開源Squid Proxy Server 設置

設置Squid的目的當你在企業內部，Internet斷掉的狀況下，你能夠默認路由走別的路徑出去，好比從Squid 所在網絡出口出去

Part 1. restart the squid service

the squid path is working in /usr/local/squid/sbin/squid
Configuration file /usr/local/squid/etc/squid.conf

sudo ./squid -s <--- start the process
sudo ./squid -k reconfigure <----to reload the proces

Part 2, Setup the squid on Redhat

1 . Linux system with gcc compiler and yum function

2. sudo ./configure sudo make sudo make install

3. setup the conf file.
   configuration file /usr/local/squid/etc/squid.conf

add acl local src 135.36.0.0/16
*Adapt localnet in the ACL section to list your (internal) IP networks

• from where browsing should be allowed
  http_access allow localnet
  http_access allow localhost
  #*And finally deny all other access to this proxy
  http_access deny all

• Squid normally listens to port 3128
  #http_port 3128
  http_port 8000

#*Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
cache deny all <--- do not use cache mode

• we are using port 8000, you can see that sudo netstat -tulnp |grep squid

4. change the /usr/local/squid/var to 777, so nobody account can read and
   write log to
   /usr/local/squid/var/logs/
   sudo chmod -Rvf 777 /usr/local/squid/var

5. shutdown the firewall, sudo service iptables stop and sudo chkconfig
   iptables off
   and make sure the firewall allow network to communication with this DMZ
   zone server

6. add to startup script so the squid service will auto start after the system
   start
   -bash-4.1$ cat /etc/rc.local

#!/bin/sh

#This script will be executed after* all the other init scripts.

• You can put your own initialization stuff in here if you don't
• want to do the full Sys V style init stuff.
  touch /var/lock/subsys/local
  /usr/local/squid/sbin/squid -s

7. add cron job to nobody account so to rotate the log
   sudo crontab -u nobody -e

   0 4 * /usr/local/squid/sbin/squid -k rotate <--- add this line

8. sudo ./squid -s <--- start the process

   9.
   /usr/local/squid/bin/squidclient -p 8000 http://www.google.com <----test ifsquid is working