Solved

Proxy Server Setup

Posted on 2004-04-30
6
1,179 Views
Last Modified: 2010-05-19
Hi all,

       Please guide me on how to setup & configure SQUID Proxy Server.

Regardz
saladin
0
Comment
Question by:sallauddins
  • 4
  • 2
6 Comments
 
LVL 17

Expert Comment

by:owensleftfoot
Comment Utility
Squid QUICKSTART

$Id: QUICKSTART,v 1.2.2.2.6.1 2003/09/14 01:36:25 dwsquid Exp $

This document is intended only for people who want to get Squid running
quickly It is not a substitute for the real documentation.  Squid has
many features, but only a few of them are useful at the beginning.  Use
this only if you have quite a simple setup.

After you retrieved, compiled and installed the Squid software (see
INSTALL in the same directory), you have to configure the squid.conf
file. This is the list of the values you *need* to change, because no
sensible defaults could be defined. Do not touch the other variables
for now.  We assume you have installed Squid in the default location:
/usr/local/squid

Uncomment and edit the following lines in /usr/local/squid/etc/squid.conf:

==============================================================================

cache_peer, never_direct/always_direct

    If you have a parent cache, put it here.  The administrators of the
    parent cache typically provided you with instructions.  You should
    always ask permission before adding a parent cache. See also the
    never_direct/always_direct directives.

cache_dir /usr/local/squid/var/cache 100 16 256

    Add here (first number, here 100) the amount of hard disk space
    (in megabytes) to devote to caching.

acl, http_access, icp_access

    Access control lists.  This is important because it prevents people
    from stealing your network resources.  To fill in the
    "allowed_hosts" ACL, use your network address (for instance
    192.168.10.0 and your network mask (for instance 255.255.255.0):

        acl manager proto cache_object
        acl localhost src 127.0.0.1/255.255.255.255
        acl all src 0.0.0.0/0.0.0.0
        acl allowed_hosts src 192.168.10.0/255.255.255.0

        http_access deny manager all
        http_access allow allowed_hosts
        http_access deny all

        icp_access  allow  allowed_hosts
        icp_access deny all

cache_mgr

    Put here the e-mail address of the manager:

cache_effective_user

    If you must start Squid as root, find a safe user and group to run
    as after startup (typically "nobody" and "nogroup").  Do not use
    "root", for security reasons.

visible_hostname

    The host name you advertise for the cache.

==============================================================================

After editing squid.conf to your liking, run Squid from the command
line TWICE:

    % /usr/local/squid/sbin/squid -z
    % /usr/local/squid/sbin/squid

Check in the cache.log (/usr/local/squid/var/logs/cache.log) that
everything is all right.

Once Squid created all its files (it can take several minutes on some
systems), test it with echoping or a regular Web client. By default,
your Squid will run on port 3128. See the Squid FAQ for more details.

Once you have Squid working from the command line, tell your Unix to
start Squid at startup (it depends heavily on the Unix you use, you'll
typically have to modify something in a /etc/rc_something).

This quick start file written by: Stephane Bortzmeyer and Duane
Wessels.
0
 

Author Comment

by:sallauddins
Comment Utility
Hi owensleftfoot,
 
   Thanks for the quick reply but will the above solution work on redhat Linux 7.3 or Redhat Linux 9.0.

Thanx & Regardz
saladin

 
0
 

Author Comment

by:sallauddins
Comment Utility
Hi owensleftfoot,
 
         When I type squid -z as u have mentioned above it display's an error message :
FATAL: Bungled squid.conf line 146:     cache_peer 172.16.200.211       parent    80
Squid Cache (Version 2.4.STABLE6): Terminated abnormally.
CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 217
Aborted

Please do see f this can be resolved.

One more thing I would like to add is I am trying to use this SQUID proxy in the company & the companies server is also having SQUID proxy. So my SQUID proxy will be a client to the parent proxy.

I hope u have got the scenario.

Waiting for a favorable & reply at the earliest.

Thanx & Regardz.
saladin


   
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:sallauddins
Comment Utility
Knock, Knock .... experts
Are there any takers ???.
0
 
LVL 17

Accepted Solution

by:
owensleftfoot earned 45 total points
Comment Utility
Peer cache servers and Squid hierarchy
Tag Name      cache_peer
Usage      cache_peer hostname type http_port icp_port options

Description
This tag is used to specify the other caches in the hierarchy. The cache_peer option is split into five fields. The first field is the hostname or IP of the cache that is to be queried. The second field indicates the type of relationship. The third field sets the HTTP port of the destination server, while the fourth sets the ICP (UDP) query port. The fifth field can contain zero or more keywords. Here are the detailed explanations on each field. See cache_peer_access also.

