এই পোস্ট, শুধু লিনাক্স server এডমিনদের জন্য যারা এখনও শিখছেন এবং যারা প্রফেশনাল হয়ে গেছেন।
পুরো tutorial-টা ইংরেজীতে লিখলাম( একসাথে দুই পাখি মারলাম ),যদিও আমার ইংরেজী ভাংগা-চোরা। বাকীরা বুঝে নেবার চেস্টা করবেন।

--------------------------------------------------------------------------------------------------------------------------------

||||||||||||||||| Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5 |||||||||||||||||||||||||||||||
Written by SHAHEE MIRZA
Mail; shaheemirza@yahoo.com



#####What is Proxy Server?







In computer networks, a proxy server is a server (a computer system or an application program) that acts as a go-between for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly.

A proxy server has two purposes:

* To keep machines behind it anonymous (mainly for security).
* To speed up access to a resource (via caching). It is commonly used to cache web pages from a web server.

A proxy server that passes requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user's local computer or at various points between the user and the destination servers or the Internet. A reverse proxy is a proxy used as a front-end to accelerate and cache in-demand resources (such as a web page).






####How does Proxy Server works?






A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server , looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user. A good example, and the one you probably see the most, is a web proxy. When configured to use a proxy, your web browser contacts the proxy server for each web access instead of going directly to the target server on the internet. The proxy server then turns around and makes the "real" request of the web server. The proxy server gets the response, and then passes it back to you.

1.
-----
2.
----
3.

There is a large number of the software available that allows you to hide your IP address with the help of the proxy servers. The well known software for this purpose is Hide IP, Stealth surf, Netconceal, Anonymous surfing, Proxify and Ghost surf. To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)




####What is SQUID?






Squid is a caching proxy for the Web that reduces bandwidth and response times by caching and reusing frequently-requested web pages. This mature, full-featured proxy contains many useful features such as authentication, logging, and extensive access controls.

Use Squid to optimize data flow between clients and servers and route content requests to servers to build cache server hierarchies to optimize network throughput. Squid may also be used as a proxy to server to deliver content from multiple servers to one user or as a reverse proxy to deliver content from one server to multiple users.



#### Install Squid on CentOS / RHEL 5:



-------------Use yum command as follows:

[root@pc29 ~]# yum install squid*




##Output:



=======================================================================
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check

Dependencies Resolved

=======================================================================
Package Arch Version Repository Size
=======================================================================
Installing:
squid i386 7:2.6.STABLE6-4.el5 shahee 1.2 M

Transaction Summary
======================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: squid ######################### [1/1]

Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!
======================================================================


#### Squid Basic Configuration:



--------Squid configuration file located at /etc/squid/squid.conf. Open file using a text editor:





[root@pc29 ~]# vim /etc/squid/squid.conf


--------At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:




--------------------------------------------------------------------------------------------------------------------------------
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
--------------------------------------------------------------------------------------------------------------------------------






------- If you want to block a special user to use internet by your proxy server then add this lines
on squid.conf

[ imagin, your targeted user ip is 192.168.1.56 and his username is "badboy" ]





--------------------------------------------------------------------------------------------------------------------------------
acl badboy scr 192.168.1.56
http_access deny badboy
--------------------------------------------------------------------------------------------------------------------------------







------- If you want to block some sites to user by using proxy server then add this lines:

[ imagin, yo want block all subdomains of www.xxnx.com must, and some from list ]







--------------------------------------------------------------------------------------------------------------------------------
acl badsite dstdomain .xxnx.com
acl sitelist dstdomain "/etc/blockedsites.txt"
http_access deny badsite
http_access deny sitelist
--------------------------------------------------------------------------------------------------------------------------------






## Save and close the file now.










#### Open file on etc directory name "blockedsites.txt".

[root@pc29 ~]# vim /etc/blockedsites.txt

----- add site urls now

--------------------------------------------------------------------------------------------------------------------------------
.badsitename1.com
.badsitename2.net
.badsitename3.us
.badsitename4.ws
--------------------------------------------------------------------------------------------------------------------------------


## Save and close the file now




#### Start squid proxy server:



[root@pc29 ~]# /etc/init.d/squid start

OR

[root@pc29 ~]# service squid start


[root@pc29 ~]# chkconfig squid on




#### To clear the proxy chache:



[root@pc29 ~]# squid -z




#### Verify port 3128 is open:



[root@pc29 ~]# netstat -tulpn | grep 3128




##Output:





=====================================================================
tcp 0 0 0.0.0.0:3128 0.0.0.0 LISTEN 20653/(squid)
=====================================================================






#### Open TCP port 3128:




------ Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:

[root@pc29 ~]# vim /etc/sysconfig/iptables





## Append configuration:




--------------------------------------------------------------------------------------------------------------------------------
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
--------------------------------------------------------------------------------------------------------------------------------


#### Restart the iptables based firewall:




[root@pc29 ~]# service iptables restart





## Output:

--------------------------------------------------------------------------------------------------------------------------------
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n [ OK ]
--------------------------------------------------------------------------------------------------------------------------------






-------------------------------------END OF THE FILE------------------------------------------------------------------


অফ-টপিকঃ

যারা HTML code এর কারনে একাউন্ট নিয়ে সমস্যায় পরেছেন তারা বার্তা পাঠাতে পারেন,
আমি চেস্টা করবো ঠিক করে দিতে। service একদম free.