Configure and Setup Squid Cache Proxy Server on Fedora Core.


Step by step Setup and Configure Squid Proxy Server on Fedora Core.


   The main purpose of proxy server is to sharing one internet connection and maintains a cache for web browsing performance. Squid cache proxy server is free proxy server that comes with bundle with the Fedora Core operating system, you can configure your Linux Fedora Core PC to be a Cache proxy server and share the connection to the internet only by a simple configuration setup.


   The article below show the step by step to setup and configure SQUID proxy serve on Fedora core with screenshot and SQUID configuration example.


Network configuration scenario:


Squid proxy server on Fedora


To configure squid proxy server for local network client to access the internet.

This server have two network card using internal IP address and external IP address

Configure the Squid Cache Proxy to listen for proxy request from different network client on internal IP address.

Configure Squid cache proxy server to listen request only from specific IP address (internal IP card) on Port 8080.


The step to setup/configure Squid Cache Proxy on Linux Fedora Core:


1.  Backup Squid configuration files.

2.  Open and start edit the Squid configuration file.

3.  Configure internal address and port where Squid will listen for HTTP client requests.

4.  Improve Proxy performances.

5.  Set Proxy to find DNS servers.

6.  Adding aux Port to ACL.

7.  Adding Internal network to ACL.

8.  Start and using Squid Proxy for first time.

9.  Procedure to start, stop and automatic start Squid Proxy on Fedora core system.

10.  Configure Squid client browser to use Squid Proxy.


Backup Squid configuration files:


   The Squid configuration files usually located in /etc/squid/ directory.  To configure the Squid you need to edit and change these configuration files, it's better to make backup of these file before you start the configuration process.  The command below show the example of simple backup process.


To backup the Squid configuration directory:


[root@cempakasari ~]# cp -pr /etc/squid/ /etc/squid.bak

[root@cempakasari ~]#


Backup the squid.conf file:


[root@cempakasari ~]# cp -pr /etc/squid/squid.conf /etc/squid/squid.conf.bak

[root@cempakasari ~]#


Best Practice: before edit or make any changes to any config file, it's recommended that you backup the file first. 


Edit the squid.conf, the Squid Cache Proxy configuration file.


1. Open the squid config file (squid.conf) that is located on the /etc/squid directory with your own choice of text editor. 


[root@linux fedora]# vi /etc/squid/squid.conf


or you can use the gedit program...


[root@linux fedora]# gedit /etc/squid/squid.conf


 Warning:  If you don't need to change the default configuration on squid.conf file, you shouldn't uncomment the line and leave it like it is.


2.  Fist of all, we need to setup on which port Squid should listen for client proxy request.  By default Squid will listen on port 3128 on all IP address on the machine


   On this project, we setup (configure) our Squid proxy to bind with the internal Ethernet card which is using internal IP and listen on port 8080 on that internal IP address.  With this configuration, Squid should only visible and listen to our internal address only.


Configuration example on squid.conf file:


Customize the socket address where your Squid proxy should listen for HTTP client request: Change the address to fit your network layout.





# http_port 3128



Improve Squid performances.


   To improve Squid proxy performance edit the default configuration file to utilize system hardware capability.  The configuration below show the process of increasing the size of cache memory and the size of cache directory of squid proxy.


3. Scroll down the page and find #  TAG: cache_mem (bytes), To increase the Squid cache memory capacity, edit the default setting and put the appropriate memory size base on your system capabilities. The example below show that the Squid cache memory setting increase up to 256 MB.  Take note that, before you change this setting make sure your hardware can support the size of memory  that you specify here.



# -----------------------------------

#  TAG: cache_mem (bytes)






# 'cache_mem' specifies the ideal amount of memory to be used

# for:

# * In-Transit objects

# * Hot Objects

# * Negative-Cached objects

------- +++++  ---------------------------


# cache_mem 8 MB

cache_mem 256 MB


4.  Then find tag # TAG: cache_dir, then increase the size of cache directory to 2000 MB, also make sure that you have enough disk space before you change the size value.


# -----------------------------------------------------------------------------


# TAG: cache_dir

# Usage:


# cache_dir Type Directory-Name Fs-specific-data [options]


------- +++++  ---------------------------



# cache_dir ufs /var/spool/squid 100 16 256

cache_dir ufs /var/spool/squid 2000 16 256


Set Proxy to find DNS servers:


5.  Adjust the list of DNS name servers.   Squid cache proxy used this list of  DNS servers to query domain name.


#  TAG: dns_nameservers

# Use this if you want to specify a list of DNS name servers

# (IP addresses) to use instead of those given in your

# /etc/resolv.conf file.

# On Windows platforms, if no value is specified here or in

# the /etc/resolv.conf file, the list of DNS name servers are

# taken from the Windows registry, both static and dynamic DHCP

# configurations are supported.


# Example: dns_nameservers



# none



Adding aux port:


6. Add required port to "Acess Control List".  This example show that the port number 2083 port is add to safe_ports list.



