≡ Menu


Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5

I've already wrote about setting up a Linux transparent squid proxy system. However I'm getting lots of questions about Squid basic installation and configuration:

How do I install Squid Proxy server on CentOS 5 Liinux server?

Sure Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Install Squid on CentOS / RHEL 5

Use yum command as follows:
# yum install squid

Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check
Dependencies Resolved
 Package                 Arch       Version          Repository        Size
 squid                   i386       7:2.6.STABLE6-4.el5  updates           1.2 M
Transaction Summary
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: squid                        ######################### [1/1]
Installed: squid.i386 7:2.6.STABLE6-4.el5

Squid Basic Configuration

Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks and Make sure you adapt to list your internal IP networks from where browsing should be allowed:
acl our_networks src
http_access allow our_networks

Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start


init_cache_dir /var/spool/squid... Starting squid: .       [  OK  ]

Verify port 3128 is open:
# netstat -tulpn | grep 3128

tcp        0      0      *                   LISTEN      20653/(squid)

Open TCP port 3128

Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart

Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Client configuration

Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.

See also

You may find our previous squid tips useful:

Squid Security and blocking content Related Tips

Squid Authentication Related Tips

Squid Other Tips

Why my Linux server ext3 filesystem go read-only?

From my mailbag:

We have 5 Dell server collocated running CentOS 4.x and 5.x server operating system. Sometime my file system (ext3) goes read-only. I’d like to know what could be causing such a problem?

My guess:
a) Hardware problem / hard disk problem, check harddisk for errors.

b) High disk I/O aka busy I/O retry error can mark low level disk call as failed. This will force ext3 to go into read only mode.

c) High disk I/O on SAN

d) SAN is not configured properly for the path failover.

In all sort of problems ext3 goes read-only to protect the filesystem and further damage. If you are using VMWARE, check out official webpage to download SCSI patches or workaround for vmware problems.

So what could be causing the file system on Linux go read-only?

Apart from above generic problem, any other error can trigger filesystem on Linux go read only. I hope our reader / seasoned Linux admin can help to answer this question. Please share the experiences and advice in the comments.

How to: Linux reset the permissions of the installed rpm packages with –setperms option

Sometime by mistakes all file permissions get changed and you need to restore file permission. For example a shell script or some sort of corruption could change the permissions for packages (installed files), it may be necessary to reset them.

For example a long time ago my shell script run chmod and chown commands on /usr and changed the permission. Luckily rpm command can reset package permission. Sun Solaris pkg command and IBM can also reset permissions.

Please note that this troubleshooting tip is about resetting the permission of the installed package files and not about end users files stored in /home directory.

RPM syntax to fix permission

To set permissions of files in a package, enter:

rpm --setperms {packagename}

RPM syntax to fix file ownership

To set user/group ownership of files in a package, enter:

rpm --setugids {packagename}

List installed package

You can list all installed package with rpm -qa command:
rpm -qa


List individual package file permission

You can list individual installed package file permission using following shell for loop (for example list file permission for zip package):
for f in $(rpm -ql zip); do ls -l $f; done

-rwxr-xr-x 1 root root 75308 Jan  9  2007 /usr/bin/zip
-rwxr-xr-x 1 root root 31264 Jan  9  2007 /usr/bin/zipcloak
-rwxr-xr-x 1 root root 28336 Jan  9  2007 /usr/bin/zipnote
-rwxr-xr-x 1 root root 30608 Jan  9  2007 /usr/bin/zipsplit
total 188
-rw-r--r-- 1 root root  3395 Dec 14  1996 algorith.txt
-rw-r--r-- 1 root root   356 Dec 14  1996 BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 CHANGES
-rw-r--r-- 1 root root  2692 Apr 10  2000 LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 MANUAL
-rw-r--r-- 1 root root  8059 Feb 27  2005 README
-rw-r--r-- 1 root root  3149 Feb 21  2005 TODO
-rw-r--r-- 1 root root  2000 Mar  9  2005 WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 WHERE
-rw-r--r-- 1 root root 356 Dec 14  1996 /usr/share/doc/zip-2.31/BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 /usr/share/doc/zip-2.31/CHANGES
-rw-r--r-- 1 root root 2692 Apr 10  2000 /usr/share/doc/zip-2.31/LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 /usr/share/doc/zip-2.31/MANUAL
-rw-r--r-- 1 root root 8059 Feb 27  2005 /usr/share/doc/zip-2.31/README
-rw-r--r-- 1 root root 3149 Feb 21  2005 /usr/share/doc/zip-2.31/TODO
-rw-r--r-- 1 root root 2000 Mar  9  2005 /usr/share/doc/zip-2.31/WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 /usr/share/doc/zip-2.31/WHERE
-rw-r--r-- 1 root root 3395 Dec 14  1996 /usr/share/doc/zip-2.31/algorith.txt
-rw-r--r-- 1 root root 12854 Jan  9  2007 /usr/share/man/man1/zip.1.gz

Reset the permissions of the all installed RPM packages

You need to use combination of rpm and a shell for loop command as follows:
for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done

Above command combination will reset all the permissions to the default permissions under CentOS / RHEL / Fedora Linux.

