Ubuntu 11.04 proxy server how-to

apt-get update
apt-get install aptitude
aptitude install squid squid-common
vim /etc/squid/squid.conf

Below this line; “acl localhost src 127.0.0.1/32” (or some similar “acl localhost src xxx”)
add;
———————————————————–
acl yournetwork src xx.xx.xx.xx
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Where xx.xx.xx.xx is the external IP address of the computer you are connecting to the proxy
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
———————————————————–

then also locate the ‘http_access allow localhost’ and insert the following line below it.
———————————————————–
http_access allow yournetwork
———————————————————–

At the bottom of the file, add;
———————————————————–
header_access Proxy-Connection deny all
header_access X-Forwarded-For deny all
header_access Connection deny all
header_access Via deny all
header_access Cache-Control deny all
header_access Keep-Alive deny all
———————————————————–

Comment this line:
———————————————————–
http_access deny CONNECT !SSL_ports
———————————————————–

Save with :w
Quit with :q

Set the correct permissions.
———————————————————–
chown -R proxy:proxy /var/log/squid/
chown proxy:proxy /etc/squid/squid.conf
———————————————————–

You will need to restart squid for the changes to take affect.
———————————————————–
/etc/init.d/squid restart
———————————————————–

Optional:
———————————————————–
apt-get install rsyslog
———————————————————–

Check error log if error occurs.
———————————————————–
vim /var/log/syslog
———————————————————–

All of this should also work on Debian 5 / Debian 6. CentOS setup is similar, except you use yum instead of apt-get etc.

Adding outgoing IP addresses to Squid

If this isn’t done yet, add the IP address to your server by creating a new interface file with a colon and a number.
For CentOS:
———————————————————–
/etc/sysconfig/network-scripts/ifcfg-venet0:1
———————————————————–
As an example:

DEVICE=venet0:1 BOOTPROTO=static IPADDR=xxx.xxx.xxx.xxx ONBOOT=yes

Note that venet0 could also be eth0 or something similar.

I will update with the rest on this later

Leave a Reply

Your email address will not be published. Required fields are marked *