Thursday, March 08, 2007

Squid Tutorial

We all know that using proxy is a method to connect to Internet for the LAN user. But do you know how to make a proxy server in your PC? There are many proxy server softwares in Windows such as WinGate and SyGate. However I will introduce you a Linux software today, it names Squid. You can find it in most versions Linux OS.
I will give you a little basic knowledge first. A proxy server software is based on the TCP/IP protocol. It monitors a special port such as 3128. A computer who runs a proxy server software is called a proxy server. If other computer want to connect to Internet through the proxy server, it should know the proxy server's IP address and proxy port such as 3128, which is used to config the communication software such as IE and ICQ.
The main function of proxy server is:
The proxy server can cache the website content that the clients visited, which can speed up the second visit.
The proxy server can give you access to the forbidden site. For example, the LAN administrator forbid your access to my-proxy.com, but you can also visit it through a proxy.
The proxy server can control the accesses of its clients. I will tell you more about it below.
Maybe you know another Linux software IPchains, which can also used as a access control tool. But the problem is that IPchains doesn't support DNS parsing. You have to list all the IP address of the websites you want to control. However it's different for Squid, you can simply forbid the access to the domain whose suffix is .tw or .cn by Squid while the DNS parsing is the work of ISP.
Now I will give you a example. We use a PC which has two network cards as our proxy server. The first network (eth0) connects to local area network (LAN) and the second one (eth1) connects to Internet. We use the RedHat Linux 8.0 and Squid (which comes with the OS).
Just like other Linux software, Squid works according to its config files. Its default config file is /etc /squid /squid.conf. It is more than ten pages and contains the config specification. However there are only a small part of them we will use, I list the most important options below. Most of them are open-and-shut.
  http_port 3128
  #the port that the proxy server monitors
  cache_dir /var/cache/squid 100 16 32
  #cache dir size(MB), the number of first level subdir, the number of second level subdir
  cache_access_log /var/log/squid/access.log
  cache_log /var/log/squid/cache.log
  acl all src 0.0.0.0/0.0.0.0
  acl head src 192.168.0.2/255.255.255.255 192.168.0.3/255.255.255.255
  acl normal src 192.168.0.21-192.168.0.99/255.255.255.255
  acl denysite dstdomain tw cn
  acl denyip dst 61.136.135.04/255.255.255.255
  acl dnsport port 53
  http_access allow head
  http_access deny denysite
  http_access deny denyip
  http_access allow normal
  http_access deny dnsport
We can know from the config file that:
Squid will monitor the port 3128
The cache dir is /var/cache/squid and its size is 100MB
The users 192.168.0.2 and 192.168.0.3 can access all the websites
The users 192.168.0.21-192.168.0.99 can't visit the website whose domain suffix is .tw or .cn
The users 192.168.0.21-192.168.0.99 can not visit the website whose IP is 61.136.135.4
Other users can not connect to server whose port is 53
It's obvious that the config file use keyword "acl" to define user groups & destination groups and use "http_access" to control the access of the groups. There different keywords after "acl" such as "src","dst","proto","port" and "dstdomain". You can also use "acl

3 comments:

Anonymous said...

[B]NZBsRus.com[/B]
Lose Sluggish Downloads Using NZB Files You Can Rapidly Search HD Movies, Games, Music, Applications & Download Them @ Electric Rates

[URL=http://www.nzbsrus.com][B]Newsgroup Search[/B][/URL]

Anonymous said...

It isn't hard at all to start making money online in the undercover world of [URL=http://www.www.blackhatmoneymaker.com]blackhat tools[/URL], Don’t feel silly if you have no clue about blackhat marketing. Blackhat marketing uses little-known or misunderstood ways to generate an income online.

Anonymous said...

top [url=http://www.xgambling.org/]free casino bonus[/url] check the latest [url=http://www.casinolasvegass.com/]casino games[/url] unshackled no store perk at the leading [url=http://www.baywatchcasino.com/]charitable casino games
[/url].