squid server PROXY SERVER CONFIGURATION BY GORVAM SADDAR

Prerequisites of Squid Proxy Server

1.     FTP Server

Introduction

The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the Internet. Most web based download sites use the built in FTP capabilities of web browsers and therefore most server oriented operating systems usually include an FTP server application as part of the software suite. Linux is no exception.

How To Download and Install VSFTPD

Most Red Hat and Fedora Linux software products are available in the RPM format. When searching for the file, remember that the VSFTPD RPM’s filename usually starts with the word “vsftpd” followed by a version number, as in vsftpd-2.0.5-16.el5.i386.rpm

Step 1. The following are the commands which we have to execute to create FTP server.

Step 2. In this step we have to give path where we actually have to store the all the packages of linux so that we can use them for further processing………

Step 3. To Start or Restart the service of FTP server

Step 4. Now assign IP address to your server to pick up the files and packages with following command

# neat-tui

After executing this command you will get this interface to give ip address to your system.

Select Edit Devices as shown in above snapshot

         

After selecting Edit Devices then select eth0 to assign ip address

Now, Save and Quit, IP will be assigned.

#service network restart

To check the ip is being assigned or not, execute command,

Conclusion

FTP is a very useful software application that can have enormous benefit to a Web site or to collaborative computing in which files need to be shared between business partners. Although insecure, it is universally accessible, because FTP clients are a part of all operating systems and Web browsers. If data encryption security is of great importance to you, then you should probably consider SCP as a possible alternative.

Yum Server

Introduction

Yum is an automatic updater and package installer/remover for rpm systems. It automatically computes dependencies and figures out what things should occur to install packages. It makes it easier to maintain groups of machines without having to manually update each one using rpm. There are several features of yum over rpm. It is to be noted that yum is not a replacement tool for RPM. It simply makes the process of installation / update more easier.

•          Multiple Repositories

•          Simple config file

•          Correct dependency calculation & Fast operation

•          rpm-consistent behavior

•          Simple interface

Below is brief syntax of the command.

yum [option] packagename

Configuration

YUM Server Configuration in RHEL5 (Yellow Dog Updater Modified) -for increasing the package integrity.

Step 1: install createrepo.rpm from the DVD for creating repository.

Step 2: Touch the following file with the contents specified.

            Save and Quit the Yum Repos file by using command

            :wq

Step 4: Use the yum server in the same machine because server is the first client of the same service most of the times

the following command is used for install dhcpd server .

Note: Remember ftp or http service has to be running in the yum server.

2.     DHCP Server

Introduction

Normally if you have a cable modem or DSL, you get your home PC's IP address dynamically assigned from your service provider. If you install a home cable/DSL router between your modem and home network, your PC will most likely get its IP address at boot time from the home router instead. You can choose to disable the DHCP server feature on your home router and set up a Linux box as the DHCP server.

Configuration

1. Download dhcp rpm package from Red Hat and install:

# rpm -ivh dhcp-2.0pl5-8.i386.rpm

2. Open /etc/sysconfig/network-scripts and copy eth0 to eth0:2

#cp ifcfg-eth0 ifcfg-eth0:2

#ls

3. Open and change the configuration by, vim ifcfg-eth0:2

4. Copy the sample file to dhcp.conf

#cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf

This sample file is a good starting point for our /etc/dhcpd.conf file, which by default is not installed. Alternatively, copy the file from a working server.

5. Assign Lan and Router IP Address to both the eth Cards.

#neat-tui

     

      Now Assign eth0:2 to Router Range

Press OK

Select eth0 to Assign Lan IP Range

Press OK

Now Press Save and Quit, Now your both Ethernet cards are being configured

To check, assigned ip’s run command

6. Edit /etc/dhcpd.conf to suit your needs. An example file is included below for reference:

7. Start/Restart the dhcp server by

#service dhcpd restart

8. Enable IP Forwarding using following command.

Net.ipv4.Enable ip_forward =1 instead of 0

To check the IP assigned by DHCP server Temp, write

 #ifconfig

Conclusion

In most home-based networks, a DHCP server isn't necessary because the DSL router / firewall usually has DHCP capabilities, but it is an interesting project to try. Just remember to make sure that the range of IP addresses issued by all DHCP servers on a network doesn't overlap because it could possibly cause unexpected errors. You might want to disable the router/firewall's DHCP server capabilities to experiment with your new Linux server.

