Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Squid and home networking

  1. #1

    Question Squid and home networking

    I have a DSL router on my home networking with 3 pc's connected to this DSL. I would like to implement a Linux Squid Proxy/Web cache server on my home network, controlling the 3 pc's access to the internet.

    1) Do my Linux box need 2 network cards, one connected to the home LAN, the other connected to the DSL router?
    2) Or, can I simply redirect my users to the Linux Squid and then to the DSL router?
    3) What should my default gateway then be?
    4) What is the minimum/default setup for Squid? THere is a miriad of settings in the squid.conf file. ACL, http_access? Can I leave the rest as default and still have logging, cache etc?

    Thanks for thge help!

  2. #2
    1) Do my Linux box need 2 network cards, one connected to the home LAN, the other connected to the DSL router?
    Ans) Better to have two lan cards put one lan card and DSL lan interface on one subnet say and use a seprate subnet for you home pc say

    What should my default gateway then be?
    Ans. while usingsquid as a caching server no need to give gateway settings as u will have proxy settings in the browser.

    its only a six line configuration to get squid up and runing the rest u can leave as default.

  3. #3
    read this and u will get whole u need.

  4. #4


    Thanks for a great article.

    I'm stills struggling to setup squid at my home with 2 lan PC's connecting with DSL to the i-net.

    Questions: Does my squid box need 2 network cards?

    Should the setup be like this?

    <--  ~(inet ip) DSL Router ~
         ~           (
                          ~     squid box ~
                               ~ eth Switch ~
                               ~ 10.0.0.x   ~
                              LAN clients

  5. #5


    thats depend on the logical thinking. If u need to do this with single network card u can. First of all u need to understand the theory behind this. Then try to apply the theory to the logic. If not u allways feel dought in every thing.

  6. #6

    Unhappy Squid not working :-<

    Thanks for all the great help.

    I did read the linuxnetworking HowTo, but, ny setup is still not working. Please help.

    I've installed a second NIC.
    eth0 is set to static DG (the DSL router's IP) and connected to one of the ports on the DSL router.
    eth1 is set to static DG and connected to the router of my local LAN (range

    The contents of my squid file looks like this:
    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

    #Recommended minimum configuration:
    acl all src
    acl manager proto cache_object
    acl localhost src
    acl to_localhost dst
    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl home_network src
    acl BadSites dstdomain "usr/local/etc/restricted-sites.squid"
    acl ncsa_users proxy_auth REQUIRED

    http_access allow ncsa_users
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny to_localhost
    http_access deny BadSites
    http_access allow home_network
    http_access allow localhost
    http_access deny all

    icp_access allow all

    http_port 3128 transparent

    hierarchy_stoplist cgi-bin ?

    acl QUERY urlpath_regex cgi-bin \?
    cache deny QUERY

    access_log /var/log/squid/access.log squid

    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320

    acl apache rep_header Server ^Apache
    broken_vary_encoding allow apache

    visible_hostname localhost

    coredump_dir /var/spool/squid
    I've left a lot of the settings on default. I've followed a lot of the recommendations from an article on Linux Home networking (

    My problems were:
    1) I've lost internet connectivity from the squid box as well as from all the clients.
    2) The squid's network config seemed as if it was losing an IP. When I ifconfiged, it showed as set above. After pinging several ips in my network, ifconfig suddenly reported eth1 as 169.254 ip (apipa address). How and/or why does eth1's static IP get changed to an APIPA address?
    3) Is my default gateway correct as being the DSL router (
    4) Should the proxy settings in my clients browsers be eth1 (internal) or eth0 (dsl router)?
    5) Do I need to set iptables and firewall as described in above article? I don't need to use transparant proxy?
    6) Where do I change the hostname of my squid box, which is now set to localhost?
    7) Will someone also confirm that my squid.conf is correct. I did setup the ncsa_authorisations.

    Thanks for all the help so long.

  7. #7


    Ok first of all try without controlling the users for authentication.
    According to the diagram,
    <-- ~(inet ip) DSL Router ~
    ~ (
    ~ squid box ~
    ~ eth Switch ~
    ~ 10.0.0.x ~
    LAN clients
    Lets say your server name is "angle" and domain is ""

    For networking stuff----------->>>
    Disable SELinux and Firewalls from begining.

    1.Your /etc/hosts should with
    Code:    localhost.localdomain    localhost
    2. /etc/resolve.conf
    where is dns server of your domain

    3. /etc/sysconfig/network

    Squid Stuff ----------------->

    http_port     (I am using port 8080 for internal clients)
    acl thinuxs_LAN src
    http_access allow thinuxs_LAN
    http_access allow localhost
    http_access deny all
    Search the lines and edit according to the file by remove commenting tags
    search http_access deny all and add above the acl thinux_LAN..... to it.

    restart the networking service
    service network restart
    start squid with caching enabled
    squid -z
    service squid start
    Check the squid log files to get idea.

    This should work.
    Always begin with basic system. Then add enhancements to it.(eg. user authentication or what ever you like)

    I just wrote this. If something goes wrong post here.
    Good Luck

  8. #8
    same problem

  9. #9
    Quote Originally Posted by doing143 View Post
    same problem
    I am also having the same problem with exactly the same setup as you topology wise.
    My XP machine Gateway static should be able to ping my eth2 (local traffic) DHCP (router) but for some reason it won't.
    I do however have an internet connection on my Linux box running through eth1 ( do I need to setup masquarding? I am using SUSE 10.3 and I do have this option checked in the security/firewall settings in Yast. Due to using SUSE there is also a problem with using the ip tables command and I wondered if there is a way to identify if settings are deffinatly applied that I am executing from script in bash.
    Should I disable DHCP on my router and allow the gateway to assign address or should i use them as static.

  10. #10
    Don't worry problem solved. Turns out it was a problem with my pinger helper the whole time.
    Fortunatly this is well document everywhere.,

Similar Threads

  1. Squid/Networking
    By mrbronz in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 01-05-2012, 04:22 AM
  2. Home networking, how?
    By corekernel in forum Windows - General Topics
    Replies: 4
    Last Post: 01-22-2007, 09:50 PM
  3. home networking
    By deepa in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 11-01-2006, 02:06 PM
  4. Home networking fun
    By kornp in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 09-19-2005, 05:10 PM
  5. Home networking problem
    By roneill in forum Linux - Hardware, Networking & Security
    Replies: 7
    Last Post: 04-11-2005, 07:03 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts