Install Squid Proxy Server on CentOS / Redhat

enterprise Linux 5
Install Squid on CentOS / RHEL 5
Use yum command as follows:

# yum install squid

Output:
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check
Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5 http://www.cyberciti.biz/tips/howto-rhel-centos-
fedora-squid-installation...
1 of 13 3/1/2010 9:34 PM
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
squid i386 7:2.6.STABLE6-4.el5 updates 1.2 M
Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: squid ######################### [1/1]
Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!

Squid Basic Configuration

Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128.
Following
example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure
you adapt to
list your internal IP networks from where browsing should be allowed:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start
Output:
init_cache_dir /var/spool/squid... Starting squid: . [ OK ]
Verify port 3128 is open:
# netstat -tulpn | grep 3128
Output:
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 20653/(squid)

Open TCP port 3128

Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp
--dport 3128 -j
ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
Output:
Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5 http://www.cyberciti.biz/tips/howto-rhel-centos-
fedora-squid-installation...
2 of 13 3/1/2010 9:34 PM
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
Client configuration
Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and
port #
3128.

Squid Basic Configuration

Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128.
Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24.
Make
sure you adapt to list your internal IP networks from where browsing should be allowed:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
http_access allow all
Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start

Output:
init_cache_dir /var/spool/squid… Starting squid: . [ OK ]
Verify port 3128 is open:
# netstat -tulpn | grep 3128
Output:
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 20653/(squid)
Open TCP port 3128
Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state –state NEW,ESTABLISHED,RELATED -m tcp -p tcp –dport 3128 -j
ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart

Howto: Squid proxy authentication using

ncsa_authhelper
Following are included by default in most squid and most Linux distros:
=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication

Configure an NCSA-style username and password authentication

Step # 1: Create a username/password

First create a NCSA password file using htpasswd command. htpasswd is used to create and update
the flat-files

used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1

Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth

Step # 3: Configure nsca_auth for squid proxy authentication

Now open /etc/squid/squid.conf file

# vi /etc/squid/squid.conf

Append (or modify) following configration directive:

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file.
Where,
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password
file
and helper program location
auth_param basic children 5 : The number of authenticator processes to spawn.
auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when
prompted their username and password
auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally
validated
username:password pair is valid for - in other words how often the helper program is called for that
user
with password prompt. It is set to 2 hours.

auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off
only
acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user
will
match the ACL named ncsa_users
http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
Restart squid:
# /etc/init.d/squid restart

Now user is prompted for username and password.

FOR VIEWING THE LOGS OF INTERNET ON LINUX

# grep squid /var/log/messages]

# tail -f /var/log/squid/access.log

CONFIGURATION OF OUTLOOK ON LINUX

# vi /etc/squid/iptables

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -R PREROUTING 1 -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -A INPUT -i eth0 -p tcp --d port 25 -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --d port 110 -j ACCEPT

iptables -A INPUT -p tcp --dport 26 -j ACCEPT

iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25