# ---------------------------

----------- **** +++++


#acl macaddress arp 09:00:2b:23:45:67

#acl myexample dst_as 1241

#acl password proxy_auth REQUIRED

#acl fileupload req_mime_type -i ^multipart/form-data$

#acl javascript rep_mime_type -i ^application/x-javascript$


#Recommended minimum configuration:

acl all src

acl manager proto cache_object

acl localhost src

acl to_localhost dst

acl SSL_ports port 2083 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 2083 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http



Adding Internal network to ACL:


7.   To control access to the Squid  proxy or who can use your Squid proxy, find and add the list of your Squid clients.  The example of Access Control  List rules below only allow only the internal IP network to access and use the Squid proxy.




# Example rule allowing access from your local networks. Adapt

# to list your (internal) IP networks from where browsing should

# be allowed

#acl our_networks src

#http_access allow our_networks

acl FE_networks src

acl LABS_networks src

acl GENSUB_networks src

acl ADM_networks src

acl LABS_networks src

acl TKM_networks src

acl TKP_networks src

acl TKE_networks src

acl TKK_networks src

http_access allow FE_networks

http_access allow LABS_networks

http_access allow GENSUB_networks

http_access allow ADM_networks

http_access allow LIB_networks

http_access allow TKM_networks

http_access allow TKP_networks

http_access allow TKE_networks

http_access allow TKK_networks


# And finally deny all other access to this proxy

http_access allow localhost

http_access deny all



other example for Squid acl:




# Example rule allowing access from your local networks. Adapt

# to list your (internal) IP networks from where browsing should

# be allowed

#acl our_networks src

#http_access allow our_networks

acl our_networks src

acl bad_url dstdomain "/etc/squid/bad-sites.squid"

http_access allow our_networks

http_access deny bad_url


8. To allow  FTP request from client.


# TAG: always_direct

# Usage: always_direct allow|deny [!]aclname ...


# Here you can use ACL elements to specify requests which should

# ALWAYS be forwarded by Squid to the origin servers without using

# any peers. For example, to always directly forward requests for

# local servers ignoring any parents or siblings you may have use

# something like:


# acl local-servers dstdomain

# always_direct allow local-servers


# To always forward FTP requests directly, use


# acl FTP proto FTP

# always_direct allow FTP




# none

acl FTP proto FTP

always_direct allow FTP






Step-by-step how to start and using Squid for the first time.


   In order to make sure that the configuration and your Squid proxy server running smoothly, test to start Squid proxy server in debugging mode; The command example below show the step by step to create the Squid cache directory and then running Squid proxy server in debugging mode.


1.  Create squid cache directory by issuing this command:


[root@linux fedora]# /usr/sbin/squid -z

2006/03/16 10:33:00| Creating Swap Directories


2.  Then test run your Squid cache proxy by running Squid in debug-mode


[root@linux fedora]# /usr/sbin/squid -NCd1

Output example:

2006/03/16 10:33:02| Starting Squid Cache version 2.5.STABLE9 for i386-redhat-linux-gnu...

2006/03/16 10:33:02| Process ID 5192

2006/03/16 10:33:02| With 1024 file descriptors available

2006/03/16 10:33:02| Performing DNS Tests...

2006/03/16 10:33:02| Successful DNS name lookup tests...

2006/03/16 10:33:02| DNS Socket created at, port 32778, FD 4

2006/03/16 10:33:02| Adding nameserver from squid.conf

2006/03/16 10:33:02| Adding nameserver from squid.conf

2006/03/16 10:33:02| Adding nameserver from squid.conf

2006/03/16 10:33:02| Adding nameserver from squid.conf

2006/03/16 10:33:02| User-Agent logging is disabled.

2006/03/16 10:33:02| Referer logging is disabled.

2006/03/16 10:33:02| Unlinkd pipe opened on FD 9

2006/03/16 10:33:02| Swap maxSize 102400 KB, estimated 7876 objects

2006/03/16 10:33:02| Target number of buckets: 393

2006/03/16 10:33:02| Using 8192 Store buckets

2006/03/16 10:33:02| Max Mem size: 18432 KB

2006/03/16 10:33:02| Max Swap size: 102400 KB

2006/03/16 10:33:02| Rebuilding storage in /var/spool/squid (CLEAN)

2006/03/16 10:33:02| Using Least Load store dir selection

2006/03/16 10:33:02| Set Current Directory to /var/spool/squid

2006/03/16 10:33:02| Loaded Icons.

