by October 7, 2010 0 comments









This is an old article. You may want to read its latest coverage here.

L icensed under GNU GPL, Squid is one of the most popular Open Source web proxy that runs on all operating systems. Squid is a

[image_library_tag 678/67678, align=”right” border=”0″ height=”177″ hspace=”4″ vspace=”4″ width=”200″ ,default]

caching proxy that supports HTTP, HTTPS, FTP and other protocols. By caching frequently used pages locally it reduces bandwidth bottleneck thus improving response time for users. One can also create rules in Squid proxy which allows only defined users to access Internet.

 

Installation and configuration

[image_library_tag 679/67679, align=”right” border=”0″ height=”325″ hspace=”4″ vspace=”4″ width=”350″ ,default]

Before one can use Squid we need to install it and make traffic on WAN to flow through it. In our sample installation, we took a machine with two network cards (that would act as a gateway). On this we installed Ubuntu 10.04 that can be installed from last month's PCQuest DVD or one can download it from http://www.ubuntu.com/desktop/get-ubuntu/download (in this implementation we used a 32-bit desktop version). Once you have installed Ubuntu on your machine, the next step is to make traffic flow through it. As we have a machine with two network adapters (eth0 and eth1) we would be using one as WAN (eth0) port and other as LAN (eth1). Simply connect eth0 to your router and eth1 to the switch from which all the local machines would be connected. From the desktop of Ubuntu click on System>Preferences>Network Connection, select eth1 and click on 'Edit' and then click on 'IPv4 Settings'. From the Method drop down select 'Shared to other computers' and apply changes. Connect a machine to the switch and check if you are able to connect to Internet if yes then check for IP address and gateway address, and note down the gateway address (10.42.43.1 in our case). Once this setup is ready we can move ahead and install and configure Squid. First we need to login as root so that we can modify the Squid configuration file. By default one cannot login as root in Ubuntu or other Linux distributions due to security policies. So once you are logged in as normal user, open terminal by clicking on Applications>Accessories>Terminal and add the following command to it:

 

sudo passwd

[image_library_tag 679/67679, align=”right” border=”0″ height=”210″ hspace=”4″ vspace=”4″ width=”480″ ,default]

You would be asked for your username and password and then you can set the root password.
Logout and then login with root as username and password that you have just configured. Now that you are logged in as root, let's install Squid. Simply open the terminal and type the following commands:

 

sudo aptitude install squid
This would install Squid on the machine. The next important task is to configure it. Open configuration file from '/etc/squid/squid.conf.' We would suggest you to keep a copy of original file in case you mess up with the settings. Open 'squid.conf' file in editor and make changes as mentioned below. Let's start by making Squid aware about name of the machine. Now, locate the line with 'visible_hostname' in it and change it to

visible_hostname squid
The proxy server will use port 3128. To choose another port, locate the line
http_port 3128
and modify it. By default the proxy server will listen on all interfaces. For security reasons, it is better to put it on your local network only as shown below. Here 10.42.43.1 is the IP address of eth1.
http_port 10.42.43.1:3128
Nobody is allowed to connect to the proxy server. Find the line beginning with 'acl localhost.' At the end of the section, add:
acl sandeep src 10.42.43.20
For testing purposes, we have allowed only one IP address for Internet connection. Now that the group is defined, we will authorize you to use the proxy. Locate the line 'http_access allow' and add below (before the line http_access deny all):
http_access allow sandeep
Web proxy, as we mentioned earlier, helps in accelerating page access, this is done by caching pages locally. By default caching is enabled in Squid with a cache size of 10 MB. One can modify it to the desired size by locating the line
# cache_dir ufs /var/spool/squid 100 16 256
and replacing it with:
cache_dir ufs /var/spool/squid 1024 16 256
Restart the proxy to apply the modifications you made to 'squid.conf' file:

sudo /etc/init.d/squid restart

Finally one needs to change local machines on LAN to browse through the implemented proxy. To do so open default browser window (we are using Internet Explorer 9). Click on 'Tools>Internet Options' and then click on 'Connections' tab. Under 'Local Area Network (LAN) Settings' click on 'LAN settings' and then put a check mark in front of 'Use a proxy server for your LAN' and put the IP address of and port number of eth1 (10.42.43.1, 3218). Now if you try to access Internet from any IP other than 10.42.43.20 it would not let you connect and throw an error saying connection is denied. Other than limiting traffic based on IP address one can also make users authenticate from Squid proxy plus add time limit for a connection.


No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.