Install and configure Squid in Slackware

This is a guide on how to create Slackware Squid package using scripts from Slackbuilds.org, install it in Slackware 13.37 (also Slackware64 14.1) and configure the squid.conf configuration file. It is just a basic configuration to get Squid cache proxy server works. Advanced setting is not included. You should read and at least understand some basic of Squid before try this step by step guide. Here is Squid-cache website. Before we begin, please make sure you have these basic requirements:

  1. Two network interface cards.
  2. Setup dhcp server.

The ip address must be set and working. For example, the first network card, eth0 is set and connected to the router. The second network card, eth1 is set and connected to the local network's switch. Here is a tutorial on how to configure network card in Slackware Linux basic network configuration. After that, setup dhcp server and make Slackware a gateway. Here is a guide on how to setup a dhcp server in Slackware, Install and configure dhcp server in Slackware Linux. When all clear, you can begin Squid cache proxy server configuration.

This tutorial consists of several steps. Basically, here's what we are going to do:

  • Create Squid package for Slackware
  • Install Squid package in Slackware
  • Configure Squid cache proxy server in Slackware
  • Configure Squid to block some domains and files
  • Start Squid daemon in Slackware

Create Squid package for Slackware

1) Download necessary files from SlackBuilds.org. All information needed are in the Slackbuilds website. Enter 'squid' in the search form and select your Slackware version.

2) When you have all the necessary files, change directory to your working area and extract Squid slackbuilds script file. See example below:

[email protected]:~# cd slackware/source/myslackware/
[email protected]:~/slackware/source/myslackware# tar zxvf /home/jinlusuh/squid/squid.tar.gz
squid/
squid/squid.logrotate
squid/README
squid/doinst.sh
squid/squid.conf
squid/squid.info
squid/slack-desc
squid/README.SBo
squid/squid.SlackBuild
squid/squid.conf.documented
squid/rc.squid
[email protected]:~/slackware/source/myslackware#

3) Change directory to the "squid" directory from the slackbuild's script file that we've just extracted. Copy squid source, 'squid-3.1.xx.tar.bz2' into the directory. See step by step command below:

Note:Slackware 13.37 uses squid-3.1.12.tar.bz2 source, Slackware 14.1 uses squid-3.1.23.tar.bz2 source. The instruction steps and commands are the same.

[email protected]:~/slackware/source/myslackware# cd squid/
[email protected]:~/slackware/source/myslackware/squid# cp /home/jinlusuh/squid/squid-3.1.xx.tar.bz2 .
[email protected]:~/slackware/source/myslackware/squid#

4) Run squid.SlackBuild script to begin create Slackware Squid package:

[email protected]:~/slackware/source/myslackware/squid# ./squid.SlackBuild

5) When the process is over, you can find the Slackware Squid package result in the /tmp directory (default slackbuild configuration). Now change directory to the /tmp and copy the Squid package for backup. See step by step example below:

[email protected]:~/slackware/source/myslackware/squid# cd /tmp/
[email protected]:/tmp# cp squid-3.1.xx-x86_64-1_SBo.tgz ~/slackware/packages/

Install Squid package in Slackware

Now that the Squid package is ready, let's install it using Slackware 'installpkg' tool. Below is the example on how to install Squid package in Slackware:

[email protected]:/tmp# installpkg squid-3.1.xx-x86_64-1_SBo.tgz
Verifying package squid-3.1.xx-x86_64-1_SBo.tgz.
Installing package squid-3.1.xx-x86_64-1_SBo.tgz:
PACKAGE DESCRIPTION:
# Squid (a popular free and open source Web proxy server and web cache)
#
# Squid is a high-performance proxy caching server for web clients,
# supporting FTP, gopher, and HTTP data objects.
#
# Homepage: http://www.squid-cache.org/
#
Executing install script for squid-3.1.xx-x86_64-1_SBo.tgz.
Package squid-3.1.xx-x86_64-1_SBo.tgz installed.

[email protected]:/tmp#

Configure Squid cache proxy server in Slackware

We are ready to configure Squid in Slackware as a cache proxy server. Change the directory /etc/squid. This is the home of Squid configuration files.

[email protected]:/tmp# cd /etc/squid/
[email protected]:/etc/squid# ls
cachemgr.conf errorpage.css.default squid.conf
cachemgr.conf.default mime.conf squid.conf.default
errorpage.css mime.conf.default squid.conf.documented
[email protected]:/etc/squid#

You can start configure squid by editing the squid configuration file which is the /etc/squid/squid.conf file.

[email protected]:~# vim /etc/squid/squid.conf

Scroll down to the 'Recommended minimum configuration' or you can type '/Recommended minimum configuration' and press Enter. See example below:

# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl localnet src 192.168.1.0/255.255.255.0 # Makmal Bahasa internal network

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

The red color font is a local network that we add to the proxy server. Next, we are going to set the http port for the proxy. So scroll down again until you found http_port as in the example below:

# Squid normally listens to port 3128
#http_port 3128
#http_port 192.168.1.1:8080
http_port 8080

You can use the default port if you want. When you are done, we can set the cache directory size now. Scroll down and find 'cache_dir' as in the example below. The format is "cache_dir ufs Directory-Name Mbytes L1 L2 [options]" where L1 is level one subdirectory size and L2 is level 2 subdirectory size.

#Default:
cache_dir ufs /var/cache/squid/ 5000 16 256

That's the basic setting to get cache proxy server to works. The rest is up to you.

