SQUID PROXY SETUP FOR REMOTE COMPUTERS TO ACCESS
##################################################

If you read my article/notes on Proxys: HERE. Realize that we are setting up a Forward Proxy here. Reverse Proxys are used for the servers (not for the clients) more info on SQUID Reverse Proxy here: http://wiki.squid-cache.org/SquidFaq/ReverseProxy

NOTE ON SSH PROXYS: You can also proxy with SSH Socks proxy, but thats another article just google “How to SSH Socks Proxy” you will need an ssh server (that will be the proxy server, all communication will go thru it). Also you need Putty (or an SSH client like “ssh”)

HTTP SQUID PROXY: squid proxy is considered to be an http proxy although it can proxy more then just http.

FIRST STEP NETWORKING AT THE FIREWALL:
You will need to port forward a random port number of your choosing (higher then 1024 and lower then the maximum 65535 – or whatever it is), like 54231 to port 3128 on your homeserver/proxyserver. OR you can just portforward 3128 to 3128 with a typical simple port forward. With my method of 54321, computers from the outside will access the proxyserver by using my homenetworks/proxyserver public ip and port number 54321 (that will get port forwarded to the proxy server port 3128, which is what squid is listening to). So basically the address: my public ip on port 54231 is a direct access socket to squid.

By the way all ports talked about above are TCP.
NOTE: for this config I will assume you port forwarded 54231 to your Linux Server (Im using debian)

 

NOTE: I know there is squid3, but I used just squid, and Im sure this config will work on both (but not tested on squid3)

Read these links as bonus great info:
http://www.squid-cache.org/Doc/config/acl/
http://www.linuxsecurity.com/resource_files/server_security/squid/FAQ/FAQ-10.html
http://www.packtpub.com/article/how-configure-squid-proxy-server
http://www.squid-cache.org/Doc/config/forwarded_for/

PREPARE CONFIG FILES
######################

First get in the directory

 

And look at the giant file (try not to get intimidated)

 

First look at the 5000 line config but dont look too hard we only need the uncommented lines(the comments take up like 4980 of the lines):

Lets just back that file up:

 

And make a commentless squid.conf:

 

Now make the commmentless one the main one:

 

EXAMPLE
#########

Example:
Lets say my proxy server/homeserver(on port 54321) is behind public ip 1.1.1.1 and Im sitting at a friends PC (3.3.3.3 or friends.com) or at startbucks behind (2.2.2.2 or starbucks.com) trying to access www.yahoo.com (or any site). So lets pretend starbucks and your friends house dont allow to go to facebook.com but you can go to facebook from your home. So by setting up squid on your home server you can access the web from your friends or from starbucks while proxying – your sitting at startbucks and your telling your proxy server in your home network to do the actual talking with facebook, and its just relaying messages back and forth between you and facebook, acting as a sort of middleman for you. With this you can access websites that are blocked by your friends network or starbucks network but are allowed in your network. (hopefully they allow access to your home network, which they probably dont have blocked, because they didnt know its ip or name before hand – also they will need to allow access on that port 54321 outbound, most firewalls allow all outbound communication, but in strict networks they might not, but they will allow some of the common ports like 80,443 or 8080)

/etc/squid/mynetworks.conf: Make this file, in this file will go the networks or IP addresses from which you will access this proxy.
/etc/squid/squid.conf: we will edit some configs here to let it know about mynetworks.conf and the domain names that will be accessing it (friends.com and starbucks.com)
MYNETWORKS.CONF
###################

Make sure the file looks like this, here is a cat (read of it) – of course you can change the numbers and note that you can have comments inline or on new lines with hash # mark:

 

MY CONF
#########

Make sure the file looks like this, here is a cat (read of it) – of course you can change the config to match your needs, and note that you can have comments inline or on new lines with hash # mark:

 

RESTART THE SQUID
##################

If your not using systemd, but using sysvinit:

 

or:

To restart:

 

If you are using systemd:

 

To restart:

 

ON REMOTE PC (FROM EXAMPLE: AT FRIENDS HOUSE OR AT STARBUCKS)
##############################################################

Open up Internet Explorer (IE for short) and change the internet settings, or properties, anyhow get into the famous proxy settings
IE->Internet Options->Connections Tab->LAN Settings

Automatic Configuration (leave as default: which is just the top check mark “Automatically detect settings” is ON, and “Use automatic config script” is OFF)

Proxy Server (Check the check box “Use a proxy server…” to ON Then go to Advanced(click the button), at least I do the advanced options, you can just configure it right there without Advanced – You can also check, highly recommended for remote proxies, “Bypass proxy server for local address” if you dont want to proxy out to local addresses, which makes sense if your proxy server is remote like in this example so check it to ON, by default its OFF, anyways you want it ON because your proxy doesnt know about these local addresses and has no special ways to get there without network magic – which is definitely not covered in this article)

Advanced Proxy Server Settings:
HTTP: this is where you will put 1.1.1.1 and 54321
Secure: leave this blank
FTP: leave this blank
Socks: this is for SSH leave it blank

Exceptions: you can put whatever addresses, you dont need to put local addresses as there is a local proxy bypass option on the options window before this, that I just talked about.

Then just OK out of everything and test the proxy like this:

TEST
#####

On remote PC (friends or starbucks)
go to

www.icanhazip.com

instead of seeing 2.2.2.2 or 3.3.3.3 you should see 1.1.1.1

Note on google going to “what is my ip address” for some reason showed 2.2.2.2 or 3.3.3.3 (the real public ip) it could of been cached on the local box for me, anyhow just know that if icanhazip.com is showing your stuff then its correct. (If at least one box is showing it for you its working)

TEST2
######

Another test, on squid server (so from 1.1.1.1)

Make sure squid is listening to your port (on tcp):

 

You should see squid listeninig on your port (54321 in the example)

Check for fun what its doing with udp

 

Dont ask me what its doing google it

 

If its listening and your proxy is not working try clearing cache of the browser your on (The remote browser), make sure your networking (port forwarding at the router is setup correctly so that port 54231 is forwarded to port 54321 on the squid server)

 

One thought on “SQUID Config, if you need a proxy to access from far away

  1. hello am alvin from Ph i finish config the squid on my server running windows

    but my client computer is cant find the proxy why i follow all settings

Leave a Reply

Your email address will not be published. Required fields are marked *