Squid Caching webserver for your office
Following is the details of my setup:
eth0(External Interface):
IP: 192.168.1.2
Gateway: 192.168.1.1

eth1(Local Interface)
IP: 192.168.222.5

Downloading squid
You can compile squid from the source file or you can use rpm for your CentOS distribution

cd /usr/local/src/
wget http://people.redhat.com/jskala/squid/squid-3.0.STABLE13-1.el5/i386/squid-3.0.STABLE13-1.el5.i386.rpm
rpm -Uvh squid-3.0.STABLE13-1.el5.i386.rpm

You have to edit squid.conf file as per your needs:
Following is the basic configuration:

vi /etc/squid/squid.conf
visible_hostname hostname
http_port 3128 transparent
 
acl home src 192.168.222.0/24
http_access allow home

If you want to block some sites then

acl home src 192.168.222.0/24
acl bansites url_regex "/etc/squid/bannedsites"
http_access deny home bansites
http_access allow home

Creating special user you will have all the rights

acl poweruser arp "/etc/squid/poweruser"
acl home src 192.168.222.0/24
acl bansites url_regex "/etc/squid/bannedsites"
http_access allow poweruser
http_access deny home bansites
http_access allow home

Preparing iptables for Nating as well as squid server

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 3128
iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80
service iptables save
service iptables restart

Thats it now you have the squid proxy server at your office. Enjoy!

Squid setup
Tagged on:     

2 thoughts on “Squid setup

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recommend on Google