Hello,

I need to configure squid for the network at office.
Giving the details of the linux box for squid.

ADSL : 192.168.1.1
Eth0 ( connected to adsl modem for internet sharing ) : 192.168.1.2
Eth1 ( Connected to LAN ) : 192.168.2.203
Local Network Range : 192.168.2.x
Subnet mask : 255.255.255.0

What steps should I take to configure the proxy ?

I did go through documentation online for the same. But nothing worked for me. Even the linux box was not able to browse the internet.
With two NIC cards in the box, and Eth0 connected to local network, I was unable to browse the internet. I activated the second card with no cable connected and still internet worked.

I am bit confused as to what is happening to the network.

This is the link that I went through to check my squid configuration.
http://www.cyberciti.biz/tips/linux-...uid-howto.html

Is there anything that I need to do more to make my proxy work ?

The squid proxy should work out of the box with no modifications for a basic setup.

Test your proxy to see if it works do this

telnet to the proxy on the proxy machine itself
Press enter twice, if your proxy works you should see the html from the google site in your terminal.

If it does not then look at the error reported in the squid logs.

The squid is shut right now.
Will do it and post the reply in some time.

Well nothing happens when I try to telnet the localhost on port 3128.
The squid was running at the time and also iptables were not configured to reject the connection. Even flushing the iptables rules did not help.
This is where the connection hangs

# telnet localhost 3128
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Does not get anything more than this. Does this give any idea as to what is wrong.
Does that mean that my squid is rejecting connections and hence no internet connection.
May be the 3128 port is still not open to accepting the connections.

When it says "Escape ....." it has connected, that is when you type
And press enter twice.

This is what I get after telneting my squid.

HTTP/1.0 302 Moved Temporarily
Location: http://www.google.co.in/
Cache-Control: private
Set-Cookie: PREF=ID=0a05c697138d0f60:TM=1210164632:LM=1210164632:S=YyOP3TPYaaBqLzgN; expires=Fri, 07-May-2010 12:50:32 GMT; path=/; domain=.google.com
Date: Wed, 07 May 2008 12:50:32 GMT
Content-Type: text/html; charset=UTF-8
Server: gws
Content-Length: 221
X-Cache: MISS from localhost.localdomain
X-Cache-Lookup: MISS from localhost.localdomain:3128
Via: 1.0 localhost.localdomain:3128 (squid/2.6.STABLE19)
Proxy-Connection: close

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.co.in/">here</A>.
</BODY></HTML>
Connection closed by foreign host

===================================================================================
===================================================================================

I hope this means that squid is accepting the connections and is working fine.
I also need to ask that is it needed to masquerade the packets coming from the internal network over to the card connected to internet.
In short, it is mandatory to configure the box as router or squid will know about it.

In my case,
If eth0 is connected to internet and Eth1 is internal,
Then do I need to redirect the traffic from Eth1 to Eth0.
Or squid will know that this is needed to be done?

Yes that means squid is working, you do not need masquerading for web access to work as the request is made to squid and squid initiates the connection to fetch the page.

Configure your browser on a client with the squid ip address and port 3128 then try surfing the net and see what happens.

I tried what you told more than once and all my network was down without any internet access for long.
Finally I have taken the squid box out of network to see what is wrong and when it will work properly I will put it back.
I should give you a more detailed idea how my configuration was. Though most was the basic.
I had created the ACL for allowing only certain clients the internet.
Decommented the line http_port 3128.
I wanted to use delay pools but then once the squid is up and running will use for bandwidth management as well.
This was the only thing that I changed in the file.

You need to get you squid working first without ACL's i think your acl's are broken, post you squid configuration and we will she how to help you.

If my Eth0 is connected to ADSL for internet with Ip 192.168.1.2 and Eth1 is connected to local network with Ip 192.168.2.1
What should be the default gateway entries for both the ethernet cards?
And do I need to configure DNS as well for squid to work?

You only need one default gw, it has to be what ever ip address is connected at the end of eth0

you can add your isp's name servers to /etc/resolv.conf or you can search this forum on setting up a caching name server on your squid box.

Hey buddy,

Thanks for your patience. Everything worked out fine and the squid is running fine since yesterday.
Now if I want this squid to be a transparent squid, what are the changes in the configurations?
I guess, here I will need to set this box as a router. Am I correct?

Since I put squid in the network Pidgin is not working.
Do I need to explicitly permit certain applications to work?

I checked Pidgin without squid and it works well without squid.
But I can not compromise on that and want squid back in the network so that I can make it for bandwidth management.
What should be done so that Pidgin runs even when the squid is put in the network.
Also, I need to convert the squid to a transparent proxy. What more configurations do I need to make?

Examples are here http://wiki.squid-cache.org/ConfigExamples