Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100

181

182

183

184

185

186

187

188

189

190

Proxy Server: Squid

proxy in the browser. To allow all users to access Squid and thus the In-

ternet, change the entry in the conﬁguration ﬁle /etc/squid.conf from

http_access deny all to http_access allow all. However, in doing

so, consider that Squid is made completely accessible to anyone by this ac-

tion. Therefore, you should, in any case, deﬁne ACLs to control access to the

proxy. More on this is available in Section B on page 176.

If you have made changes in the conﬁguration ﬁle /etc/squid.

conf, instruct Squid to load the changed ﬁle. Do this by entering

rcsquid reload or restart Squid with rcsquid restart. Also, the com-

mand rcsquid status is important. With it, determine whether the proxy

is running. With rcsquid stop, halt Squid. The latter can take a while,

since Squid waits up to half a minute (shutdown_lifetime) before drop-

ping the connections to the clients then will write its data to the disk. If

Squid is halted with kill or killall, this can lead to the destruction of

the cache, which will then have to be fully removed to restart Squid.

If Squid dies after a short period of time, although it has seemingly been

started successfully, it can be the result of a faulty name server entry or a

missing /etc/resolv.conf ﬁle. The cause of the start failure would then

be logged by Squid in the /var/squid/logs/cache.log ﬁle.

If Squid should be loaded automatically when the system boots, reset the en-

try START_SQUID=no to START_SQUID=yes in the /etc/rc.config ﬁle.

An uninstall of Squid will neither remove the cache or the log ﬁles. Manually

delete the /var/squid directory.

The Conﬁguration File /etc/squid.conf

All Squid proxy server settings are made in the /etc/squid.conf ﬁle. To

start Squid for the ﬁrst time, no changes will be necessary in this ﬁle, but

external clients will initially be denied access. The proxy needs to be made

available for the localhost, usually with 3128 as port. The options are ex-

tensive and therefore provided with ample documentation and examples in

the preinstalled /etc/squid.conf ﬁle. Nearly all entries begin with a ‘#

’ sign (the lines are commented out) and the relevant speciﬁcations can be

found at the end of the ﬁle. The given values almost always correlate with

the default values, so removing the comment signs without changing any

of the parameters actually has little effect in most cases. It is better to leave

the sample as it is and reinsert the options along with the modiﬁed parame-

ters in the line below. In this way, easily interpret the default values and the

changes.

173SuSE Linux – Firewall on CD2