress of the proxy server and port on which it is listening for requests. !mylan specifies except mylan network.168. ● Saving the changes and exit the vi Editor After making appropriate changes to your configuration file exit the vi editor window by pressing Esc followed by :wq!.d/squid start ● The other options that can be used instead of start are . Suppose if we want to allow all the networks except the 192. Note: The above specified http_access variable should be specified before the line http_access deny all in the configuration file. For example. in firefox web browser if we want to set the proxy settings in the browser window goto Edit -->Preferences and window similar to shown below will be displayed.0/24 network to access the proxy then we can specify the http_access variable as http_access deny !mylan In the above line.http_access allow mylan Here mylan specifies the access control used. at the command prompt type /etc/init. Start and stop options are used to start and stop services. reload and forcereload.60. Starting the squid proxy services To start the squid proxy services. Copyright © 2009. Centre for Development of Advanced Computing. stop. Here wq specifies save changes and exit the configuration file.

Hyderabad . then click ok to save changes and exit the connection settings window and Preferences window.Now select Advanced tab. Centre for Development of Advanced Computing. and under advanced tab click on Network tab and click on Settings option under Connection field. Copyright © 2009. Then a window similar to the shown below will be displayed. After type some website and check whether you are able to view the webpage.

3. 1.d/iptables restart 4. squid package 2.70:8080 transparent 2. Copyright © 2009. http_port 192.Now on the client side. configure the iptables by issuing the following command at the terminal prompt.To redirect the client requests going to internet on port 80 through the proxy. by typing the following command at the terminal prompt.When proxy authentication is enabled. modify the squid configuartion file as shown below. #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 3. 2.6 or greater is used. #echo 1 |cat >/proc/sys/net/ipv4/ip_forward 5. specify the default gateway ipaddress as the proxy server ip address and do not configure any proxy settings in the client side browser.II ) Configuring squid as a Transparent Proxy Note: To configure squid Proxy as a Transparent Proxy. Transparent Proxy should not be used in the following situation 1.Also enable ip forwarding.When local DNS servers are not available.60. Centre for Development of Advanced Computing. #/etc/init. Hyderabad .When https sites needs to be filtered.Now to try to access the web browser which was setup for testing from the client machine.To Configure Squid proxy as a Transparent proxy.Now restart the squid service by issuing following command at the terminal prompt.168. 6.