Squid setup

Squid Caching webserver for your office

(Commands are shown in green colour)
Following is the details of my setup:
eth0(External Interface):
IP: 192.168.1.2
Gateway: 192.168.1.1

eth1(Local Interface)
IP: 192.168.222.5


Downloading squid:
You can compile squid from the source file or you can use rpm for your CentOS distribution

cd /usr/local/src/
wget http://people.redhat.com/jskala/squid/squid-3.0.STABLE13-1.el5/i386/squid-3.0.STABLE13-1.el5.i386.rpm
rpm -Uvh squid-3.0.STABLE13-1.el5.i386.rpm

You have to edit squid.conf file as per your needs:
vi /etc/squid/squid.conf

Following is the basic configuration:

visible_hostname hostname
http_port 3128 transparent

acl home src 192.168.222.0/24
http_access allow home

If you want to block some sites then:

acl home src 192.168.222.0/24
acl bansites url_regex "/etc/squid/bannedsites"
http_access deny home bansites
http_access allow home

Creating special user you will have all the rights:

acl poweruser arp "/etc/squid/poweruser"
acl home src 192.168.222.0/24
acl bansites url_regex "/etc/squid/bannedsites"
http_access allow poweruser
http_access deny home bansites
http_access allow home

Preparing iptables for Nating as well as squid server:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \-j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state \--state NEW,ESTABLISHED,RELATED -i eth1 -p tcp \--dport 3128
iptables -A OUTPUT -j ACCEPT -m state \--state NEW,ESTABLISHED,RELATED -o eth0 -p tcp \--dport 80
iptables -A INPUT -j ACCEPT -m state \--state ESTABLISHED,RELATED -i eth0 -p tcp \--sport 80
iptables -A OUTPUT -j ACCEPT -m state \--state ESTABLISHED,RELATED -o eth1 -p tcp \--sport 80
service iptables save
service iptables restart

Thats it now you have the squid proxy server at your office. Enjoy!!