?
Solved

Proxy Server Setup

Posted on 2004-04-30
6
Medium Priority
?
1,225 Views
Last Modified: 2010-05-19
Hi all,

       Please guide me on how to setup & configure SQUID Proxy Server.

Regardz
saladin
0
Comment
Question by:sallauddins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 10959118
Squid QUICKSTART

$Id: QUICKSTART,v 1.2.2.2.6.1 2003/09/14 01:36:25 dwsquid Exp $

This document is intended only for people who want to get Squid running
quickly It is not a substitute for the real documentation.  Squid has
many features, but only a few of them are useful at the beginning.  Use
this only if you have quite a simple setup.

After you retrieved, compiled and installed the Squid software (see
INSTALL in the same directory), you have to configure the squid.conf
file. This is the list of the values you *need* to change, because no
sensible defaults could be defined. Do not touch the other variables
for now.  We assume you have installed Squid in the default location:
/usr/local/squid

Uncomment and edit the following lines in /usr/local/squid/etc/squid.conf:

==============================================================================

cache_peer, never_direct/always_direct

    If you have a parent cache, put it here.  The administrators of the
    parent cache typically provided you with instructions.  You should
    always ask permission before adding a parent cache. See also the
    never_direct/always_direct directives.

cache_dir /usr/local/squid/var/cache 100 16 256

    Add here (first number, here 100) the amount of hard disk space
    (in megabytes) to devote to caching.

acl, http_access, icp_access

    Access control lists.  This is important because it prevents people
    from stealing your network resources.  To fill in the
    "allowed_hosts" ACL, use your network address (for instance
    192.168.10.0 and your network mask (for instance 255.255.255.0):

        acl manager proto cache_object
        acl localhost src 127.0.0.1/255.255.255.255
        acl all src 0.0.0.0/0.0.0.0
        acl allowed_hosts src 192.168.10.0/255.255.255.0

        http_access deny manager all
        http_access allow allowed_hosts
        http_access deny all

        icp_access  allow  allowed_hosts
        icp_access deny all

cache_mgr

    Put here the e-mail address of the manager:

cache_effective_user

    If you must start Squid as root, find a safe user and group to run
    as after startup (typically "nobody" and "nogroup").  Do not use
    "root", for security reasons.

visible_hostname

    The host name you advertise for the cache.

==============================================================================

After editing squid.conf to your liking, run Squid from the command
line TWICE:

    % /usr/local/squid/sbin/squid -z
    % /usr/local/squid/sbin/squid

Check in the cache.log (/usr/local/squid/var/logs/cache.log) that
everything is all right.

Once Squid created all its files (it can take several minutes on some
systems), test it with echoping or a regular Web client. By default,
your Squid will run on port 3128. See the Squid FAQ for more details.

Once you have Squid working from the command line, tell your Unix to
start Squid at startup (it depends heavily on the Unix you use, you'll
typically have to modify something in a /etc/rc_something).

This quick start file written by: Stephane Bortzmeyer and Duane
Wessels.
0
 

Author Comment

by:sallauddins
ID: 10974862
Hi owensleftfoot,
 
   Thanks for the quick reply but will the above solution work on redhat Linux 7.3 or Redhat Linux 9.0.

Thanx & Regardz
saladin

 
0
 

Author Comment

by:sallauddins
ID: 10975697
Hi owensleftfoot,
 
         When I type squid -z as u have mentioned above it display's an error message :
FATAL: Bungled squid.conf line 146:     cache_peer 172.16.200.211       parent    80
Squid Cache (Version 2.4.STABLE6): Terminated abnormally.
CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 217
Aborted

Please do see f this can be resolved.

One more thing I would like to add is I am trying to use this SQUID proxy in the company & the companies server is also having SQUID proxy. So my SQUID proxy will be a client to the parent proxy.

I hope u have got the scenario.

Waiting for a favorable & reply at the earliest.

Thanx & Regardz.
saladin


   
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:sallauddins
ID: 11002909
Knock, Knock .... experts
Are there any takers ???.
0
 
LVL 17

Accepted Solution

by:
owensleftfoot earned 135 total points
ID: 11003341
Peer cache servers and Squid hierarchy
Tag Name      cache_peer
Usage      cache_peer hostname type http_port icp_port options

Description
This tag is used to specify the other caches in the hierarchy. The cache_peer option is split into five fields. The first field is the hostname or IP of the cache that is to be queried. The second field indicates the type of relationship. The third field sets the HTTP port of the destination server, while the fourth sets the ICP (UDP) query port. The fifth field can contain zero or more keywords. Here are the detailed explanations on each field. See cache_peer_access also.

