设置Squid的目的当你在企业内部,Internet断掉的情况下,你可以默认路由走别的路径出去,比如从Squid 所在网络出口出去

Part 1. restart the squid service

the squid path is working in /usr/local/squid/sbin/squid
Configuration file /usr/local/squid/etc/squid.conf

sudo ./squid -s <--- start the process
sudo ./squid -k reconfigure <----to reload the proces

Part 2, Setup the squid on Redhat

1 . Linux system with gcc compiler and yum function

  1. sudo ./configure sudo make sudo make install

  2. setup the conf file.
    configuration file /usr/local/squid/etc/squid.conf

add acl local src 135.36.0.0/16
*Adapt localnet in the ACL section to list your (internal) IP networks

  • from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost
    #*And finally deny all other access to this proxy
    http_access deny all

  • Squid normally listens to port 3128
    #http_port 3128
    http_port 8000

#*Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
cache deny all <--- do not use cache mode

  • we are using port 8000, you can see that sudo netstat -tulnp |grep squid
  1. change the /usr/local/squid/var to 777, so nobody account can read and
    write log to
    /usr/local/squid/var/logs/
    sudo chmod -Rvf 777 /usr/local/squid/var

  2. shutdown the firewall, sudo service iptables stop and sudo chkconfig
    iptables off
    and make sure the firewall allow network to communication with this DMZ
    zone server

  3. add to startup script so the squid service will auto start after the system
    start
    -bash-4.1$ cat /etc/rc.local

#!/bin/sh

#This script will be executed after* all the other init scripts.

  • You can put your own initialization stuff in here if you don't
  • want to do the full Sys V style init stuff.
    touch /var/lock/subsys/local
    /usr/local/squid/sbin/squid -s
  1. add cron job to nobody account so to rotate the log
    sudo crontab -u nobody -e

    0 4 * /usr/local/squid/sbin/squid -k rotate <--- add this line

  2. sudo ./squid -s <--- start the process

    9.
    /usr/local/squid/bin/squidclient -p 8000 http://www.google.com <----test if
    squid is working