Syed Jahanzaib – Personal Blog to Share Knowledge !

August 8, 2011

Linux Transparent Squid Proxy Server Guide

Filed under: Linux Related — Syed Jahanzaib / Pinochio~:) @ 6:31 AM

squid

How To Install Squid in Ubuntu Linux

As http://whatis.techtarget.com/definition/squid-proxy-server.html defines, Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin. Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP. Caching frequently requested Web pages, media files and other content accelerates response time and reduces bandwidth congestion.

Squid works by tracking object use over the network. Squid will initially act as an intermediary, simply passing the client’s request on to the server and saving a copy of the requested object. If the same client or multiple clients request the same object before it expires from Squid’s cache, Squid can then immediately serve it, accelerating the download and saving bandwidth.

Internet Service Providers (ISPs) have used Squid proxy servers since the early 1990’s to provide faster download speeds and reduce latency, especially for delivering rich media and streaming video. Website operators frequently will put a Squid proxy server as a content accelerator, caching frequently viewed content and easing loads on Web servers. Content delivery networks and media companies employ Squid proxy servers and deploy them throughout their networks to improve the experience of viewers requesting programming, particularly for load balancing and handling traffic spikes for popular content.
Here I will discuss on howto setup it on popular linux flavour “Ubuntu“.
After installing Ubuntu , configure network interface cards, you must have at least 2 LAN cards , one for local LAN, second with internet connection e.g DSL

After configuring networking, make sure you are able to browse the internet. After that install & Configure Squid.

Default login type to linux is GUI (in Ubuntu Desktop or FEDORA) First login as root.

a) Then install SQUID service by issuing following command:

apt-get install squid squid-common 

b) Now configure it using default squid configuration file.

gedit /etc/squid/squid.conf

If you have CLI access, then use nano e.g:

nano /etc/squid/squid.conf

o change squid port  from http_port 3128 to http_port 8080

o find the http_access section, uncomment the following 2 lines and add your own networks (for example 192.168.0.0/24):

acl our_networks src 192.168.0.0/24
http_access allow our_networks

o change hostname in the visible_hostname section after:

#Default: # is none , just add:
visible_hostname proxy.aacable.com

Now save file, and exit and restart squid to implement changes we made to squid configuration:

service squid restart

Now in client browser, set proxy address to SQUID lan ip and port 8080, and test the browsing. If you don’t want to manually set the proxy at client end, setup squid in transparent mode.

Configure Squid as Transparent Proxy (Squid version >= 2.6)

Edit the Squid configuration file
gedit /etc/squid/squid.conf

o change from: http_port 8008 to,
http_port 8080 transparent

Save & Exit. and restart squid proxy server by

service squid restart
OR
squid -k rec


Iptables configuration

Next, add following rules to forward all http requests (coming to port 80) to the Squid server port 8080 :

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.1:8080
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

Where 192.168.0.1 is the ip of the Proxy LAN interface. & eth0 is LAN , and eth1 is WAN]

*  Save the new iptables:
iptables-save

OR use the following

https://aacable.wordpress.com/2011/06/01/linux-simple-internet-sharing-script/

++++++++++++++++++++++++++++++++++++

Also, following is a great guide which will gonna help you in installing SQUID proxy server in transparent mode.

http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

27 Comments »

  2. Fantastic post!
    Thanks!!
    I currently use Proxies from a proxylist like http://AnonTux.com , but I will set a squid proxy with your guide up!
    Thanks again!!

    Like

    Comment by ubuntuler — August 14, 2011 @ 10:47 PM

    Reply

  3. Hi Dear friend , i’ve properly configured a proxy server on a P4 DELL GX650 with a 40GB HDD and 1.5GB RAM and 3.0 CPU , and trying to cache just a little lan trafick , but when i try to open a webpage it will wait for 5-10 seconds to open a page , the webpage request are very slow .

    is there anything to do with this problem or not
    thx and wish u all the best

    Like

    Comment by nori — January 6, 2012 @ 5:33 AM

    Reply

    • Lot of things that you should check.
      # Internet connection speed.
      # install any dns caching server like dnsmasq to resolve dns fast.
      # squid.conf is the file that you should dig deep down. all squid config saves here, so you should fine tune it for fast response and cache.

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — January 6, 2012 @ 10:57 AM

      Reply

  4. yeah it worked 🙂 just installing dnsmasq and everything goes better 🙂
    its fantastic what squid can do 🙂 thx again

    Like

    Comment by Nori Gashi — January 6, 2012 @ 8:21 PM

    Reply

  5. i m using squid proxy on centos 5.4 client site every thing is working fine but mp3 ,exe, and other download files not download fast its show same internet speed what can i do ? i also use ur refresh_pattren

    Like

    Comment by khurram — January 31, 2012 @ 6:54 PM

    Reply

  7. UN SALUDO DESDE PERU
    GRACIAS POR SU APORTE
    UN MANUAL COMPLETO DE LUSCA/SQUID CON MIKROTIK TERMINADO Y FUNCIONANDO. POR FAVOR
    wifi-system@hotmail.com

    Gracias Syed Jahanzaib por tu aporte grande a la humanidad.
    por favor Syed Jahanzaib enviame a mi correo UN MANUAL COMPLETO DE LUSCA/SQUID CON MIKROTIK TERMINADO Y FUNCIONANDO. POR FAVOR

