Re: Squid Firewall + Proxy

["Robert Collins" <robert.collins () itdomain com au>]

Hi Cristoph,
    The best places for you to get information on squid is the squid website - http://www.squid-cache.org. There is a 
FAQ and users
guide there that covers setting up Squid, including the squid.conf file, as well as a mailing for peer support.

FYI Squid is not a firewall, and MS Proxy's http gateway is not either. They are both HTTP proxy cache servers.

Regarding your specific questions:
1)You need to add an acl for the class C network.

ie
acl office src 192.168.0.0/24

and then allow traffic from that netowrk to use squid

where the config says "add your rules here"
add
http_access allow office

2) To add usernames and passwords you need to perform two steps:
a) compile and install an authentication helper
(ie
./configure --enable-auth-modules="NCSA"
make
make install
would build the NCSA style authenticaiton helper).
b) edit the config file to reflect the helper, and configure the squid ACL rules.
add
acl users proxy_auth user1 user2 user3
and as before , but with a twist
http_access deny !users
http_access allow office
you can perform mixed lines like so
http_access allow office users
3) where do you set the users and passwords? That depends on the helper. Squid can integrate into SAMBA domains, 
YP/NIS, PAM, MS
Domains (including NTLM CHAP authentication now), htpassword files a la apache, LDAP (against MS Active 
directory/Novell NDS or any
other LDAP enabled directory...)

4) The default in squid is to let no traffic through except local cache management traffic. This is by design - open 
proxy servers
allow 'bad things' to happen, and there is no way to know reliably when installing squid what local networks should be 
allowed to
user Squid.

5) follow the FAQ I refered to above. All your questions are typical of a new install of squid, and have been answered 
in more
detail at the squid web site.

Rob
----- Original Message -----
From: "Christoph" <puetzc () yahoo com>
To: <firewall-wizards () nfr com>
Sent: Friday, December 15, 2000 2:46 PM
Subject: [fw-wiz] Squid Firewall + Proxy


> We're doing software development. Our application is
> web based and therefore we have to work with/around a
> few firewall specific problems.
>
> One of our clients is using the Squid server on Unix
> as firewall and as a proxy server. Our application
> uses an addin for MS Excel. We use proxy information
> from the users system to go through the firewall
> proxy. However - we do have problems going through the
> Squid. We are unable to reproduce the problem by using
> MS Proxy and a firewall and therefore have to
> configure a Squid setup.
>
> We do have problems with the configuration. Result is
> always "Access denied" and we probably do something
> wrong with our setup of the configuration file.
>
> How do I put in the IP addresses for my client? We try
> to follow the example in the conf file but are not
> sure if we do it right. I'd like to be able to specify
> a whole class c IP address range and/or a few single
> IP addresses.
>
> Where and how do I specify user names?
>
> Where and how do I specify the passwords?
>
> Is one of the default settings in the Squid conf file
> keeping me away from going through the Squid?
>
> What are the changes I have to make if I just want to
> open the Squid for users who will need password
> authentication?
>
> If anyone has some useful tips and tricks for me -
> maybe even a conf file (without confidential data of
> course) - that would be great.
>
> Thanks in advance!!
>
> Chris
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards