Solved

squid advice

Posted on 2012-03-14
14
527 Views
Last Modified: 2012-03-29
I am about to install squid web proxy for an office.  I want to install it on linux.  Need some help...
1.  Which linux distro do you recommend and how do I get it?
2.  I can find and download the squid and follow the instructions on how to install it, but any installation tips?
3.  Once I install it, how do I configure it for my specific private LAN (they are on private IP 192.168.1.0/24 network)?
4.  What information do I need to gather in order to complete the installation?

Thank you.
0
Comment
Question by:mrkent
  • 7
  • 6
14 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 430 total points
ID: 37725246
Well most any Linux distro will work.  Popular distros now are:

    CentOS
    Ubuntu
    Debian

For CentOS you can use yum to install to make life easy.  For Debian and Ubuntu you can use apt-get

The installation instructions will tell you how to configure for your subnet.

Basically all you need to know is the same information you would need to know to setup the box to be on your network and access the Internet.

One tip, do use DHCP, set it up with a static IP address.
0
 

Author Comment

by:mrkent
ID: 37725738
So, it's "yum squid", or for the others it's "apt-get squid" ?

I figured that was a typo, you meant do NOT use DHCP
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 430 total points
ID: 37725878
Yes, no NOT use DHCP.

yum install squid
apt-get install squid
0
 

Author Comment

by:mrkent
ID: 37726204
Got it.  Then for the laptops on the subnet that are using that proxy how do I configure them to use that proxy.
(But still be able to use their laptops when they bring them home.)
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 430 total points
ID: 37727783
To use a proxy at work and nothing at home you have two options (that I am aware of).

1) You can setup Squid to be a transparent in-line proxy.  Just search on those terms.
2) You setup IE to use a ".pac" file.   This is basically a javascript program that you can make decisions of when to use a proxy and when not to.

You can setup a central proxy .pac file and when they are at home they will not be able to find it and so no proxy.

The other thing you can do in a .pac file is for any web servers you host internally you can bypass the proxy and go direct to the server.

Just two quick links dealing with .pac files.  Search in Google and you will find ton's of samples.
http://nscsysop.hypermart.net/proxypac.html
http://blog.freyguy.com/archives/2006/03/01/proxy-auto-detect-ie-and-firefox/
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 70 total points
ID: 37728673
0
 

Author Comment

by:mrkent
ID: 37761511
The squid proxy will be behind an internet firewall, behind a nat wall.  Used by PCs that are also behind that nat wall and are on thier own private IP space.
Any special considerations as far as what I allow thru the firewall?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 430 total points
ID: 37761685
Not really.  From the firewalls point of view Squid will look just like a web browser accessing Web sites.
0
 

Author Comment

by:mrkent
ID: 37783260
And from the outside do I have to let port 80 in to my squid proxy?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 430 total points
ID: 37783708
Simple answer no.

Slightly complex answer.  

You need to allow traffic FROM port 80/443 inbound to squid, but most firewalls today automatically allow this if you specify a rule to allow outbound traffic to port 80/443.


Unless you are trying to use Squid as a reverse proxy server.  If so, then yes.
0
 

Author Comment

by:mrkent
ID: 37785137
I think I see what you're saying.  The firewall, being stateful, will allow return traffic from those web sites in which my internal workstations (but now in my case, the proxy) have initiated contact.

Since I want the squid to just proxy outgoing http/https requests, then you are correct in that I do not want it to be a reverse proxy.

That all correct?

Last question and I'll call it a day...I guess it is obvious that the proxy is the one that is hitting the DNS servers for all uncached DNS lookups.  Right?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 430 total points
ID: 37785161
--> That all correct?

Correct.

The proxy is doing the DNS lookups.  I don't know exactly why you are installing Squid, but there are at least two add on programs, DansGuardian, and SquidGuard you might be interested in.

SquidGuard allows you to block hosts based on IP address or host name.  DansGuardian allows you to block hosts based on content.  So if you want, and are allowed, you could use these to prevent access to specific sites.

I personally have used Squid along with both of these at my house to prevent my sons from "accidentally" stumbling across adult sites.
0
 

Author Comment

by:mrkent
ID: 37785207
Awesome, thank you!  I wish I had more points to give.  You've been a great source.
0
 

Author Closing Comment

by:mrkent
ID: 37785215
Thank you.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now