Configuring the Squid Proxy Server

We explain how to setup and use the Squid proxy server on one server connected to the Internet and provides connection to other nodes.

Linux has always been appreciated as a trustworthy and not-so-resource-hungry Proxy Server. In

PCQLinux 8.0 like in the previous years, we use SQUID as a proxy server. The physical setup is of one server connected to the Internet, which runs squid, and provides connection to other nodes.

Installing Squid

If you have chosen the Gateway server installation, Squid is installed by default. Else installing Squid is a matter of installing the RPM named squid-2.4.STABLE7-4.i386.rpm found in PCQuest/RPMS directory on PCQLinux CD-1. Install this by issuing the following.

#rpm -ivh squid-2.4.STABLE7-4.i386.rpm

or by using Webmin

If you have chosen the Gateway Server install option, Squid is installed with a minimal setup.

Configuring Squid

To configure Squid, just login to Webmin, and choose the server icon on the top of the home page. Click on the Squid Proxy Server icon in the servers page that opens up (you will find the icon on the last line, and may have to scroll down). Now, select the Ports and Networking option. This shows you a form from where you can change the port and access control configuration. By default, Squid accepts HTTP requests on port 3128. If you want to change this (to say 8000), you can modify the port number by moving the radio button selection to “listed below” and giving the port number in the “Port” field. If the proxy server has more than one network interface ( and hence more than one IP address), selecting “All” in “Host name /IP address” to allow users to access the proxy through all the interfaces. If you want to restrict clients to specific IP addresses, deselect all, and enter the IP address you want them to connect to in the field provided. If you do not want to allow all machines on the network to connect to the Internet through the proxy server, then, you select “access control”, and click on “all”, under access control list /name. Here enter the IP address range that are to be allowed. (remember that these are IP addresses to be allowed access, not denied access). If you have more than two ranges to be specified, then fill in the first two, save, and click on “all” again to fill in the next range. To start the proxy server, simply click the Start Squid option in the top left of the Webmin tool bar. The server will be up and running immediately. In case you wish to start SQUID through the command line apply the following.

#service squid start

New ACLS can also be entered, or existing ones modified. You can also change the priority of application of a control rule, that is which rule should come first, and which should come next.

Cache Option

Squid is a caching proxy server. That is, it uses object caching, which is a way to store requested Internet objects on a system closer to the requesting site than to the source. Web browsers can then use the local Squid cache as a HTTP cache, reducing access time as well as bandwidth consumption. To manage Caching of your Squid Server, go to the “Cache Option” in the Proxy Configuration page. Here you can specify the directory where the cache will be stored and specify the size of the directory. The default size is 100MB. You can also create multiple cache directories to spread the cache among different disk partitions. The “Directory” is the top level directory which by default can have 16 1st level directories and 256 2nd level directories.

Configuring Clients

To use the proxy server, users on your network need to fill in the IP address of the machine running Squid and the port number you specified in the proxy configuration, of their browser. For example, on Windows machines running Internet Explorer, go to Tools>Internet Options, and select the Connections tab. Click the LAN Settings button to open a new dialog box. Turn the “Use a proxy server…” checkbox and fill in the IP address of the machine running SQUID as well as the port on which it is running in the boxes provided.

Anindya Roy