Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 587
  • Last Modified:

squid advice

I am about to install squid web proxy for an office.  I want to install it on linux.  Need some help...
1.  Which linux distro do you recommend and how do I get it?
2.  I can find and download the squid and follow the instructions on how to install it, but any installation tips?
3.  Once I install it, how do I configure it for my specific private LAN (they are on private IP 192.168.1.0/24 network)?
4.  What information do I need to gather in order to complete the installation?

Thank you.
0
mrkent
Asked:
mrkent
  • 7
  • 6
7 Solutions
 
giltjrCommented:
Well most any Linux distro will work.  Popular distros now are:

    CentOS
    Ubuntu
    Debian

For CentOS you can use yum to install to make life easy.  For Debian and Ubuntu you can use apt-get

The installation instructions will tell you how to configure for your subnet.

Basically all you need to know is the same information you would need to know to setup the box to be on your network and access the Internet.

One tip, do use DHCP, set it up with a static IP address.
0
 
mrkentAuthor Commented:
So, it's "yum squid", or for the others it's "apt-get squid" ?

I figured that was a typo, you meant do NOT use DHCP
0
 
giltjrCommented:
Yes, no NOT use DHCP.

yum install squid
apt-get install squid
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
mrkentAuthor Commented:
Got it.  Then for the laptops on the subnet that are using that proxy how do I configure them to use that proxy.
(But still be able to use their laptops when they bring them home.)
0
 
giltjrCommented:
To use a proxy at work and nothing at home you have two options (that I am aware of).

1) You can setup Squid to be a transparent in-line proxy.  Just search on those terms.
2) You setup IE to use a ".pac" file.   This is basically a javascript program that you can make decisions of when to use a proxy and when not to.

You can setup a central proxy .pac file and when they are at home they will not be able to find it and so no proxy.

The other thing you can do in a .pac file is for any web servers you host internally you can bypass the proxy and go direct to the server.

Just two quick links dealing with .pac files.  Search in Google and you will find ton's of samples.
http://nscsysop.hypermart.net/proxypac.html
http://blog.freyguy.com/archives/2006/03/01/proxy-auto-detect-ie-and-firefox/
0
 
mrkentAuthor Commented:
The squid proxy will be behind an internet firewall, behind a nat wall.  Used by PCs that are also behind that nat wall and are on thier own private IP space.
Any special considerations as far as what I allow thru the firewall?
0
 
giltjrCommented:
Not really.  From the firewalls point of view Squid will look just like a web browser accessing Web sites.
0
 
mrkentAuthor Commented:
And from the outside do I have to let port 80 in to my squid proxy?
0
 
giltjrCommented:
Simple answer no.

Slightly complex answer.  

You need to allow traffic FROM port 80/443 inbound to squid, but most firewalls today automatically allow this if you specify a rule to allow outbound traffic to port 80/443.


Unless you are trying to use Squid as a reverse proxy server.  If so, then yes.
0
 
mrkentAuthor Commented:
I think I see what you're saying.  The firewall, being stateful, will allow return traffic from those web sites in which my internal workstations (but now in my case, the proxy) have initiated contact.

Since I want the squid to just proxy outgoing http/https requests, then you are correct in that I do not want it to be a reverse proxy.

That all correct?

Last question and I'll call it a day...I guess it is obvious that the proxy is the one that is hitting the DNS servers for all uncached DNS lookups.  Right?
0
 
giltjrCommented:
--> That all correct?

Correct.

The proxy is doing the DNS lookups.  I don't know exactly why you are installing Squid, but there are at least two add on programs, DansGuardian, and SquidGuard you might be interested in.

SquidGuard allows you to block hosts based on IP address or host name.  DansGuardian allows you to block hosts based on content.  So if you want, and are allowed, you could use these to prevent access to specific sites.

I personally have used Squid along with both of these at my house to prevent my sons from "accidentally" stumbling across adult sites.
0
 
mrkentAuthor Commented:
Awesome, thank you!  I wish I had more points to give.  You've been a great source.
0
 
mrkentAuthor Commented:
Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now