A DHCP server may be invaluable in an office environment where the time and cost of getting a network engineer to get the work done may make it simpler for Linux systems administrators to do it by themselves.

The Squid Proxy Server

Introduction

Squid acts as a proxy cache. It redirects object requests from clients (in this case, from Web browsers) to the server. When the requested objects arrive from the server, it delivers the objects to the client and keeps a copy of them in the hard disk cache. One of the advantages of caching is that several clients requesting the same object can be served from the hard disk cache. This enables clients to receive the data much faster than from the Internet. This procedure also reduces the network traffic.

Along with the actual caching, Squid offers a wide range of features such as distributing the load over intercommunicating hierarchies of proxy servers, defining strict access control lists for all clients accessing the proxy, allowing or denying access to specific Web pages with the help of other applications, and generating statistics about frequently-visited Web pages for the assessment of the users' surfing habits. Squid is not a generic proxy. It normally proxies only HTTP connections. It supports the protocols FTP, Gopher, SSL, and WAIS, but it does not support other Internet protocols, such as Real Audio, news, or video conferencing. Because Squid only supports the UDP protocol to provide communication between different caches, many other multimedia programs are not supported.

Some Facts about Proxy Caches

As a proxy cache, Squid can be used in several ways. When combined with a firewall, it can help with security. Multiple proxies can be used together. It can also determine what types of objects should be cached and for how long.

1. Squid and Security: It is possible to use Squid together with a firewall to secure internal networks from the outside using a proxy cache. The firewall denies all clients access to external services except Squid. All Web connections must be established by the proxy. With this configuration, Squid completely controls Web access.
2. Multiple caches: Several instances of Squid can be configured to exchange objects between them. This reduces the total system load and increases the chances of finding an object already existing in the local network. It is also possible to configure cache hierarchies, so a cache is able to forward object requests to sibling caches or to a parent cache—causing it to get objects from another cache in the local network or directly from the source. Choosing the appropriate topology for the cache hierarchy is very important, because it is not desirable to increase the overall traffic on the network. For a very large network, it would make sense to configure a proxy server for every subnetwork and connect them to a parent proxy, which in turn is connected to the proxy cache of the ISP. All this communication is handled by ICP (Internet cache protocol) running on top of the UDP protocol. Data transfers between caches are handled using HTTP (hypertext transmission protocol) based on TCP. To find the most appropriate server from which to get the objects, one cache sends an ICP request to all sibling proxies. These answer the requests via ICP responses with a HIT code if the object was detected or a MISS if it was not. If multiple HIT responses were found, the proxy server decides from which server to download, depending on factors such as which cache sent the fastest answer or which one is closer. If no satisfactory responses are received, the request is sent to the parent cache.

3.      Caching Internet Objects: Not all objects available in the network are static. There are a lot of dynamically generated CGI pages, visitor counters, and encrypted SSL content documents. Objects like this are not cached because they change each time they are accessed. The question remains as to how long all the other objects stored in the cache should stay there. To determine this, all objects in the cache are assigned one of various possible states. Web and proxy servers find out the status of an object by adding headers to these objects, such as “Last modified” or “Expires” and the corresponding date. Other headers specifying that objects must not be cached are used as well. Objects in the cache are normally replaced, due to a lack of free hard disk space, using algorithms such as LRU (last recently used). Basically this means that the proxy expunges the objects that have not been requested for the longest time.

System Requirements

The most important thing is to determine the maximum network load the system must bear. Therefore, it is important to pay more attention to the load peaks, because these might be more than four times the day's average. When in doubt, it would be better to overestimate the system's requirements, because having Squid working close to the limit of its capabilities could lead to a severe loss in the quality of the service. The following sections point to the system factors in order of significance.

