Squid server configuration in RHEL5.7

Squid cache (Squid) is a popular free software GNU General Public License) proxy server and Web cache Server. Squid has a wide range of uses. It increases the speed of Web servers by caching requests on the front cache server as a Web server, and caches the World Wide Web for a group of people to share network resources, domain Name System and other network search, to help network security by filtering traffic, to the LAN through the proxy to access the Internet. Squid is designed to run on Unix and Linux systems.
Proxy servers have the following features:
Application Layer proxy
1. proxy for specific network protocols
2. Typical applications: HTTP proxy and FTP Proxy
Proxy Server role
1. hosts in the LAN can access the Internet through hosts that can be accessed in the Network
2. cache can be provided to improve access efficiency
3. Access control can be implemented to a certain extent.
Functions of the squid service
1. Provide HTTP and FTP proxies
2. cache proxy content to improve access speed
3. Access Control for the client based on the target address or time)
Squid proxy type
Forward Proxy: Provides proxy services for the client. You must specify an IP address for the client.
Reverse Proxy: Provides proxy services for servers to reduce the burden on real servers.
Transparent Proxy: A special forward proxy that does not require any client settings. The proxy server must be a gateway, which is equivalent to a router and a firewall.
The default port number of the squid Proxy Server is 3128, which can be changed, for example, to the common port 8080 in the public network. We use the example below to verify
1. Forward Proxy Server Configuration
In this example, the RHEL-B is the gateway, connected to the Internet; Windows PC is the Intranet host, the gateway points to the RHEL-B, where the RHEL-B only allows the RHEL-C to perform NAT translation, that is, by default, windows PC cannot access the Internet, only RHEL-C can access the Internet. Here we want to make Windows PC accessible to the Internet by setting the RHEL-C as a proxy server.
 
First check whether the squid of the RHEL-C has been installed by default)
Rpm-q squid
Go to the squid configuration file
Vi/etc/squid. conf
Search for http_port 3128 and change the 3128 port number to 8080.

Search for acl our_networks, define acl, name our_networks, set to allow, and change the source address to the network segment 192.168.10.0/24 of the host. Otherwise, only local loopback ports are allowed by default.

Save and exit, and then start squid. Before starting, you must ensure that squid has a complete domain name.
Vi/etc/hosts

Next, initialize the squid server to create a cache subdirectory in the working directory of the squid server.
Squid-z
Check the squid sub-directory. You can find 16 sub-directories are added.

**************************************** *************
The size of the squid subdirectory involves the performance of the squid server. By default, there are 16 level-1 subdirectories and 256 level-2 subdirectories. You can modify the capacity of each directory in squid. conf:
Cache_dir ufs/var/spool/squid 100 16 256
/Var/spool/squid indicates the working path. The maximum directory capacity is 100 mb. There are 16 first-level sub-directories and 256 second-level sub-directories.
In addition, you can modify the buffer memory size. We recommend that you set it to physical memory 1/3, for example:
Chche_mem 8 MB
**************************************** *************
Enable squid Service
Service squid start
Check whether port 8080 is enabled

Return to the windows host, set "internet Options"-"connection"-"LAN Settings" for IE, and enter the Proxy Server IP address and port

At this time, you can access the Internet address http: // 198.2.3.1 to successfully access the linux host simulating the Internet. Remember to enable the httpd service ).

Ii. Transparent Proxy Server Configuration
As mentioned earlier, transparent proxy can only be configured on the gateway. So this time you need to modify the squid. conf file for the RHEL-B. First Delete the original RHEL-B NAT, so that windows PC and RHEL-B can not access the Internet, still reference the previous topology:

As before, first modify the allowed CIDR blocks

Find the location of the http port number and add a transparent to it, which indicates that the proxy server runs in transparent mode.

Next, initialize the squid server.

Squid-z

Restart squid service

Service squid reload

Check whether port 3128 is enabled.

Netstat-ntl

Internet access address

Http: // 198.2.3.1

).

**************************************** *************

If the gateway performs NAT and the static transparent proxy needs to be executed before SNAT, enter the following iptables command:

Iptables-t nat-a preouting-s 192.168.10.0/24-p tcp-dport 80-j REDIRECT -- to-ports 3128

**************************************** *************