Debian and squid2
Hallo Experts,
I need a help with setup squid2 proxy on my debian 3.0 with kernel 2.4.18-bf2.4. Here is the situation:
Recently I got ADSL connection which is working no problem at all. But the situation changed and I need to install Debian 3.0 and run squid to share internet to my others clients.
PC1( let's call it squidbox)configuration:
CPU 233
RAM 128
NIC realtek 2x
debian 3.0
text mode only
PC1 and PC2 are clients
OS: linux and windows XP
Here is what I have done:
I have installed debian 3.0 and squid. To eth0 I have attached modem D-Link 300+ which is working perfekt. The modem is connecting to ISPby it self and it bind to my eth0 MAC Address. So on eth0 a have to only choose DHPC and to modem will set my IP to external from ISP. To eth1 I setup internal IP.
When I'm connected to internet the nic's IP's on squidbox can look like this:
eth0 : 232.251.26.87
eth1: 10.0.0.1
in this case I can ping the web sites via name from my squidbox with no problem.
the clients PC's can reach DHCP and they can ping squidbox IP 10.0.0.1 as well as the external IP 232.251.26.87. So it look like the routing is working fine:))
I have no experience with squid yet. I had a look to /etc/squid.conf but I do not realy understand what is there writen. Can anybody give some hints or write me simple squid.conf which allow just few ports like http, ftp, smtp. pop3 ?
Or if anybody have better idea how I can solve my problem please please let me know and also if somebody need more infomation pleas ask...
thank's
Luxana
I need a help with setup squid2 proxy on my debian 3.0 with kernel 2.4.18-bf2.4. Here is the situation:
Recently I got ADSL connection which is working no problem at all. But the situation changed and I need to install Debian 3.0 and run squid to share internet to my others clients.
PC1( let's call it squidbox)configuration:
CPU 233
RAM 128
NIC realtek 2x
debian 3.0
text mode only
PC1 and PC2 are clients
OS: linux and windows XP
Here is what I have done:
I have installed debian 3.0 and squid. To eth0 I have attached modem D-Link 300+ which is working perfekt. The modem is connecting to ISPby it self and it bind to my eth0 MAC Address. So on eth0 a have to only choose DHPC and to modem will set my IP to external from ISP. To eth1 I setup internal IP.
When I'm connected to internet the nic's IP's on squidbox can look like this:
eth0 : 232.251.26.87
eth1: 10.0.0.1
in this case I can ping the web sites via name from my squidbox with no problem.
the clients PC's can reach DHCP and they can ping squidbox IP 10.0.0.1 as well as the external IP 232.251.26.87. So it look like the routing is working fine:))
I have no experience with squid yet. I had a look to /etc/squid.conf but I do not realy understand what is there writen. Can anybody give some hints or write me simple squid.conf which allow just few ports like http, ftp, smtp. pop3 ?
Or if anybody have better idea how I can solve my problem please please let me know and also if somebody need more infomation pleas ask...
thank's
Luxana
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hallo Uberpappa,
Thanks for your promt answer here are some more information what you asked for:
directory /var/spool/squid is created
version of squid : Version 2.4.STABLE6
I tried start scrip what you gave me and I get this error message:
Starting proxy server: FATAL: getpwnam failed to find userid for effective user
'squid'
Squid Cache (Version 2.4.STABLE6): Terminated abnormally.
CPU Usage: 0.050 seconds = 0.040 user + 0.010 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 354
/etc/init.d/squid: line 24: 585 Aborted start-stop-dameon --qu
iet --start --pidfile $pidfile --exec $DAEMON -- $SQUIDE_ARGS </dev/null
squid.
--------------------------
With my newbie eyes I can see that there is problem with user like you wrote above so I opened the /etc/passwd file and there is no user squid !!!
thanks for your help I need to get it work and then I will play with each line in this script.
LUXANA
Thanks for your promt answer here are some more information what you asked for:
directory /var/spool/squid is created
version of squid : Version 2.4.STABLE6
I tried start scrip what you gave me and I get this error message:
Starting proxy server: FATAL: getpwnam failed to find userid for effective user
'squid'
Squid Cache (Version 2.4.STABLE6): Terminated abnormally.
CPU Usage: 0.050 seconds = 0.040 user + 0.010 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 354
/etc/init.d/squid: line 24: 585 Aborted start-stop-dameon --qu
iet --start --pidfile $pidfile --exec $DAEMON -- $SQUIDE_ARGS </dev/null
squid.
--------------------------
With my newbie eyes I can see that there is problem with user like you wrote above so I opened the /etc/passwd file and there is no user squid !!!
thanks for your help I need to get it work and then I will play with each line in this script.
LUXANA
Hi Luxana,
You have a couple of options:
1) Determine the user that Debian uses to run squid. You can do so by checking the last entry in the /etc/passwd file (assuming you didn't add any users after installing Squid). If there is no user that looks like it could be the squid user, the service probably runs as user daemon. If there is one, use that user in the config file.