    Like

    Comment by eighel — June 29, 2012 @ 9:48 PM

    Reply

  8. Dear sir
    could you help me? I have speed internet 6M i want user access with website full speed 6M but if user access with speed download 512K , now i use Router bord RB-750 mikrotik . thank
    my email: sinamao@gmail.com
    skype: sinamao168

    Like

    Comment by maosina — October 18, 2012 @ 4:29 AM

    Reply

    • Mark packets for general download contents like .exe .mp3 .zip and then using these mark packets, create queue which restricts bandwidth only for marked packets,

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — October 20, 2012 @ 10:47 AM

      Reply

  9. Can I use the same script with centos 5.8? can you explain how i can set transparent proxy and firewall rule using webmin? It would be very helpfull if you write a proxy series with webmin. Another question is do i need to flash or delete ip table or nat rule to make work proxy? i mean i have already setup nat and dhcp server which providing internet connection to my local user 192.168.1.0/24. Do i need to delete nat command to work with this proxy natting?

    Like

    Comment by Studyete Anas — February 23, 2013 @ 8:03 AM

    Reply

  10. Hello Syed, thanks for the great work you are doing on your blog.

    I have a question pls, i’ve gone through the entire setup but now when i add ip-tables rules via command line, everything seems ok until i check ip-tables again then i realize the rules are all gone.

    why isn’t ip-tables saving the rules?
    Is there a more appropriate way to add the rules aside command line?

    thanks in advance,
    max

    Like

    Comment by maxxie — April 11, 2013 @ 12:23 AM

    Reply

  11. salam , dear jahanzaib bhai i m using mikrotik + squid cache but “cached contents are also restricted by user speed package ” what can i do for cache contents download full Lan speed ?

    Like

    Comment by khurram — June 11, 2013 @ 4:43 AM

    Reply

  12. on squid 3.1 ZPH obsoleted is their any other thing to do??

    Like

    Comment by Hammad — June 12, 2013 @ 3:28 PM

    Reply

    • as far as i know ZPH is not obsoleted. Im still using it. just the syntax is changed. check Mr.Syed’s tutorials & links, you will find ZPH settiings for squid3.x

      Like

      Comment by Umer Sarwar — October 18, 2013 @ 10:28 AM

      Reply

  13. As-salamu alaykum,

    Please i have a couple of issues on my setup.
    i did the squid setup as described above but i have issues;

    The Tail command in the squid stops showing activity within the squid (i use Suse 12.x) after 30 minutes or so. then i now delete the dstnat rule in the mikrotik and when i return it on to the the mikrotik the activity immediately picks up but the proxy is not transparent. so in order to make it transparent i input the ports and then i notice that that traffic in the mikrotik dstnat rule on the firewall nat page stops flowing. then after a while on the squid the activity stops totally on the tail command! I would like to know how to make sure that traffic continues flowing and activity does not stop in the squid as before.
    Also i seem to have unnatural activity within my mikrotik as i believe some hackers are trying top gian access. I noticed that some IPs not assigned to my users are trying to gain access to my hotspot that i use to validate my users. what i would like is a command for CLI to stop all IPs not issued by me from accessing the network.

    Thank you.

    Like

    Comment by Ahmed Bello — October 21, 2013 @ 1:10 AM

    Reply

  14. As-salamu alaykum,

    To be sincere I only have this problem of my the tail command within squid stopping to show any form of activity as I did make it a transparent proxy! But if I make it a non-transparent proxy then it does not show this error! so it must mean that I am doing something wrong! I would appreciate it you could please give me detailed instructions on how to configure the Mikrotik router to do the transparent proxy with my external squid box.

    I really appreciate you and all your help so far.

    Thank you.

    Like

    Comment by Ahmed Bello — October 21, 2013 @ 1:11 AM

    Reply

  15. Asalam-o-alecum , Dear jahanzaib , i have make squid proxy server(Transparent ) on Ubuntu 12.04 (squid 3.1.9) as per your define configuration its working fine on client side with proxy setting in browser but not working on Transparent kindly identify whats going wrong ?

    Like

    Comment by khurram — April 21, 2014 @ 11:28 AM

    Reply

  16. […] PDF File Name: Linux transparent squid proxy server guide | syed PDF Source: aacable.wordpress.com Download PDF: Linux transparent squid proxy server guide | syed […]

    Like

    Pingback by Proxy Linux Server Danish's Story | Danish's Story — November 20, 2014 @ 11:13 AM

    Reply

  17. Thanks for the post. I have about 160 user with 5mb dsl. Which proxy server will be okay for me? Squid or mikrotik proxy server?

    Like

    Comment by Idowu — February 13, 2015 @ 12:48 PM

    Reply

    • Mikrotik proxy is ok for basic level of caching and works fine. try it first.
      squid requires good hardware + sound knowledge of linux+squid

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — February 14, 2015 @ 10:44 AM

      Reply

  18. Hi there. I have installed squid3 and I can see the flow in the logs but all the entries have a TCP_MISS. It seems like nothing is gettin cached. I would like a cache server to cache top websites visited aswell as speedtest.net. But this does not seem to work. Do you maybe have a working example or template or script I can follow? My internet router is a mikrotik so I would like to make it transparent with the proxy on a single interface. Hope you can help. Regards, Riaan

    Like

    Comment by Riaan — September 21, 2015 @ 11:57 PM

    Reply

RSS feed for comments on this post. TrackBack URI

Leave a comment