Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5

Posted on in Categories CentOS, Linux, RedHat/Fedora Linux, Squid caching server, Suse Linux, Sys admin, Tips last updated August 30, 2007

I’ve already wrote about setting up a Linux transparent squid proxy system. However I’m getting lots of questions about Squid basic installation and configuration:

How do I install Squid Proxy server on CentOS 5 Liinux server?

Sure Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Install Squid on CentOS / RHEL 5

Use yum command as follows:
# yum install squid
Output:

Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 squid                   i386       7:2.6.STABLE6-4.el5  updates           1.2 M

Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: squid                        ######################### [1/1]

Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!

Squid Basic Configuration

Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
# vi /etc/squid/squid.conf
At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks

Save and close the file. Start squid proxy server:
# chkconfig squid on
# /etc/init.d/squid start

Output:

init_cache_dir /var/spool/squid... Starting squid: .       [  OK  ]

Verify port 3128 is open:
# netstat -tulpn | grep 3128
Output:

tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      20653/(squid)

Open TCP port 3128

Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
Output:

Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Client configuration

Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.

See also

You may find our previous squid tips useful:

Squid Security and blocking content Related Tips

Squid Authentication Related Tips

Squid Other Tips

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on (or read 65 comments/add one below):

65 comment

  1. thanks for the tutorial.

    Now, I got everything working. I am trying to browse google.com using newly configure proxy. I get the below error

    “The requested URL could not be retrieved”

    Access Denied.

    How can I go about this? Thank you.

    1. # yum install squid
      Loading "installonlyn" plugin
      Setting up Install Process
      Setting up repositories
      Reading repository metadata in from local files
      Parsing package install arguments
      Resolving Dependencies
      --> Populating transaction set with selected packages. Please wait.
      ---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
      --> Running transaction check
      
      Dependencies Resolved
      
      =============================================================================
       Package                 Arch       Version          Repository        Size
      =============================================================================
      Installing:
       squid                   i386       7:2.6.STABLE6-4.el5  updates           1.2 M
      
      Transaction Summary
      =============================================================================
      Install      1 Package(s)
      Update       0 Package(s)
      Remove       0 Package(s)
      
      Total download size: 1.2 M
      Is this ok [y/N]: y
      Downloading Packages:
      Running Transaction Test
      Finished Transaction Test
      Transaction Test Succeeded
      Running Transaction
        Installing: squid                        ######################### [1/1]
      
      Installed: squid.i386 7:2.6.STABLE6-4.el5
      Complete!
      
      # vi /etc/squid/squid.conf
      At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:
      acl our_networks src 192.168.1.0/24 192.168.2.0/24
      http_access allow our_networks
      
      Save and close the file. Start squid proxy server:
      # chkconfig squid on
      # /etc/init.d/squid start
      
      Output:
      tcp        0      0 0.0.0.0:3128                0.0.0.0:*
      Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
      # vi /etc/sysconfig/iptables
      Append configuration:
      -A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
      Restart iptables based firewall:
      # /etc/init.d/iptables restart
      Output:
      
      Flushing firewall rules:                                   [  OK  ]
      Setting chains to policy ACCEPT: filter                    [  OK  ]
      Unloading iptables modules:                                [  OK  ]
      Applying iptables firewall rules:                          [  OK  ]
      Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]
      1. “-A RH-Firewall-1-INPUT -m state –state NEW,ESTABLISHED,RELATED -m tcp -p tcp –dport 3128 -j ACCEPT ”

        I appended this to last of Iptables before COMMIT but when restarting iptables giving error on line 18( same line no. where I entered above lines

        Please suggest

  2. Hello everybody,
    Can any body tell me how to block or restrict web sites via squid i386 7:2.6.STABLE6-4.el5 and is it possible to enable content filtering in squid if yes please tell me the steps to.

    Thanking You
    Ananda Bhattacharjee.
    [email protected]

  3. i want a brief method to install squid on CentOS 4.3 final….with trouble shooting..send me e books or physical magazine to my home address.Madina Mobiles Chowke Farooq-e-Azam Peco road link Multan road Lahore Pakistan.

  4. Hello, I get an error when I tried to do the command /etc/init.d/iptables restart, here was the output I received:

    [[email protected] ~]# /etc/init.d/iptables restart
    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: mangle filter [ OK ]
    Unloading iptables modules: [ OK ]
    Applying iptables firewall rules: iptables-restore: line 1 failed
    [FAILED]

  5. Hi
    Grand THNX for the tutorial.
    But further to i´d like to use Squid as a cache for different requests, not only for filtering. How can I set it up or any URL how to do that?
    Thnx

  6. sir,
    I am making a squid proxy server.but a error given when i execute a command service squid start and error is
    starting squid: /etc/init.d/squid: line 53: 6522.aborted $ squid_opts>>/var/log/squid/squid.out2>&1 [failed]

    plz solve my problem early
    Thanks & Regards

  7. when i try to start squid services i got the error
    init_cache_dir /var/spool/squid… /etc/init.d/squid: line 54: 5415 Aborted $SQUID -z -F -D >>/var/log/squid/squid.out 2>&1
    Starting squid: /etc/init.d/squid: line 53: 5416 Aborted $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
    [FAILED]

    can anyone help me out…..

