Next Previous Contents

4. Setting up squid

Now, we need to get squid up and running. Download the latest source tarball from www.squid-cache.org. Make sure you get a STABLE version, not a DEVEL version. The latest as of this writing was squid-2.4.STABLE3.tar.gz. Note that AFAIK, you must have squid-2.4 for linux kernel 2.4. The reason is that the mechanism by which the process determines the original destination address has changed from linux 2.2, and only squid-2.4 has this new code in it. (For those of you who are interested, previously the getsockname() call was hacked to provide the original destination address, but now the call is getsockopt() with a level of SOL_IP and an option of SO_ORIGINAL_DST).

Now, untar and gunzip the archive (use ``tar -xzf <filename>''). Run the autoconfiguration script and tell it to include netfilter code (``./configure --enable-linux-netfilter''), compile (``make'') and then install (``make install'').

Now, we need to edit the default squid.conf file (installed to /usr/local/squid/etc/squid.conf, unless you changed the defaults). The squid.conf file is heavily commented. In fact, some of the best documentation available for squid is in the squid.conf file. After you get it all up and running, you should go back and reread the whole thing. But for now, let's just get the minimum required. Find the following directives, uncomment them, and change them to the appropriate values:

Next, look at the cache_effective_user and cache_effective_group directives. Unless the default nobody/nogroup has been created on your system (AFAIK, it is not created out of the box on many popular distributions, including RH7.1), you'll either need to create those, or create another username/group for squid to run under. I strongly recommend that you create a username/group of squid/squid and run under that, but you could use any existing user/group if you want.

Finally, look at the http_access directive. The default is usually ``http_access deny all''. This will prevent anyone from accessing squid. For now, you can change this to ``http_access allow all'', but once it is working, you will probably want to read the directions on ACLs (Access Control Lists), and setup the cache such that only people on your local network (or whatever) can access the cache. This may seem silly, but you should put some kind of restrictions on access to your cache. People behind filtering firewalls (such as porn filters, or filters in nations where speech is not very free) often ``hijack'' onto wide open proxies and eat up your bandwidth.

Initialize the cache directories with ``squid -z'' (if this is a not a new installation of squid, you should skip this step).

Now, run squid using the RunCache script in the /usr/local/squid/bin/ directory. If it works, you should be able to set your web browser's proxy settings to the IP of the box and port 3128 (unless you changed the default port number) and access squid as a normal proxy.

For additional help configuring squid, see the squid FAQ at www.squid-cache.org


Next Previous Contents