Blog Details

  • Home
  • How to Install a Proxy Server

How to Install a Proxy Server

 Here is a little introduction about the proxy we are going to use.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows, and is licensed under the GNU GPL. In this chapter, I will be running Squid on Centos 7.


– Create a virtual server using Centos 7 or RHEL 7.

– Configure an IP address and make sure the server is reachable.

– Install Squid packages.

– If you don’t have a firewall, you need to configure a nat statement on the box.


Optional – Here is the NAT statement: if you want to configure your proxy without a firewall.

Enable IP Forwarding

To preserve packet forwarding on reboot

echo “net.ipv4.ip_forward = 1” >> /etc/sysctl.d/ip_forward.conf

Enabling NAT

IP masquerading must now be enabled using iptables.

firewall-cmd –permanent –direct –passthrough ipv4 -t nat -I POSTROUTING -o eth0 -j MASQUERADE -s

firewall-cmd –reload


Any Internal node should now be able to access the outside network through the gateway server. For testing ping

If you need more guidance, feel free to download this script via Git Hub. Centos7-NAT

Step 1:

Update the system and Install the required packages.

# yum -y update

# yum -y install squid*


Enable and start the service

# systemctl enable Squid

# systemctl start Squid


Allow firewall port of Squid.

root@proxy ~]# firewall-cmd –permanent –add-port=3128/tcp


root@proxy ~]# firewall-cmd –reload


NOTE: The default port for squid is 3128. I’m allowing access to port 3128/tcp.


Configure ACL (Access Control List); 

By configuring an access list, we can restrict bad URLs. Restrict access to the outside world, control downloads, etc…

Open the Squid config file.

[root@proxy ~]# nano /etc/squid/squid.conf.

Allow the local network.

acl localnet src – This will be your local network

http_access allow localnet – allowing the localhost.

Allow ports

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

http_access deny

Block bad sites

acl badsites url_regex “/etc/squid/badsites”

http_access deny badsites

Let’s write the bad sites in the config file.

# cat /etc/squid/badsites

 Block File downloads 

acl blockfiles urlpath_regex “/etc/squid/blockfiles.acl”

http_access deny blockfiles

Let’s block the file type downloads. For example; let’s deny mp3, mp4, and mpg

# cat /etc/squid/blockfiles.acl





Optional – You can configure time-based access to deny access from a specific time. Likewise, restricting the download speed.

Time base configuration

acl work_hours time 09:00-17:00

http_access deny business_hours

Restricting download speed

acl speedcontrol src

delay_pools 1

delay_class 1 2

delay_parameters 1 524288/524288 52428/52428

delay_access 1 allow speedcontrol


Let’s configure the workstation to use the proxy settings. Go to Internet options> Connections> Lan Settings.

NOTE: If you are not using a firewall, your proxy IP will be the default gateway.

How to view squid log transactions?

You can either use this command

tail -f /var/log/squid/access.log  | or | sudo tail -f /var/log/squid/access.log

If you want to search log files, use the grep command | grep ‘string-to-search’ /var/log/squid/access.log

Here are the Squid Proxy settings.

  • Log file Path: /etc/squid/squid.conf
  • Config File: /var/log/squid
  • Environment: Centos 7
  • Default port: 3128

Leave Comment