Install and configure squid on Centos 6.3 5.9 Redhat RHEL Fedora 17-18

Install and configure squid on Centos 6.3 5.9 Redhat RHEL Fedora 17-18

1. Install squid proxy by yum

[root@localhost ~]# yum install squid
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
* base: mirror-fpt-telecom.fpt.net
* epel: mirrors.ustc.edu.cn
* extras: mirror-fpt-telecom.fpt.net
* rpmforge: mirror-fpt-telecom.fpt.net
* updates: mirror-fpt-telecom.fpt.net
epel/primary_db | 5.0 MB 01:10
extras | 3.5 kB 00:00
rpmforge | 1.9 kB 00:00
updates | 3.5 kB 00:00
updates/primary_db | 5.1 MB 00:25
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package squid.x86_64 7:3.1.10-9.el6_3 will be installed
–> Finished Dependency ResolutionDependencies Resolved=====================================================================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================================================================
Installing:
squid x86_64 7:3.1.10-9.el6_3 updates 1.7 MTransaction Summary
=====================================================================================================================================================================================================
Install 1 Package(s)Total download size: 1.7 M
Installed size: 5.8 M
Is this ok [y/N]: y
Downloading Packages:
squid-3.1.10-9.el6_3.x86_64.rpm | 1.7 MB 00:08
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 7:squid-3.1.10-9.el6_3.x86_64 1/1
Verifying : 7:squid-3.1.10-9.el6_3.x86_64 1/1Installed:
squid.x86_64 7:3.1.10-9.el6_3Complete!
[root@localhost ~]#

2. Configure squid.conf to manage your squid proxy

vi /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl ithelpblog.com src 192.168.0.0/24acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl bannedsites dstdomain .facebook.com .twitter.com .yahoo.com
http_access deny CONNECT bannedsites
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager# Deny requests to certain unsafe ports
http_access deny !Safe_ports# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on “localhost” is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
http_access allow ithelpblog.com
# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 8080

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

forwarded_for off
visible_hostname ithelpblog

3. Start squid proxy

[root@localhost ~]# /etc/init.d/squid start
Starting squid: . [ OK ]
[root@localhost ~]#

4. Use Proxy on Web browser

Use Proxy on Firefox

Use Proxy on IE

 

Now we can use proxy to go to Internet

That’s all. Thanks for using IThelpblog.com.

Tags:  

2 comments to Install and configure squid on Centos 6.3 5.9 Redhat RHEL Fedora 17-18

  • Anthony  says:

    Hello, I would like to seek help from ithelpblog.com.
    I’m done following your instruction on how to setup squid proxy using centos 6.x.x.x

    this are my IP config.

    Eth0: DYNAMIC IP

    Eth1:
    IP: 172.11.1.56
    SM: 255.255.255.0
    GW: 172.11.1.1
    DNS: 172.11.1.56

    this is my squid.conf config file
    #
    # Recommended minimum configuration:
    #
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl localnet src fc00::/7 # RFC 4193 local private network range
    acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl bannedsites dstdomain .facebook.com .twitter.com .yahoo.com
    http_access deny CONNECT bannedsites

    #
    # Recommended minimum Access Permission configuration:
    #
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager

    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports

    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports

    # We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on “localhost” is a local user
    #http_access deny to_localhost

    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #

    # Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost
    #http_access allow ithelpblog.com

    # And finally deny all other access to this proxy
    http_access deny all

    # Squid normally listens to port 3128
    http_port 8080

    # We recommend you to use at least the following line.
    hierarchy_stoplist cgi-bin ?

    # Uncomment and adjust the following to add a disk cache directory.
    #cache_dir ufs /var/spool/squid 100 16 256

    # Leave coredumps in the first cache dir
    coredump_dir /var/spool/squid

    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    refresh_pattern . 0 20% 4320
    forwarded_for off
    visible_hostname ithelpblog

    #http_port 2975
    #visible_hostname some.secure.domain
    #cache_effective_user squid squid
    #acl all src 0.0.0.0/0.0.0.0
    #acl localnet src 192.168.1.0/255.255.255.0
    #http_access allow all
    #header_access Via deny all
    #forwarded-for delete
    #header_access Forwarded-For deny all
    #header_access X-Forwarded-For deny all

    after following your instruction, I try my XP client change the settings of my firefox.

    But nothing happen.

    Pls. Advice what I missing-up my configuration.
    I like your website, following your tutorials.

    Thanks.
    anthony

    • Kevin  says:

      Hi Anthony,

      Can you check from Squid server, you can go to internet or not ?
      And what is your ip in XP ?

      Regards,
      Kevin.Ngo

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>