SuSE Linux: Versions since 8.0
The advantage of a proxy server is that it does not allow direct access to the local network to any packet from the Internet.
TCP packets are processed by the proxy itself and the results are made available to the local network. The proxy also enables a
detailed configuration of access rights and logging.
The cache proxies described in these lines are mainly used to access the Internet via a web browser.
Services like Real Audio, news, or video conferences are not supported. If you want the e-mail traffic to be directed via SMTP through
the router, a Mail Transfer Agent must be set up, too.
REJECT_ALL_INCOMING_CONNECTIONS=< outgoing device >< outgoing device > is either ippp0 or ppp0t, depending on the connection (ISDN or DSL).
Install the package squid from the package group:
Network/ServerThe configuration of squid is included in the file:
/etc/squid/squid.conf
Most settings can be left unchanged with their preset values. To allow access from the client, only the entries at acl and http_access must be changed. In addition and for security reasons, the settings for http_port should also be adjusted.
To do this, search for the following entries in squid.conf:
acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255and change them to:
acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 280 488 591 777 1025-65535 acl CONNECT method CONNECT acl allowed_hosts src 192.168.10.0/255.255.255.0In acl allowed_hosts src 192.168.10.0/255.255.255.0, both the network address 192.168.10.0 and the netmask 255.255.255.0 should be replaced with your own.
Then change the entries at:
http_access allow localhost http_access deny allto:
http_access allow manager localhost http_access deny manager http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow allowed_hosts http_access deny allTo enable access to the proxy server from the router, leave the entry http_access allow localhost in the configuration. Finally change the entry
# http_port 3128to
http_port < ip-to internal > :3128
http_port 192.168.0.1:3128
The proxy server can already be started as root with the command: rcsquid start.
If you want the proxy server to be automatically launched at every system startup, set the requested runlevel in the runlevel properties
in Yast2 Control Center's System > Runlevel-Editor.
Do not forget to configure your client's web browser for Internet access on your proxy server. To do this, enter the IP address
and port from squid.conf's variable http_port in the browser's proxy settings.
cache_access_log /dev/null cache_log /dev/null cache_store_log noneThe Chapter Proxy-Server: Squid in the Administration Manual contains a detailed parameter description.