2) Add a user squid. If you select this option, it is important that you don't give this user shell access. Hence, set its shell to /sbin/nologin, and don't assign a password to the account:
useradd -s /bin/nologin squid
It is also important to then create the /var/spool/squid directory and to make its owner and group the squid user:
mkdir /var/spool/squid
chown squid: /var/spool/squid
3) Run the service as daemon. I.e. change the config to read:
cache_effective_user daemon
cache_effective_group daemon
One of these should work. It would be appreciated if another expert can comment on the way Squid usually installs on Debian. I am not that fimiliar with the distro.
If this doesn't work, I'll be monitoring my e-mail :-)
You have a couple of options:
1) Determine the user that Debian uses to run squid. You can do so by checking the last entry in the /etc/passwd file (assuming you didn't add any users after installing Squid). If there is no user that looks like it could be the squid user, the service probably runs as user daemon. If there is one, use that user in the config file.
2) Add a user squid. If you select this option, it is important that you don't give this user shell access. Hence, set its shell to /sbin/nologin, and don't assign a password to the account:
useradd -s /bin/nologin squid
It is also important to then create the /var/spool/squid directory and to make its owner and group the squid user:
mkdir /var/spool/squid
chown squid: /var/spool/squid
3) Run the service as daemon. I.e. change the config to read:
cache_effective_user daemon
cache_effective_group daemon
One of these should work. It would be appreciated if another expert can comment on the way Squid usually installs on Debian. I am not that fimiliar with the distro.
If this doesn't work, I'll be monitoring my e-mail :-)
Let me rephrase the sentence:
It would be appreciated if AN expert can comment on the way Squid usually installs on Debian. ;-)
It would be appreciated if AN expert can comment on the way Squid usually installs on Debian. ;-)
Ahhh. It just came to me!
Check the owner of the /var/spoo/squid directory:
ls -l /var/spool/squid
If the package installer created the directory, than it would have made the user it wants to run the squid service the owner.
Check the owner of the /var/spoo/squid directory:
ls -l /var/spool/squid
If the package installer created the directory, than it would have made the user it wants to run the squid service the owner.
ASKER
hallo Uberpappa
Acording this command it seems like the owner of /var/spool/squid/ folder is user proxy.
ls - ld /var/spool/squid/
drwxr-x--- 18 proxy proxy 4096 Feb 28 13.20 /var/spool/squid
And this user is already exists in my /etc/passwd
proxy:x:13:13:proxy:/bin:/
it was created during instalation squid.
---------------------
can you by more specific about how can I run service as dameon please?
thanks for your patience and help
luxana
Now I have to go OFFLINE I'll continue ASAP..
Acording this command it seems like the owner of /var/spool/squid/ folder is user proxy.
ls - ld /var/spool/squid/
drwxr-x--- 18 proxy proxy 4096 Feb 28 13.20 /var/spool/squid
And this user is already exists in my /etc/passwd
proxy:x:13:13:proxy:/bin:/
it was created during instalation squid.
---------------------
can you by more specific about how can I run service as dameon please?
thanks for your patience and help
luxana
Now I have to go OFFLINE I'll continue ASAP..
If the user that the system created is proxy, then you best option is to use proxy. Thus, you can change the settings as follows:
1) Determine the group that user proxy belongs to:
grep proxy /etc/passwd
This should give you something like:
proxy:x:111:222::/var/spoo
(the 111:222 will differ). The second number (222 in example) is the group that proxy belongs to. Now, to get the group name, do the following:
grep 222 /etc/group (substituting the 222 with whatever your group returned above)
This should return something like:
proxy:x:222:
The name on the left hand side is the group the proxy user belongs to.
2) Change the lines in the squid.conf file to read:
cache_effective_user proxy
cache_effective_group proxy (or whatever the group was that was returned with the grep command: grep xxx /etc/group)
3) Then start your squid service.
If you want to do it using the daemon user, follow the same steps as above, but substituting the "proxy" user with daemon, to get the group it belongs to.
Then, do: chown daemon: /var/spool/squid
And, Change the config to read:
cache_effective_user daemon
cache_effective_group daemon (or whatever the group was that was returned with the grep command: grep xxx /etc/group)
I recommend that you stick with the proxy user, though. That way you will adhere to the standard way that things are done on Debian. And upgrading your software would be easier to do.
Let me know what happens. I await your reply.
1) Determine the group that user proxy belongs to:
grep proxy /etc/passwd
This should give you something like:
proxy:x:111:222::/var/spoo
(the 111:222 will differ). The second number (222 in example) is the group that proxy belongs to. Now, to get the group name, do the following:
grep 222 /etc/group (substituting the 222 with whatever your group returned above)
This should return something like:
proxy:x:222:
The name on the left hand side is the group the proxy user belongs to.
2) Change the lines in the squid.conf file to read:
cache_effective_user proxy
cache_effective_group proxy (or whatever the group was that was returned with the grep command: grep xxx /etc/group)
3) Then start your squid service.
If you want to do it using the daemon user, follow the same steps as above, but substituting the "proxy" user with daemon, to get the group it belongs to.
