Squid-Cache Proxy Server on Debian (Ubuntu) Distributions

From Kathmann Labs

Jump to: navigation, search

Go back to Squid Proxy Server Project page

If you are installing to a piece of hardware, skip the first step.

Install Ubuntu in VM (can also be done on physical hardware)

Install Ubuntu to a VM

Install SSH and Squid cache

apt-get install ssh squid - install openssh (optional, for remote administration) and Squid cache

Configure Squid cache

vi /etc/squid/squid.conf

uncomment and change the http_port line to http_port 8080 - you can use any port you want, TCP/8080 is the standard web proxy port
add a line to represent your local network (or all networks you want this proxy server to handle) to the ACCESS CONTROLS section of the config file

acl kllocal src 192.168.0.0/255.255.255.0 - this would create an entry called kllocal with the source address being anything in the Class C network 192.168.0.0
to keep in best practice, you can name each acl as a site's name. Such as acl boston src 10.0.1.0/255.255.255.0 (Site's location is Boston, address space is Class C network 10.0.1.0

search for the "http_access deny all" string by typing in ESC then /http_access deny all - this should bring you to that line
add the following before that line - http_access allow kllocal (or the acl name you created)

Add ports to firewall

Add ports to firewall - this part is optional, but highly recommended. There are many ways to do this, this was just my preferred way

copy the following to the file /etc/network/if-up.d/iptables-config

  #!/bin/bash
  iptables -F
  # set the default policy for each of the pre-defined chains
  iptables -P INPUT ACCEPT
  iptables -P OUTPUT ACCEPT
  iptables -P FORWARD DROP
  iptables -A INPUT -i lo -j ACCEPT
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  # to allow incoming SSH and Proxy
  iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  iptables -A INPUT -m state --state NEW -p tcp -m tcp --dport 8080 -j ACCEPT
  # drop everything else
  iptables -A INPUT -i eth+ -p udp -j DROP
  iptables -A INPUT -i eth+ -p tcp -m tcp --syn -j DROP

chmod +x /etc/network/if-up.d/iptables-config - makes the iptables-config script executable

Enable SSH and Squid cache on system startup

update-rc.d ssh defaults

update-rc.d squid defaults

restart the daemons

/etc/init.d/networking restart - restarts the network components and loads the new firewall rules
/etc/init.d/squid restart - restarts the squid daemons

Retrieved from "http://www.kathmannlabs.net/mediawiki/index.php/Squid-Cache_Proxy_Server_on_Debian_%28Ubuntu%29_Distributions"

Categories: How-to | Debian Linux How-to