Setting up a proxy server

I would like to set my US-based dedicated server up as a (password-protected!) proxy server to mask my real location (to websites that only allow U.S. traffic).

Does anyone know a decent ,free , easy to set up proxy server software?

Thanks!

(CentOS-4.3-32)
GertoWSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
Squid is what normally gets used on Linux systems, and it is included in most distro's.
0
GertoWSAuthor Commented:
Thanks, I have set up Squid 3.0 , but am unsure which settings  I need because this seems to do much more.

The only thing I need it for is for a proxy, it seems like it has tons of caching options etc, but I don't need that. Anyway, after trying it out of the box , when I set up my browser to use the proxy, I get the following message:
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:

    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.

I've tried to add the line "http_access allow MY_IP_ADDRESS" to the config file but that doesn't seem to work, it seems like it's set up by default to only allow access from local computers?

(in addition, I don't really want to set this up for my ip address since I have a dynamic ip address; a password or something would seem handy if possible)

Thanks!
0
rindiCommented:
As I don't have much experience with configuring Squid, I'm afraid you'll have to read the diverse how-to's to get it configured, or hope someone else here replies. If you want, you can try using the "Request Attention" button.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

GnsCommented:
Take a look at the FAQ... It's really quite informative;-).
http://www.squid-cache.org/Versions/v3/3.0/cfgman/auth_param.html might be a good place to start reading...

Cheers
-- Glenn
0
GertoWSAuthor Commented:
I've increased the amount of points to 500.

I already spent several hours yesterday searching the faq and wiki I just spent another hour wading through the FAQ , forums, the wiki, ....

But no matter what I do, I keep on getting "Access Denied." message.

Even if I set http_access and htcp_access to allow all.

Any ideas?
0
GnsCommented:
Anything in the logs?
Almost soundlike you either aren't making the changes take effect, or change "the wrong file":-).

Cheers
-- Glenn
0
Gabriel OrozcoSolution ArchitectCommented:
Hey GertoWS, please post the output of the command. That command will get rid of comments and blank likes so we can see how your squid.conf looks alike.

Anyway, I would say you need to open an ACL to allow your ip address.

but your squid should look like what I posted below.

To create the password file you can use this URL:
http://www.suretecsystems.com/our_docs/proxy-guide-en/htpasswd.html

anyway I have put a extract in the code snipped below.


egrep -v  "^\s*$|^\s*#" /etc/squid.conf
 
==8<===============================================
############################################################################
# Authentication extension
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm SQUID PASSWORD PROTECTED
auth_param basic credentialsttl 1 hour
auth_param basic casesensitive on
authenticate_ip_ttl 1800 seconds
#############################################################################
# ACL's
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
#############################################################################
# Here you define what to do with accesses:
http_access allow all password
==8<===============================================
 
HOW TO CREATE THE PASSWORD FILE:
cd /etc/squid
htpasswd -d -c password username
 
 
 
and that's all. restart your squid and try it.

Open in new window

0
GertoWSAuthor Commented:
Thanks for the help (and sorry for delay in getting back) .
I've changed the path from your example command to "/etc/squid/squid.conf" because that's where AFAIK my conf file is (or am I changing the wrong file, as asked above???)

[code] egrep -v  "^\s*$|^\s*#" /etc/squid/squid.conf
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow  manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow all
 http_reply_access allow all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
[/code]

As you see, basically I changed all instances of "DENY" to "ALLOW" , which is not secure , but just want to get it working first.

Then I restarted squid (/etc/rc.d/init.d/squid restart) , and I always get the "proxy server rejected connection" error.

(I'm using port 3129 as proxy, because I was told this is the port squid listens to)

Also, I've noticed that if I load any of my own websites (hosted on this dedicated server I'm trying to set up as proxy) , it works perfectly.
0
GertoWSAuthor Commented:
(apparently messed up the code part, sorry, second try:)
egrep -v  "^\s*$|^\s*#" /etc/squid/squid.conf
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow  manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow all
 http_reply_access allow all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid

Open in new window

0
Gabriel OrozcoSolution ArchitectCommented:
Hi GertoWS:

I messed the path, but of course you found the valid conf file.

Ok. If not told otherwhise, squid listens in port 3128 and leave port 3129 for ICP which is used for other caches.

So, Please try connection to port 3128 from your browser.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GertoWSAuthor Commented:
Thanks, apparently that was my biggest problem. It's working now!

I also did some things to make it more anonymous and that seems to work.
One last problem: I'd like to make it secure now.

To start, I tried to set  up the password with the code you provided, however then I get the connection refused error again.

Any suggestion how I should set this up with my browser? I was expecting it to ask me for a password
(if you want me to set this up as a different question, feel free to ask)

Thanks for all the help!
Current conf attached
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm SQUID PASSWORD PROTECTED
auth_param basic credentialsttl 1 hour
auth_param basic casesensitive on
authenticate_ip_ttl 1800 seconds
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
http_access allow all password
http_access allow manager localhost
http_access allow  manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow all
 http_reply_access allow all
http_reply_access allow all
icp_access allow all
forwarded_for off
client_db off
                header_access Allow allow all
                header_access Authorization allow all
                header_access WWW-Authenticate allow all
                header_access Proxy-Authorization allow all
                header_access Proxy-Authenticate allow all
                header_access Cache-Control allow all
                header_access Content-Encoding allow all
                header_access Content-Length allow all
                header_access Content-Type allow all
                header_access Date allow all
                header_access Expires allow all
                header_access Host allow all
                header_access If-Modified-Since allow all
                header_access Last-Modified allow all
                header_access Location allow all
                header_access Pragma allow all
                header_access Accept allow all
                header_access Accept-Charset allow all
                header_access Accept-Encoding allow all
                header_access Accept-Language allow all
                header_access Content-Language allow all
                header_access Mime-Version allow all
                header_access Retry-After allow all
                header_access Title allow all
                header_access Connection allow all
                header_access Proxy-Connection allow all
                header_access All deny all
coredump_dir /var/spool/squid

Open in new window

0
Gabriel OrozcoSolution ArchitectCommented:
I see you duplicated the authentication section.

try to comment lines 4-7 and ot change line 41 from "allow" to "deny"
also libnes 42 and 43 are repeated. line 44 is not needed since you do not have a network of caches.

also all these "header_access" Comment them first and then when everything is working try again step by step.

you are introducing too many changes in each step to find the culprit if something fails.
0
GertoWSAuthor Commented:
Thank you very much
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.