A note about Debian / Ubuntu Linux distributions

Only rpm command / Solaris pkg and AIX command supports package file permission reset option. But dpkg / apt-get command doesn’t support this option.

Solaris command example

Boot Solaris / OpenSolaris box in single user mode. Mount /usr and other filesystem:
mount / /a
mount /usr /a/usr
mount /var/ /a/var
mount /opt /a/opt

Login as the root, enter:
pkgchk -R /a -f
Please note that he pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually. Read pkgchk command man page for more information:
man pkgchk

Howto: Redhat Enterprise Linux SELinux policy guide

Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5 / CentOS 5 / Fedora etc. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process:

A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they're done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.

=> A step-by-step guide to building a new SELinux policy module

Linux rpm command no such file or directory error and solution

New Linux user often get this error. Let us say you haved downloaded the RPM file from net and saved to /tmp, you may get error - no no such file or directory - when the file is really downloaded and ls command can show the same.

Answer is pretty simple rpm command needs the full path to RPM command. Use pwd command to get full path and type the following commands:
ls *.rpm
Now install the rpm file:
rpm -ivh myrpm.rpm
or use full path:
rpm -ivh /tmp/myrpm.rpm

Running query on uninstalled rpm package

However if you run query on uninstalled package you will get an error:
# rpm -qi /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm

package bandwidth-0.12-1.el5.rf.x86_64.rpm is not installed

To query an uninstalled package pass -p option to rpm command.
# rpm -qip /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm

Name        : bandwidth                    Relocations: (not relocatable)
Version     : 0.12                              Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release     : 1.el5.rf                      Build Date: Sat 28 Jul 2007 03:27:28 PM CDT
Install Date: (not installed)               Build Host: lisse.leuven.wieers.com
Group       : Applications/Internet         Source RPM: bandwidth-0.12-1.el5.rf.src.rpm
Size        : 30905                            License: GPL
Signature   : DSA/SHA1, Sat 28 Jul 2007 03:31:11 PM CDT, Key ID a20e52146b8d79e6
Packager    : Dag Wieers 
URL         : http://home.comcast.net/~fbui/bandwidth.html
Summary     : Artificial benchmark for measuring memory bandwidth
Description :
bandwidth is an artificial benchmark for measuring memory bandwidth,
useful for identifying a computer's weak areas.

Howto: Add a new yum repository to install software under CentOS / Redhat Linux

CentOS / Fedora Core / RHEL 5 uses yum for software management. Yum allows you to add a new repository as a source to install binary software.

Understanding yum repository

yum repository configured using /etc/yum.conf file. Additional configuration files are also read from the directories set by the reposdir option (default is /etc/yum.repos.d and /etc/yum/repos.d.

RPMforge repository

Usually repository carries extra and useful packages. RPMforge is one of such repository. You can easily configure RPMforge repository for RHEL5 just by running following single RPM command:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64 bit RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now you can install software from RPMforge.

How do I install 3rd party repository manually?

Let us say you would like to install 3rd party repository from foo.nixcraft.com. Create a file called foo:
# cd /etc/yum.repos.d
# vi foo

Append following code:
name=Foo for RHEL/ CentOS $releasever - $basearch

Save and close the file.


  • [foo] : Repository name i.e. The [main] section must exist for yum to do anything.
  • name=Foo for RHEL/ CentOS $releasever - $basearch : A human readable string describing the repository name
  • baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/ : Must be a URL to the directory where the yum repository’s ‘repodata’ directory lives
  • enabled=1 : Enabled or disabled repo. To disable the repository temporarily, set the enabled to 0
  • gpgcheck=1 : Security feature, use GPG key
  • gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt : GPL file location

Also you need to import the gpg key for the repository as follows:
# rpm --import http://foo.nixcraft.com/RPM-GPG-KEY.txt

Now you are ready to install software from foo repository. For further information refer to yum.conf man page:
$ man yum.conf
$ man yum

Hope this tip will help you to configure repository as and when required.

See also:

Howto Setup yum repositories to update or install package from ISO CDROM Image

Linux Postfix SMTP (Mail Server) SSL Certificate Installations and Configuration

In this tutorial you will learn about Installing SSL Certificate (Secure Server Certificate) to secure communication between Postfix SMTP server and mail client such as Outlook or Thunderbird.
[click to continue…]