Then, do: chown daemon: /var/spool/squid
And, Change the config to read:
cache_effective_user daemon
cache_effective_group daemon (or whatever the group was that was returned with the grep command: grep xxx /etc/group)
I recommend that you stick with the proxy user, though. That way you will adhere to the standard way that things are done on Debian. And upgrading your software would be easier to do.
Let me know what happens. I await your reply.
ASKER
ok one more think:))))
sorry I have not think about it what you wrote before, so I canged the script for user proxy a I run it withuot problems:))))
So now I need to setup proxy in mozilla browser is it right?
which ports chould I use ?
thanks again....
sorry I have not think about it what you wrote before, so I canged the script for user proxy a I run it withuot problems:))))
So now I need to setup proxy in mozilla browser is it right?
which ports chould I use ?
thanks again....
ASKER
done:))))
ASKER
now I need only setup mozilla or how can I check that the proxy is working or not?
You can check if it is running by doing:
telnet localhost 3128
If you get a prompt without an error, its running. Use Ctrl-] and then "quit" to quit from telnet.
Then configure Mozilla (Edit->Preferences->Advanc
Then, if all went well, squid should be running and delivering pages to your browser.
telnet localhost 3128
If you get a prompt without an error, its running. Use Ctrl-] and then "quit" to quit from telnet.
Then configure Mozilla (Edit->Preferences->Advanc
Then, if all went well, squid should be running and delivering pages to your browser.
ASKER
this telnet thing is working I'm able to connect to my localhost(luxana-proxy)
But mozilla have a problem I setup the proxy to 10.0.0.1 3128 and then I get popup like
connection was refused when attempting to contact www.xxx.xx
mozilla gives my option to setup:
HTTP Proxy
SSL Proxy
FTP Proxy
Gopher Proxy
SOCKS Proxy
DEFAULT IS SOCKS v5
for all of this options I have to setup the same port? Port 3128 is just for http isn't it?
I think we are very close:)))
Now I have to go realy OFFLINE .....
thanks
I will try your next step as soon as possible
Luxana
But mozilla have a problem I setup the proxy to 10.0.0.1 3128 and then I get popup like
connection was refused when attempting to contact www.xxx.xx
mozilla gives my option to setup:
HTTP Proxy
SSL Proxy
FTP Proxy
Gopher Proxy
SOCKS Proxy
DEFAULT IS SOCKS v5
for all of this options I have to setup the same port? Port 3128 is just for http isn't it?
I think we are very close:)))
Now I have to go realy OFFLINE .....
thanks
I will try your next step as soon as possible
Luxana
From the box with mozilla, try
telnet 10.0.0.1 3128
It should give you the same prompt. If it doesn't, the something is blocking it.
Firewall, mabe?
As a test, do (On the squid box):
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
This should clear all firewall rules you have configured, including your masquerading (if you have it configured).
Then test it again.
telnet 10.0.0.1 3128
It should give you the same prompt. If it doesn't, the something is blocking it.
Firewall, mabe?
As a test, do (On the squid box):
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
This should clear all firewall rules you have configured, including your masquerading (if you have it configured).
Then test it again.
The other part of you question:
You can use squid for HTTP, as well as FTP, although Squid is not a TRUE FTP proxy, it does present you with an interface suitable for downloads. You won't be able to upload through it, though. For that you can use FROX, or something similar.
I usually put the proxy address into all the fields, accept SOCKS host.
You can use squid for HTTP, as well as FTP, although Squid is not a TRUE FTP proxy, it does present you with an interface suitable for downloads. You won't be able to upload through it, though. For that you can use FROX, or something similar.
I usually put the proxy address into all the fields, accept SOCKS host.
ASKER
Hallo Uberpappa
is there a beter grade then Excellent!!!? :)))
it is working and I'm so happy:)))))))
Thank you for your help now I'm going to play with it. If you have any advices for me like what should I do now to improve my system and firewall please let me know. Now I have to find out how to enable ICQ.
I'm gonna ask more questions in future and I will put the link for you here...
tkank you again.......
Luxana
PS: I'm happy because I can kick out windows from my PC now...:)))
is there a beter grade then Excellent!!!? :)))
it is working and I'm so happy:)))))))
Thank you for your help now I'm going to play with it. If you have any advices for me like what should I do now to improve my system and firewall please let me know. Now I have to find out how to enable ICQ.
I'm gonna ask more questions in future and I will put the link for you here...
tkank you again.......
Luxana
PS: I'm happy because I can kick out windows from my PC now...:)))
You are welcome
cache_dir ufs /var/spool/squid 200 16 256
The one above is for a redhat system. I am not sure where Debian installs default this directory to. Maybe someone more fimiliar with Debian can scan the above script and comment on it. Another place where your installation may differ is in the user account that squid will run as. Check if the /var/spool/squid directory is created when you install squid on the Debian box, and also if the quid user is created. Otherwise, use the appropriate directory and user information.
You should also read the documentation at www.squid-cache.org to be sure that you understand all the options in this file, and to customise it for your own needs.
Again: I hope this solves your problem.