Hostname
Hostname (FQDN) or IP address of the cache to be queried should be mentioned.

For ex,

cache_peer sib1.visolve.com sibling 3128 3130 [proxy-only]
cache_peer 172.16.1.100 sibling 3128 3130 [proxy-only]

Type
Here cache hierarchy should be specified. This option plays an important role in deciding neighbor selection.

    * parent
    * sibling
    * multicast

Http_port
The port number where the cache listens for proxy requests. See also http_port

Icp_port
Used for querying neighbor caches about objects. To have a non-ICP neighbor specify '7' for the ICP port and make sure the neighbor machine has the UDP echo port enabled in its /etc/inetd.conf file. See also icp_port

OPTIONS:

    proxy-only
    To specify that objects fetched from this cache should not be saved locally.

    Weight=n
    To specify a weighted parent. The weight must be an integer. The default weight is 1, larger weights are favoured more.

    ttl=n
    To specify a IP multicast Time To Live (ttl) value when sending ICP queries to multicast groups. We do not accept ICP replies from random hosts. So you must configure other group members as peers with the multicast-responder option below.

    no-query
    This option is set for those peers, which do not support ICP queries. It is obvious to have doubt about the ICP port specified in, while using this option. Squid does not care what digit has been given in the ICP port when no-query is specified. Using any number is fine. It is recommended to use 0 to emphasis the fact that ICP is not used in any way (not even to UDP echo port 7).

    This might be the typical example for this option :

    cache_peer hostname sibling 8080 0 proxy-only no-query

    By default, Port 3130 is typically where an ICP-aware proxy listens for ICP packets. Port 7 is the "echo" port (see /etc/services). It is typically handled by inetd as an internal process and simply "echoes" back what has been sent it. Since option "no-query" specified, port "7" is there so that if peer is queried, Squid gets an answer and not declares peer as dead and therefore stop using it.

    Port 7 is used when Squid has a non-ICP peer but still want to query it before sending requests there (no-query not specified). In such case, Squid will send the ICP queries to port 7 which is the UDP echo port.

    default
    If this is a parent cache which can be used as a "last-resort." and not ICP enabled then "default" would be the appropriate option. Simply adding default to a parent does not force all requests to be sent to that parent. The term default is perhaps a poor choice of words. If the cache is able to make direct connections, direct will be preferred over default. If needed to force all requests to parent cache(s), use the never_direct option.

    round-robin
    To define a set of parents which should be used in a round-robin fashion in the absence of any ICP queries.

    multicast-responder
    Indicates that the named peer is a member of a multicast group. ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.

    closest-only
    Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.

    no-digest
    To NOT request cache digests from this neighbor.

    no-netdb-exchange
    It disables requesting ICMP RTT database (NetDB) from the neighbor.

    no-delay
    To prevent access to this neighbor from influencing the delay pools.

    login=user:password
    If this is a personal/workgroup proxy and your parent requires proxy authentication.

    connect-timeout=nn
    To specify a peer specific connect timeout (also see the peer_connect_timeout directive).

    digest-url=url
    To tell Squid to fetch the cache digest (if digests are enabled) for this host from the specified URL rather than the Squid default location.

No cache peer is defined
Default      none

Example
cache_peer proxy.visolve.com parent 3128 3130 default

cache_peer 172.16.1.100 sibling 3128 3130 proxy-only

cache_peer 172.16.1.123 sibling 3129 5500 weight=2

Caution
If you compiled Squid to support HTCP, your cache will automatically attempt to connect to TCP port 4827 (there is currently no option to change this port value). Cache digests are transferred via the HTTP port specified on the cache_peer line. Non-ICP neighbors must be specified as 'parent'.







Is the parent proxy configured to allow clients? Also the default port for squid to listen on is 3128 - you have the cache_peer set as if the parent proxy is on port 80 - is this correct?
0
 

Author Comment

by:sallauddins
ID: 11178628
Dear admin,

    Since I have accepted the answer please close this query.

Thanks & Regards,
saladin
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month8 days, 15 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question