Internet Gateway using SQUID Proxy Server
This guide will teach the audience on how to setup a proxy server. This is very useful in sharing the internet access with in the company. Additional benefits are software can be added to the service to perform a content filtering to websites that are not allowed by the company or administration policies viewed select specific IP address that can only access the internet service and more. Network administrators can also control the throughput of the browsing or download speed per network.
For this setup we will need a computer with minimal specification. The most important specifications for this basic setup are 2 Ethernet cards and lots of memory for content filtering in squid proxy server.
Squid Proxy Server Package Installation
Setup the repository
Note: Mirror lists for openbsd
http://www.openbsd.org/ftp.html[mylogin@hostname proxy-server]# export PKG_PATH=ftp://ftp.jp.openbsd.org/pub/OpenBSD/<version>/packages/i386/
[mylogin@hostname proxy-server]# pkg_add squid-<version>.STABLE-snmp
That's it squid proxy server is now installed
Squid Proxy Server Configuration
We need to start squid proxy server automatically every time the server reboot.
[mylogin@hostname proxy-server]# nano /etc/rc.local
# Squid proxy server starts here
if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'; /usr/local/sbin/squid
fi
# Squid proxy server startup end
Execute this command prior to running squid
[mylogin@hostname folder]# /usr/local/sbin/squid -z
All configuration files are located in /etc/squid
Post install configuration
Define Network IP range:
Using vim (or your favorite text editor) we need to edit squid.conf and append our network IP range which is in red. This will identify on what network ip addresses that our squid proxy server will give access.
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl my_network src 172.16.1.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
Define http_access for our network:
Again using vim (or your favorite text editor) locate # And finally deny all other access to this proxy and add the line in red before the http_access deny all. Take note of the positioning of the directive because this will have a great effect in the function of our proxy server.
# And finally deny all other access to this proxy
http_access allow my_network
http_access allow localhost
http_access deny all
Configuring clients for our proxy server:
After adding the lines restart squid then use a client for testing. The default port for squid is 3128. So this will be your configuration for your web browser. HTTP proxy: <your server's IP address> and port: <squid proxy server's default port>. For those using a text based internet browser you like lynx, links or elinks then you must export our proxy settings by doing this in CLI:
[mylogin@hostname proxy-server]# export http_proxy=http://<Proxy server's IP address>:<port number>
or
[mylogin@hostname proxy-server]# http_proxy=http://<Proxy server's IP address>:<port number>; export http_proxy
We can validate if our export process was a success by issuing the echo command
[mylogin@hostname proxy-server]# echo $http_proxy
This must return the IP address and the port number that we have defined.
That's it we are done.
Previous page: Dynamic Host Configuration Protocol or DHCP Server Next page: Installing Apache, PHP, and MySQL