Corporate networks often use the Squid proxy server to filter Internet traffic. If you are using a Linux system as your home router and firewall, you can also use Squid on a smaller scale to create access rules for your home network. A few simple commands will help you establish a schedule for Internet use and rule out sites with inappropriate content.

Getting Started

These examples assume your Linux home server is acting as a firewall and router. The Linux system will be the only computer on the home network with an Internet connection, and it will act as a proxy server, giving all the other clients access in a way that ensures nobody can work around the filter. For this reason, the router will not forward TCP ports 21 and 80, forcing the clients to access the proxy for the ftp and http protocols.

System Requirements

The information in this article is based on Squid version 2.6 [1]. Debian 4.0 and Ubuntu 8.04 users can simply type apt-get install squid to install the proxy.

The network clients can use any operating system that supports TCP/IP. The clients need a browser entry defining the router as the proxy host (Figure 1).

Basic Configuration

The /etc/squid/squid.conf file is at the center of your Squid configuration. A version of this squid.conf file with useful comments is available on the web [2].

The first step is to make sure the firewall blocks incoming requests for the proxy from all external networks. This precaution prevents third parties from using the server for Internet access.

Listing 1 gives two approaches for blocking requests from external networks – make sure you customize these entries to match your own environment. It is a good idea to start by blocking all the ports on the firewall and then explicitly allowing only those ports you really need.

If you apply multiple examples at the same time, the order and the combination of parameters is important. For more details, read the Squid help files. To force the program to parse the updated configuration, just type /etc/init.d/squid reload at the command line. (See the box titled "Critical Security Information" for some security tips.)