squid advice

I am about to install squid web proxy for an office.  I want to install it on linux.  Need some help...
1.  Which linux distro do you recommend and how do I get it?
2.  I can find and download the squid and follow the instructions on how to install it, but any installation tips?
3.  Once I install it, how do I configure it for my specific private LAN (they are on private IP 192.168.1.0/24 network)?
4.  What information do I need to gather in order to complete the installation?

Thank you.
mrkentAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
Well most any Linux distro will work.  Popular distros now are:

    CentOS
    Ubuntu
    Debian

For CentOS you can use yum to install to make life easy.  For Debian and Ubuntu you can use apt-get

The installation instructions will tell you how to configure for your subnet.

Basically all you need to know is the same information you would need to know to setup the box to be on your network and access the Internet.

One tip, do use DHCP, set it up with a static IP address.
0
mrkentAuthor Commented:
So, it's "yum squid", or for the others it's "apt-get squid" ?

I figured that was a typo, you meant do NOT use DHCP
0
giltjrCommented:
Yes, no NOT use DHCP.

yum install squid
apt-get install squid
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

mrkentAuthor Commented:
Got it.  Then for the laptops on the subnet that are using that proxy how do I configure them to use that proxy.
(But still be able to use their laptops when they bring them home.)
0
giltjrCommented:
To use a proxy at work and nothing at home you have two options (that I am aware of).

1) You can setup Squid to be a transparent in-line proxy.  Just search on those terms.
2) You setup IE to use a ".pac" file.   This is basically a javascript program that you can make decisions of when to use a proxy and when not to.

You can setup a central proxy .pac file and when they are at home they will not be able to find it and so no proxy.

The other thing you can do in a .pac file is for any web servers you host internally you can bypass the proxy and go direct to the server.

Just two quick links dealing with .pac files.  Search in Google and you will find ton's of samples.
http://nscsysop.hypermart.net/proxypac.html
http://blog.freyguy.com/archives/2006/03/01/proxy-auto-detect-ie-and-firefox/
0
mrkentAuthor Commented:
The squid proxy will be behind an internet firewall, behind a nat wall.  Used by PCs that are also behind that nat wall and are on thier own private IP space.
Any special considerations as far as what I allow thru the firewall?
0
giltjrCommented:
Not really.  From the firewalls point of view Squid will look just like a web browser accessing Web sites.
0
mrkentAuthor Commented:
And from the outside do I have to let port 80 in to my squid proxy?
0
giltjrCommented:
Simple answer no.

Slightly complex answer.  

You need to allow traffic FROM port 80/443 inbound to squid, but most firewalls today automatically allow this if you specify a rule to allow outbound traffic to port 80/443.


Unless you are trying to use Squid as a reverse proxy server.  If so, then yes.
0
mrkentAuthor Commented:
I think I see what you're saying.  The firewall, being stateful, will allow return traffic from those web sites in which my internal workstations (but now in my case, the proxy) have initiated contact.

Since I want the squid to just proxy outgoing http/https requests, then you are correct in that I do not want it to be a reverse proxy.

That all correct?

Last question and I'll call it a day...I guess it is obvious that the proxy is the one that is hitting the DNS servers for all uncached DNS lookups.  Right?
0
giltjrCommented:
--> That all correct?

Correct.

The proxy is doing the DNS lookups.  I don't know exactly why you are installing Squid, but there are at least two add on programs, DansGuardian, and SquidGuard you might be interested in.

SquidGuard allows you to block hosts based on IP address or host name.  DansGuardian allows you to block hosts based on content.  So if you want, and are allowed, you could use these to prevent access to specific sites.

I personally have used Squid along with both of these at my house to prevent my sons from "accidentally" stumbling across adult sites.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mrkentAuthor Commented:
Awesome, thank you!  I wish I had more points to give.  You've been a great source.
0
mrkentAuthor Commented:
Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.