Caution: Platform specific configurations. These configurations are for Squid 3.X on RHEL 6.

Server from scratch

Installation: During installation it is recommended to select MODIFY LATER option. The installation wiill go with minimal packages. After installatio , copy the disc content to some location , say /dvd Configure a repo box in /etc/yum.repos.d/ Write below content in file
[dvd] name = Repo for installation dvd content baseurl=file:///dvd/Server enabled = 1 gpgcheck =0

Install X windows system ( if not installed by default ). Run below commands.

#yum clean all #yum update #yum groupinstall X Window System Desktop -y #init 5

Now the system is ready. Two ethernet interfaces are required. Configure ip addresses on both the interfaces using setup utility . Disable iptables.
#service iptables stop #chkconfig iptables off

Install Squid service and configure it to start automatically during boot.

#yum install squid-* -y #service squid start #chkconfig squid on

During the installation of squid , it itself configures all the basic required parameters regarding netwok. Find the below line, if not found then add it in the beginning where other similer
acl localnet src 192.168.x.x/24 # your network identifier

lines are written.

By default squid is configured to listen on 3128 . Configure it to listen on other ports , say for port 80.

For doing this , go the the end of the document, locate http_port rule and add the below line there
http_port 80

Now the squid listens on port 3128 and 80, configure all the required port numbers this way.

Now the squid is listening on port 3128 and 80.

Now for the web filter, create a file in squid directory (/etc/squid) with any name (say badurl) , and give read permissions to others. Include the urls or domain names you want to filter. Search patterns are also supported for filtering . Write the below configuration in the beginning of acl section. The underlined part is any name.
acl badurl url_regex dstdomain /etc/squid/badurl

You need to write access rule for above ACL to work.

The underlined sections above are the names of acls defined earlier in file.

Important : Observe , find and disable all the other access rules which are
allowing local network access ( Example : http_access allow localnet).

Warning:

If the first rule in configuration is denying access , then squid checks for other access rules. But if first rule is allowing access then other filter rules are ignored. We have configured squid to listen on port 3128 and 80. You can configure squid to listen to any port or you can redirect traffic coming on specific port (say 23) to some squid port (say 3128) by using iptables . below is an example
#iptables --table nat --append PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128

In above example , the eth0 is lan.

Squid Logs:
By default logs are stored in /var/log/squid with names access.log and cache.log. Squid has a log rotation utility , which can be used as shown below.
#squid -k rotate #service squid reload

When the above two commands are executed, the old log files are stored with time stamp and squid starts writing to new and empty log file. If you want to rotate files regularly , then add a cron job for above . A little time is required for rotation, so keep time gap between these two commands.

Requirement: It is required to install a cahcing-only name server for better network performance

Installing and configuring a Caching-only Name Server: Use below command to install .
#yum install bind* -y

# service named start #chkconfig named on

Then edit the file /etc/named.conf. Do the following Find and disable listen on lines Find and change the line allow-query { x.x.x.x ; ; } . remove th ip address and put keyword any . The line should look like allow-query {any ; ; } Restart the named service and your Caching-Only Name server is ready.

Using a machine runnig RHEL 6 as edge router

By default , the ipforwarding function is desabled in RHEL 6 , you can enable by editing the sysctl file located at /etc/sysctl.conf . Find the string net.ipv4.forward = 0 and replace 0 with 1. After , run the sysctl p /etc/sysctl.conf command to check forwarding .

Two ethernet interfaces are required . Configure both the interfaces , one for wan(say eth0 ) and one for lan (say eth1). Add a file named /etc/sysconfig/network-scripts/route-device and add the follwing content for static routing. Observe that the second line is optional
192.168.0.0/255.255.255.0 via 10.0.0.1 192.168.0.x dev eth1

The ip route command shows your route. Configure the iptables for nat and masquerade, use the follwong commands
#iptables -A FORWARD -i eth1 -j ACCEPT #iptables -A FORWARD -o eth1 -j ACCEPT #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

(above it is assumed that eth0 is wan and eth1 is lan )