Squid service plays two main roles which mainly act as a caching proxy server between the user and the web. Second role, squid also regularly used as a content accelerator, or reverse proxy, intercepting requests to a server and using a cached version of the page to serve the request. Follow the following steps to install and configure squid 3.2 proxy server on fedora 16.
1. Install Squid proxy using yum command.
[root@fedora16 ~]# yum install squid -y
Examples :
[root@fedora16 ~]# yum install squid -y Fedora16-Repository | 3.7 kB 00:00 ... Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package squid.i686 7:3.2.0.16-1.fc16 will be installed --> Processing Dependency: libecap.so.2 for package: 7:squid-3.2.0.16-1.fc16.i686 --> Running transaction check ---> Package libecap.i686 0:0.2.0-2.fc16 will be installed --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: squid i686 7:3.2.0.16-1.fc16 updates 2.3 M Installing for dependencies: libecap i686 0.2.0-2.fc16 updates 18 k Transaction Summary ==================================================================================================== Install 2 Packages Total download size: 2.3 M Installed size: 7.7 M Downloading Packages: (1/2): libecap-0.2.0-2.fc16.i686.rpm | 18 kB 00:00 (2/2): squid-3.2.0.16-1.fc16.i686.rpm | 2.3 MB 00:27 ---------------------------------------------------------------------------------------------------- Total 81 kB/s | 2.3 MB 00:28 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Installing : libecap-0.2.0-2.fc16.i686 1/2 Installing : 7:squid-3.2.0.16-1.fc16.i686 2/2 Installed: squid.i686 7:3.2.0.16-1.fc16 Dependency Installed: libecap.i686 0:0.2.0-2.fc16 Complete!
2. Configure server hosts file :
[root@fedora16 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.47 fedora16.ehowstuff.local
3. Configure main squid configuration file. Use vi to edit.
[root@fedora16 ~]# vi /etc/squid/squid.conf
3.1 Add your internal network name into the IP networks list where browsing should be allowed. In this example, your internal network name is ehowstuff.
# Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
Add acl for ehowstuff network as below :
# Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl ehowstuff src 192.168.1.0/24 # ehowstuff network
3.2 Add ehowstuff network in the ACL section list IP networks where browsing should be allowed :
# Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost
Add ehowstuff to http_access allow as below :
# Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost http_access allow ehowstuff
3.3 Make sure squid proxy port is uncomment. normal Squid port listed to port 3128. You can change the proxy port to any available port. As an example, other available port is 8080.
# Squid normally listens to port 3128 http_port 3128
4. Configure auto start at boot for squid service :
[root@fedora16 ~]# chkconfig squid on
5. Start and Stop Squid service :
Start Squid Service :
[root@fedora16 ~]# service squid restart Redirecting to /bin/systemctl restart squid.service
Stop Squid Service :
[root@fedora16 ~]# service squid stop Redirecting to /bin/systemctl stop squid.service
6. Add Squid port to by pass in iptables firewall. Alternativelym, you can disabled the iptables, but it is recommended to implement iptables on server.
[root@fedora16 ~]# service iptables stop Redirecting to /bin/systemctl stop iptables.service [root@fedora16 ~]# service ip6tables stop Redirecting to /bin/systemctl stop ip6tables.service
7.Client browser configuration should be as below :
Full Squid 3 Configuration :
# # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl ehowstuff src 192.168.1.0/24 # ehowstuff network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost http_access allow ehowstuff # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320