Configure Squid to block some domains and files

We can use Squid to restricts access to some domains using access list (acl). What we need to do is to configure acl in /etc/squid/dquid.conf file and create a file containing blocked domain names. Here are the steps:

1. Add these red lines in /etc/squid/squid.conf file:

# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"
# Deny all blocked domains
http_access deny blockeddomain

Create a file name blocked.domains.acl in /etc/squid directory. Add those domains that you want to restrict access to. Here is the example:

[email protected]:~# vim /etc/squid/blocked.domains.acl

Add domain names in line:

.facebook.com
.youtube.com
.onlinegames.com

We put '.' at the beginning of the domain to block subdomain and if the domain start with www address. Save and quit the file.

We can also restrict certain file that we don't want user to download by blocking the file extension. To do that, add these lines in red in the /etc/squid/squid.conf file:

# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"
# Deny all blocked domains
http_access deny blockeddomain

acl blockfiles urlpath_regex -i "/etc/squid/blocked.files.acl"
# Deny all blocked extensions
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles

Create a file name blocked.files.acl in /etc/squid directory. Add file extension that you don't want user to download. Here is the example:

[email protected]:~# vim /etc/squid/blocked.files.acl

Add file extension in line:

# \.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$

Save and quit the file and we are done. It's time to run Squid in our network.

Start Squid daemon in Slackware

What you need to do now is to start Squid daemon. Run squid twice. One with the command '/usr/sbin/squid -z' and after that '/usr/sbin/squid'. Please check and make the rc.squid file executable and then restart the service. Below is the steps example:

[email protected]:~# chmod 755 /etc/rc.d/rc.squid
[email protected]:~# /usr/sbin/squid -z
2013/12/31 10:45:00| Creating Swap Directories
2013/12/31 10:45:00| /var/cache/squid/ exists
2013/12/31 10:45:00| Making directories in /var/cache/squid//00
2013/12/31 10:45:00| Making directories in /var/cache/squid//01
2013/12/31 10:45:00| Making directories in /var/cache/squid//02
2013/12/31 10:45:00| Making directories in /var/cache/squid//03
2013/12/31 10:45:00| Making directories in /var/cache/squid//04
2013/12/31 10:45:00| Making directories in /var/cache/squid//05
2013/12/31 10:45:00| Making directories in /var/cache/squid//06
2013/12/31 10:45:00| Making directories in /var/cache/squid//07
2013/12/31 10:45:00| Making directories in /var/cache/squid//08
2013/12/31 10:45:00| Making directories in /var/cache/squid//09
2013/12/31 10:45:00| Making directories in /var/cache/squid//0A
2013/12/31 10:45:00| Making directories in /var/cache/squid//0B
2013/12/31 10:45:00| Making directories in /var/cache/squid//0C
2013/12/31 10:45:00| Making directories in /var/cache/squid//0D
2013/12/31 10:45:00| Making directories in /var/cache/squid//0E
2013/12/31 10:45:00| Making directories in /var/cache/squid//0F
[email protected]:~# /usr/sbin/squid
2013/12/31 10:43:20| aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.2.0/16'

Oh there are warnings. Open Squid configuration file again and edit the rules. See example below:

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl localnet src 192.168.1.0/24 # Makmal Bahasa internal network

That's it for now. Don't forget to restart daemon after you modify the configuration file. There are three daemons related in this task which are squid daemon, inet1 (network card) and dhcpd. We are going to set on the client side now. See step by step guide below on how to do it.

Start squid at boot by adding script below in /etc/rc.d/rc.local file:

[email protected]:/etc/rc.d# vim rc.local
#!/bin/sh
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Put any local startup commands in here. Also, if you have
# anything that needs to be run at shutdown time you can
# make an /etc/rc.d/rc.local_shutdown script and put those
# commands in there.
if [ -x /etc/rc.d/rc.squid ]; then
/etc/rc.d/rc.squid start
fi

[email protected]:/etc/rc.d#

Setup client to use squid cache proxy server

First we start with Mozilla Firefox browser. Click Tools menu and choose Options....

Squid cache proxy client Firefox setup image

In 'Options' window, choose Advanced tab. There are General, Network, Update and Encryption tabs. Choose Network and in the 'Connection section', click Settings... to configure how Firefox connects to the Internet.

Squid cache proxy client Firefox setup image2

In 'Connection Settings' window, click Manual proxy configuration and key in 'HTTP Proxy' and 'Port'. Don't forget to tick Use this proxy server for all protocols.

Squid cache proxy client Firefox setup image3

Click OK and you are done. If you forgot to tick 'Use this proxy server for all protocols' as mention above, you'll have trouble to connect to any https sites such as yahoo mail, gmail, etc.

For Internet Explorer browser, follow the steps below to configure Squid cache proxy client:

Open 'Menu bar'.

Squid cache proxy client IE setup image

Click 'Tools' and and choose 'Internet Options'.

Squid cache proxy client IE setup image2

Setup./p>

Squid cache proxy client IE setup image3

Finally, when 'Local Area Network Settings' window pops up, enter Squid proxy server IP address and port in 'Proxy server' section. Click 'OK' and you are done.

Squid cache proxy client IE setup image4

That's all. The basic configuration and setup is done. You just need to study more about Squid and tweaks your squid's configuration to get the best out of it. Good luck and all the best!

Comments

1

By the time I did these commands:

[email protected]:~# chmod 755 /etc/rc.d/rc.squid
[email protected]:~# /usr/sbin/squid -z

I get some errors, these were repeated for about 3-5 times:

WARNING: Cannot write log file: /var/log/squid/cache.log
/var/log/squid/cache.log: Permission denied, messages will be sent to 'stderr'

then some logs.. and then:

FATAL: Failed to make swap directory /var/cache/squid: (13) Permission denied
...

I ran the commands as root and stuff. Didn't do all of the previous configs such as blocking domains and sites because of the specifications given to us (I'm a student, tasked to make a 2-interface computer thingy using Slackware, fortify the system, use Squid and then DansGuardian later).

Add new comment