Hostname
Hostname (FQDN) or IP address of the cache to be queried should be mentioned.

For ex,

cache_peer sib1.visolve.com sibling 3128 3130 [proxy-only]
cache_peer 172.16.1.100 sibling 3128 3130 [proxy-only]

Type
Here cache hierarchy should be specified. This option plays an important role in deciding neighbor selection.

    * parent
    * sibling
    * multicast

Http_port
The port number where the cache listens for proxy requests. See also http_port

Icp_port
Used for querying neighbor caches about objects. To have a non-ICP neighbor specify '7' for the ICP port and make sure the neighbor machine has the UDP echo port enabled in its /etc/inetd.conf file. See also icp_port

OPTIONS:

    proxy-only
    To specify that objects fetched from this cache should not be saved locally.

    Weight=n
    To specify a weighted parent. The weight must be an integer. The default weight is 1, larger weights are favoured more.

    ttl=n
    To specify a IP multicast Time To Live (ttl) value when sending ICP queries to multicast groups. We do not accept ICP replies from random hosts. So you must configure other group members as peers with the multicast-responder option below.

    no-query
    This option is set for those peers, which do not support ICP queries. It is obvious to have doubt about the ICP port specified in, while using this option. Squid does not care what digit has been given in the ICP port when no-query is specified. Using any number is fine. It is recommended to use 0 to emphasis the fact that ICP is not used in any way (not even to UDP echo port 7).

    This might be the typical example for this option :

    cache_peer hostname sibling 8080 0 proxy-only no-query

    By default, Port 3130 is typically where an ICP-aware proxy listens for ICP packets. Port 7 is the "echo" port (see /etc/services). It is typically handled by inetd as an internal process and simply "echoes" back what has been sent it. Since option "no-query" specified, port "7" is there so that if peer is queried, Squid gets an answer and not declares peer as dead and therefore stop using it.

    Port 7 is used when Squid has a non-ICP peer but still want to query it before sending requests there (no-query not specified). In such case, Squid will send the ICP queries to port 7 which is the UDP echo port.

    default
    If this is a parent cache which can be used as a "last-resort." and not ICP enabled then "default" would be the appropriate option. Simply adding default to a parent does not force all requests to be sent to that parent. The term default is perhaps a poor choice of words. If the cache is able to make direct connections, direct will be preferred over default. If needed to force all requests to parent cache(s), use the never_direct option.

    round-robin
    To define a set of parents which should be used in a round-robin fashion in the absence of any ICP queries.

    multicast-responder
    Indicates that the named peer is a member of a multicast group. ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.

    closest-only
    Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.

    no-digest
    To NOT request cache digests from this neighbor.

    no-netdb-exchange
    It disables requesting ICMP RTT database (NetDB) from the neighbor.

    no-delay
    To prevent access to this neighbor from influencing the delay pools.

    login=user:password
    If this is a personal/workgroup proxy and your parent requires proxy authentication.

    connect-timeout=nn
    To specify a peer specific connect timeout (also see the peer_connect_timeout directive).

    digest-url=url
    To tell Squid to fetch the cache digest (if digests are enabled) for this host from the specified URL rather than the Squid default location.

No cache peer is defined
Default      none

Example
cache_peer proxy.visolve.com parent 3128 3130 default

cache_peer 172.16.1.100 sibling 3128 3130 proxy-only

cache_peer 172.16.1.123 sibling 3129 5500 weight=2

Caution
If you compiled Squid to support HTCP, your cache will automatically attempt to connect to TCP port 4827 (there is currently no option to change this port value). Cache digests are transferred via the HTTP port specified on the cache_peer line. Non-ICP neighbors must be specified as 'parent'.







Is the parent proxy configured to allow clients? Also the default port for squid to listen on is 3128 - you have the cache_peer set as if the parent proxy is on port 80 - is this correct?
0
 

Author Comment

by:sallauddins
Comment Utility
Dear admin,

    Since I have accepted the answer please close this query.

Thanks & Regards,
saladin
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Encrypted Laptop running Linux 3 78
Webserver access problem 5 62
Secure host to host communication 5 61
Squid Authentication 7 31
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now