  8. MY SERVER IS RUNNING RHEL-5 .I HAVE CONFIGURED SQUID PROXY SERVER IN RHEL-5. THE DNS SERVER IP IS PINGING.AND GATEWAY ALSO PING . BUT ANY ONE DOMAIN SERVER NOT PING IN MY SERVER. THE ERROE MESSAGE IS UNKNOWN HOST http://WWW.GOOGLE.COM.
    PLEASE GIVE ME THE SOLUTION

    WITH REGARDS

    R.PALANIVEL
    CHENNAI

  9. Small Mistake Then (55) line missing
    Install Squid on CentOS / RHEL 5

    Use yum command as follows:

    # yum install squid

    Output:

    Loading “installonlyn” plugin
    Setting up Install Process
    Setting up repositories
    Reading repository metadata in from local files
    Parsing package install arguments
    Resolving Dependencies
    –> Populating transaction set with selected packages. Please wait.
    —> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
    –> Running transaction check

    Dependencies Resolved

    =============================================================================
    Package Arch Version Repository Size
    =============================================================================
    Installing:
    squid i386 7:2.6.STABLE6-4.el5 updates 1.2 M

    Transaction Summary
    =============================================================================
    Install 1 Package(s)
    Update 0 Package(s)
    Remove 0 Package(s)

    Total download size: 1.2 M
    Is this ok [y/N]: y
    Downloading Packages:
    Running Transaction Test
    Finished Transaction Test
    Transaction Test Succeeded
    Running Transaction
    Installing: squid ######################### [1/1]

    Installed: squid.i386 7:2.6.STABLE6-4.el5
    Complete!

    Squid Basic Configuration

    Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:
    # vi /etc/squid/squid.conf
    At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:
    acl our_networks src 192.168.1.0/24 192.168.2.0/24
    http_access allow our_networks
    http_access allow all
    Save and close the file. Start squid proxy server:
    # chkconfig squid on
    # /etc/init.d/squid start
    Output:

    init_cache_dir /var/spool/squid… Starting squid: . [ OK ]

    Verify port 3128 is open:
    # netstat -tulpn | grep 3128
    Output:

    tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 20653/(squid)

    Open TCP port 3128

    Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
    # vi /etc/sysconfig/iptables
    Append configuration:
    -A RH-Firewall-1-INPUT -m state –state NEW,ESTABLISHED,RELATED -m tcp -p tcp –dport 3128 -j ACCEPT
    Restart iptables based firewall:
    # /etc/init.d/iptables restart
    Output:

    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: filter [ OK ]
    Unloading iptables modules: [ OK ]
    Applying iptables firewall rules: [ OK ]
    Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]

    Client configuration

    Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.

  10. I have configured a squid server in the college. The client nodes are also configured in rhel 5. But they are facing problem while logging in with gmail and yahoo. But at the same time the windows clients are accessing gmail as well as yahoo. Is there any problem with the Mozilla 3 beta 5 version or is there any other problem ? Please help me to solve this problem.

  11. hi im zjhack and im using centos5. i wonder how to use squid for site restriction. i want to restrict some site and allow only the sites that my cousin can use to their studies..

    pls help me thx
    zjhack

  12. How about solving this error?

    Error: the proxy server (Squid) is not configured to allow SSL tunnel to port 80.
    To fix the problem please find and comment the following line in the Squid
    configuration file (squid.conf):
    http_access deny CONNECT !SSL_ports

  13. how to block some site in our network with the help of squid.
    how to put webaddress in squid.conf ?
    how to give special host permission for some machine for login gmail.com ?
    can u help me

  14. Hello,

    I have installed Squid Proxy server( as per the procedure given on your website) for internet access in our LAN. But after configuring IE for using proxy server, the users are not able to get access to Internal SAP Servers. Tried with option “Bypass Proxy for local ..” but didnt work.
    Can anyone help?

  15. hello sir
    can please help me i have one public ip address i want share in different private ip in redhat 5.0 linux how i do it please help me and also i block some websit
    my public ip is 210.212.11.130 and my private ip is 192.168.2.1-192.168.2.200
    please tell me how i config dhcp,and squid

  16. Hello, I get an error when I tried to do the command /etc/init.d/iptables restart, here was the output I received:

    [[email protected] ~]# /etc/init.d/iptables restart
    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: mangle filter [ OK ]
    Unloading iptables modules: [ OK ]
    Applying iptables firewall rules: iptables-restore: line 1 failed
    [FAILED]

  17. This is very nice site, i tryted last 15 days to configure transparent proxy but not created than i will read this side finalally i create transparent proxy in Redhat linux 5
    so i again thank u for this web site.

  18. TIP: I create a proxy on my home network behind the firewall listening on localhost:3128. And then I punch a hole through the firewall remotely using ssh to connect to the proxy when I’m away and need to connect to geolocation blocked services.

    ssh -L 3128:localhost:3128 my.home.network.org
    

    Then I setup my proxy on my lappie to point to localhost:3128 and voila!

  19. when i try restarting squid it gives me this error please help

    [email protected] STUDENT1]# /etc/init.d/squid restart
    Stopping squid: 2014/04/29 02:26:36| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
    2014/04/29 02:26:36| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
    2014/04/29 02:26:36| WARNING: For now we will assume you meant to write /0
    ……………. [ OK ]
    Starting squid: . [ OK ]

  20. I faced following error after I installed squid as per the guide:

    WARNING: Could not determine this machines public hostname. Please configure one or set ‘visible_hostname’.

    To resolve it, just mention your hostname in front of ‘visible_hostname’ in the ‘squid.conf’ file and everything will work perfectly.

Leave a Comment