Create rules and routing. Note: Only needed if you have 2 interfaces or more.
vi /etc/sysconfig/network-scripts/route-eth0
Add the following
10.0.250.49/16 dev eth0 table 0 default via 80.71.137.49 dev eth0 table 0
vi /etc/sysconfig/network-scripts/rule-eth0
Add the following
iif eth0 table 0 default via 80.71.137.49
yum -y update yum -y install squid systemctl start squid systemctl enable squid systemctl status squid
Configuration files are located here.
/etc/squid/squid.conf /var/log/squid/access.log /var/log/squid/cache.log
Change the following in /etc/squid/squid.conf
From:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
To:
acl localnet src your_network # RFC1918 possible internal network # acl localnet src 172.16.0.0/12 # RFC1918 possible internal network # acl localnet src 192.168.0.0/16 # RFC1918 possible internal network # acl localnet src fc00::/7 # RFC 4193 local private network range # acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
Also tweak this line from:
http_access deny CONNECT !SSL_ports
To:
# http_access deny CONNECT !SSL_ports
Restart squid and we are done
systemctl restart squid
Edit the following file /etc/yum.conf
Add the following lines so it looks like this
[main] proxy=http://squid.mgt:3128 # proxy_username=username # proxy_password=password cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 installonly_limit=5 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release # This is the default, if you make this bigger yum won't see if the metadata # is newer on the remote and so you'll "gain" the bandwidth of not having to # download the new metadata and "pay" for it by yum not having correct # information. # It is esp. important, to have correct metadata, for distributions like # Fedora which don't keep old packages around. If you don't like this checking # interupting your command line usage, it's much better to have something # manually check the metadata once an hour (yum-updatesd will do this). # metadata_expire=90m # PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.d
Test if things are working
yum clean all && yum search dovecot
yum -y install httpd-tools
Create a file for the username and password the file also needs to be owned by the squid user.
touch /etc/squid/passwd chown squid: /etc/squid/passwd htpasswd /etc/squid/passwd proxyuser
Next configure the squid configuration file so that it accepts username and password authentication
vi /etc/squid/squid.conf
After the ACL section add the following lines
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl auth_users proxy_auth REQUIRED http_access allow auth_users
Restart squid and we are done
systemctl restart squid