Networks Bandwidth Managment is one of the most common tasks that network administrators do on a daily basis. A major part of this exercise is to block access to websites that chew up your precious Internet bandwidth – YouTube, various social networking sites, p2p sites etc. You can save a lot of bandwidth simply by blocking these websites. It has been released under GNU General Public License and is freely available. Being a proxy server, it stores frequently accessed pages in a local cache to improve the response time of fetching those web pages and conserving bandwidth in the process. You can even create specific rules to restrict Internet usage, block specific ports, and much more. We have already listed 12 free and open source bandwidth management tools, and now to make your exercise easier, comes up with hands on of Squid, hope this will help you!
Squid Installation and Configuration
It can be installed on an ordinary desktop machine with two network interface cards, one for connecting to your LAN, and the other to connect to your internet router. We installed Fedora on this machine, but you’re free to use another Linux distro of your choice. In our case, we called the WAN facing network adapter eth0 and the LAN facing one as eth1.
Step 1: First configure the two network cards. From the desktop, simply click on System>Preferences>Network Connection, select eth1 and click on ‘Edit’ and then click on ‘IPv4 Settings’.
Step 2: From the drop-down select, choose ‘Shared to other computers’ and apply changes. Now check the connectivity on the user machine. If you are connected then check the IP address and gateway address and note them down.
Step 3: To install Squid we need to log in as a root user. So open the Terminal and follow the commands below:
# su —c “vim /etc/pam.d/gdm”
Now press “e” to edit the file.
Next, comment the following line by putting a hash in front of it as follows:
# 'auth required pam_succeed_if.so user !=root quiet' by putting a hash before it.
Step 4: Save the file and repeat the above steps for “/etc/pam.d/gdm-password”. Save this file and log out and re-login as root.
Step 5: Now install Squid. Open the terminal and enter the following command:
yum install squid
Step 6: Next you need to configure to block websites. For this, open the squid.conf file from ‘/etc/squid/squid.conf’. We would advise you to make a copy of this file to some other location, in case something goes wrong.
Step 7: Open the Squid config file, Squid proxy server by default uses port 3128. To choose another port locate the line http_port 3128 and modify it. Though it listens on all the ports, but for security reasons, it is better to put it on your local network. For doing that modify it as follows:
http_port 10.42.43.1:3128 (here 10.42.43.1 is the IP address of eth1)
Now we will try to block the websites by making some changes in the squid.conf file. Before you go ahead we just want to tell you that the commands you will be entering in the squid.conf file cannot be entered anywhere. There is a specific location where you can enter different commands. Otherwise, you will get errors. Following are the steps:
Step 1: Create a new file by the name “block-websites.squid” (you can choose any name but with .squid at the end) at “etc/squid”
Step 2: Enter the names of the websites that you want to block. In our test, we tried to block yahoomail.com, Facebook, Google. You need to enter them in the following format:
Save the file after entering the sites you want to block.
Step 3: Now open the etc/squid/squid.conf file
Step 4: Look for “acl CONNECT method CONNECT” and below that type in acl bad_url dstdomain “/etc/squid/block-websites.squid”
Step 5: To deny the access look for “http_access deny manager” and type in “http_access deny bad_url”
Now save the file and exit. Reload the squid file from terminal using command “/etc/init.d/squid reload” and after that restart the squid service using command “service squid restart”
Finally, you need to make some changes in user machine to let it browse through the implemented proxy. To do so open default browser window. Click on ‘Tools>Internet Options’ and then click on ‘Connections’ tab. Under Local Area Network (LAN) Settings click on ‘LAN settings’ and then put a check mark in front of ‘Use a proxy server for your LAN’ and put the IP address of and port number of eth1. Now try to open the websites that you blocked and if everything has been configured correctly, you won’t be able to access any of them.