1. Hard Disks: Speed plays an important role in the caching process, so this factor deserves special attention. For hard disks, this parameter is described as random seek time, measured in milliseconds. Because the data blocks that Squid reads from or writes to the hard disk tend to be rather small, the seek time of the hard disk is more important than its data throughput. For the purposes of a proxy, hard disks with high rotation speeds are probably the better choice, because they allow the read-write head to be positioned in the required spot more quickly. One possibility to speed up the system is to use a number of disks concurrently or to employ striping RAID arrays.
2. Size of disk cache: In a small cache, the probability of a HIT (finding the requested object already located there) is small, because the cache is easily filled and the less requested objects are replaced by newer ones. If, for example, one GB is available for the cache and the users only surf ten MB per day, it would take more than one hundred days to fill the cache. The easiest way to determine the needed cache size is to consider the maximum transfer rate of the connection. With a 1 Mbit/s connection, the maximum transfer rate is 125 KB/s. If all this traffic ends up in the cache, in one hour it would add up to 450 MB and, assuming that all this traffic is generated in only eight working hours, it would reach 3.6 GB in one day. Because the connection is normally not used to its upper volume limit, it can be assumed that the total data volume handled by the cache is approximately 2 GB. This is why 2 GB of disk space is required in the example for Squid to keep one day's worth of browsed data cached.
3. RAM:  The amount of memory (RAM) required by Squid directly correlates to the number of objects in the cache. Squid also stores cache object references and frequently requested objects in the main memory to speed up retrieval of this data. Random access memory is much faster than a hard disk. In addition to that, there is other data that Squid needs to keep in memory, such as a table with all the IP addresses handled, an exact domain name cache, the most frequently requested objects, access control lists, buffers, and more. It is very important to have sufficient memory for the Squid process, because system performance is dramatically reduced if it must be swapped to disk. The cachemgr.cgi tool can be used for the cache memory management.
4. CPU: Squid is not a program that requires intensive CPU usage. The load of the processor is only increased while the contents of the cache are loaded or checked. Using a multiprocessor machine does not increase the performance of the system. To increase efficiency, it is better to buy faster disks or add more memory.

Starting Squid

Step1: Installing Squid package.

Press Y

Step2: Open the Squid Configuration file by the command.

            #vim /etc/squid/squid.conf

Write acl for the network range, in which proxy is being applied

acl mynet src 192.168.3.0/255.255.255.0

Where mynet is the name given to the network to which proxy is being applied.

After this, write the acl on which you want to restrict user, i.e apply proxy.

acl blocksite dstdomain “/etc/squid/blocksite”

Where blocksite is the Name given to the file in which we have to write the name of the websites which we want to block.. or restrict, eg .facebook.com etc

After this, write the acl to restrict the user from download various files like avi etc

acl download urlpath_regex “/etc/squid/download”

Where download is the Name given to the file in which we have to write the name of the extension, which we want to restrict from download. Eg .avi etc

After this, write the acl to restrict the user to search various keywords like wallpapers etc

acl search urlpath_regex “/etc/squid/search”

Where search is the Name given to the file in which we have to write the name of the keywords, which we want to restrict from searching. Eg wallpapers etc

After this, We have to tell the server which file to deny and which to allow

Now, we have to create the files which we mentioned in the configuration file of the Squid proxy server

#vim /etc/squid/blocksite

Save and quit using command :wq

#vim /etc/squid/download

Save and quit using command :wq

#vim /etc/squid/search

Save and quit using command :wq

Step3: Restart the service of Squid by using command,

Running Squid in GUI

After Configuring Squid Proxy Server, we have to run it on the client machine, so we have to do some basic network setting to apply the proxy on the web browser.

Step1. Console of the Client Machine.

Step2. Goto Edit -> Preferences

Step3. A new dialog box will open in which we have to goto

            Advanced -> Network -> Settings

Step4. Assign Manual proxy by selecting, Manual proxy configuration Here HTTP Proxy has given 192.168.3.1 which is the range of the ip assigned and 3128 is the port No. which is the default port number of the squid proxy configuration file.

Step5. Now close the dialog box.

Now the Client is being ready to Access Internet Under the Squid Proxy Server