How to Install and Configure Squid Proxy Server on Fedora 16

Squid service plays two main roles which mainly act as a caching proxy server between the user and the web. Second role, squid also regularly used as a content accelerator, or reverse proxy, intercepting requests to a server and using a cached version of the page to serve the request. Follow the following steps to install and configure squid 3.2 proxy server on fedora 16.

1. Install Squid proxy using yum command.

[root@fedora16 ~]# yum install squid -y

Examples :

[root@fedora16 ~]# yum install squid -y
Fedora16-Repository                                                          | 3.7 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.i686 7:3.2.0.16-1.fc16 will be installed
--> Processing Dependency: libecap.so.2 for package: 7:squid-3.2.0.16-1.fc16.i686
--> Running transaction check
---> Package libecap.i686 0:0.2.0-2.fc16 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package              Arch              Version                          Repository            Size
====================================================================================================
Installing:
 squid                i686              7:3.2.0.16-1.fc16                updates              2.3 M
Installing for dependencies:
 libecap              i686              0.2.0-2.fc16                     updates               18 k

Transaction Summary
====================================================================================================
Install       2 Packages

Total download size: 2.3 M
Installed size: 7.7 M
Downloading Packages:
(1/2): libecap-0.2.0-2.fc16.i686.rpm                                         |  18 kB     00:00
(2/2): squid-3.2.0.16-1.fc16.i686.rpm                                        | 2.3 MB     00:27
----------------------------------------------------------------------------------------------------
Total                                                                81 kB/s | 2.3 MB     00:28
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : libecap-0.2.0-2.fc16.i686                                                        1/2
  Installing : 7:squid-3.2.0.16-1.fc16.i686                                                     2/2

Installed:
  squid.i686 7:3.2.0.16-1.fc16

Dependency Installed:
  libecap.i686 0:0.2.0-2.fc16

Complete!

2. Configure server hosts file :

[root@fedora16 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.47   fedora16.ehowstuff.local

3. Configure main squid configuration file. Use vi to edit.

[root@fedora16 ~]# vi /etc/squid/squid.conf

3.1 Add your internal network name into the IP networks list where browsing should be allowed. In this example, your internal network name is ehowstuff.

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

Add acl for ehowstuff network as below :

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl ehowstuff src 192.168.1.0/24        # ehowstuff network

3.2 Add ehowstuff network in the ACL section list IP networks where browsing should be allowed :

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

Add ehowstuff to http_access allow as below :

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
http_access allow ehowstuff

3.3 Make sure squid proxy port is uncomment. normal Squid port listed to port 3128. You can change the proxy port to any available port. As an example, other available port is 8080.

# Squid normally listens to port 3128
http_port 3128

4. Configure auto start at boot for squid service :

[root@fedora16 ~]# chkconfig squid on

5. Start and Stop Squid service :
Start Squid Service :

[root@fedora16 ~]# service squid restart
Redirecting to /bin/systemctl  restart squid.service

Stop Squid Service :

[root@fedora16 ~]# service squid stop
Redirecting to /bin/systemctl  stop squid.service

6. Add Squid port to by pass in iptables firewall. Alternativelym, you can disabled the iptables, but it is recommended to implement iptables on server.

[root@fedora16 ~]# service iptables stop
Redirecting to /bin/systemctl  stop iptables.service
[root@fedora16 ~]# service ip6tables stop
Redirecting to /bin/systemctl  stop ip6tables.service

7.Client browser configuration should be as below :
squid

See also  How to Install CentOS 5.7 Server Part 1

Full Squid 3 Configuration :

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl ehowstuff src 192.168.1.0/24        # ehowstuff network

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
http_access allow ehowstuff

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320



How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

Leave a Reply

Your email address will not be published. Required fields are marked *