2006/03/16 10:33:47| Accepting HTTP connections at, port 8080, FD 11.

2006/03/16 10:33:47| Accepting HTTP connections at, port 80, FD 12.

2006/03/16 10:33:47| Accepting ICP messages at, port 3130, FD 13.

2006/03/16 10:33:47| WCCP Disabled.

2006/03/16 10:33:47| Ready to serve requests.

2006/03/16 10:33:47| Store rebuilding is 52.5% complete

2006/03/16 10:33:47| Done reading /var/spool/squid swaplog (7796 entries)

2006/03/16 10:33:47| Finished rebuilding storage from disk.

2006/03/16 10:33:47| 7796 Entries scanned

2006/03/16 10:33:47| 0 Invalid entries.

2006/03/16 10:33:47| 0 With invalid flags.

2006/03/16 10:33:47| 7796 Objects loaded.

2006/03/16 10:33:47| 0 Objects expired.

2006/03/16 10:33:47| 0 Objects cancelled.

2006/03/16 10:33:47| 0 Duplicate URLs purged.

2006/03/16 10:33:47| 0 Swapfile clashes avoided.

2006/03/16 10:33:47| Took 44.8 seconds ( 174.1 objects/sec).

2006/03/16 10:33:47| Beginning Validation Procedure

2006/03/16 10:33:47| Completed Validation Procedure

2006/03/16 10:33:47| Validated 7796 Entries

2006/03/16 10:33:47| store_swap_size = 92144k

2006/03/16 10:33:48| storeLateRelease: released 0 objects


Try access any web page trough the debug mode squid proxy

Press Ctrl+c key to end the debug mode testing


2006/03/16 10:43:22| Preparing for shutdown after 39 requests

2006/03/16 10:43:22| Waiting 0 seconds for active connections to finish

2006/03/16 10:43:22| FD 11 Closing HTTP connection

2006/03/16 10:43:22| FD 12 Closing HTTP connection

2006/03/16 10:43:24| Shutting down...

2006/03/16 10:43:24| FD 13 Closing ICP connection

2006/03/16 10:43:24| Closing unlinkd pipe on FD 9

2006/03/16 10:43:24| storeDirWriteCleanLogs: Starting...

2006/03/16 10:43:25| Finished. Wrote 7796 entries.

2006/03/16 10:43:25| Took 0.1 seconds (89056.4 entries/sec).

[root@linux fedora]#


3.  In case of a problem of starting your Squid cache proxy try read the Squid log file in these following directory:


[root@linux fedora]# /var/logs/squid/access.log


[root@linux fedora]# /var/logs/squid/cache.log


Step by step example, start, stop and automatic restart Squid proxy server.


Use the following command to start and stop Squid.


[root@linux fedora]# /sbin/service squid start

[root@linux fedora]# /sbin/service squid stop


To make sure Squid automatic start after the system reboot, use the chkconfig command to On Squid on runlevel 3 and 5. (Setting of automatic start on runlevel 3 and 5)


[root@linux fedora]# /sbin/chkconfig --level 35 squid on


(Confirmation of automatic start)


[root@linux fedora]# /sbin/chkconfig --list squid

squid 0:off 1: off 2: off 3: on 4: off 5:on 6: off


Step-by-step configure client browser to use Squid Cache Proxy.


1.  Open Web Browser on client machine.

2.  On connection setting, click on manual proxy configuration.

3.  On Http Proxy text box, key in IP and Port to 8080

4.  Click on  the checkbox to use the same proxy for all protocols and click the OK button.


Mozilla Firefox Browser Connection Settings.

Note:  The IP using Port 8080 is the IP address used in this Squid cache proxy project.  Adjust that IP address and Port to fits your Proxy configuration.


   The example of the squid configuration on this project aim to make Squid cache proxy working to support the internal client with the most basic configuration, you can customize and adding more option to squid by edit the config file /etc/squid/squid.conf .


Step-by-step how to procedure above tested on:

Operating System: GNU/Linux Fedora Core 4, Fedora Core 5, Fedora Core 6

Kernel Name: Linux

Machine Hardware:  i686

Machine Processor:  i686

Hardware Platform:  i386

Shell: GNU bash

Installation Type: Full  Installation (Custom)

SELinux: Disable


Good Luck...


Related article:

   Configure Squid proxy to Block client to access specific web URL.

   Check hard disk size.


Keywords: how to configure squid, proxy server, configure squid proxy, setup squid, setup proxy, setup proxy server, fedora core proxy, free proxy server, Squid cache proxy server, Linux Fedora Core, step by step proxy setup, setup squid proxy, squid, browser proxy, using squid proxy server.


1 comment


Do I need routing enabled for Squid to work

Thanks for this nice step by step guide to squid configuration. Do I need routing enabled in the operating system for squid to work?