Loading...

Lab 84: Setting Up a Proxy Server with Squid

Install and bring up Squid as a basic HTTP proxy service. Verify the service is enabled and confirm it is listening on port 3128.

networking proxy services

Scenario

A small internal environment needs a forward proxy to route outbound web traffic through a single controlled point. Your task is to install Squid, bring it online with systemd, and prove it is listening on the default proxy port before you introduce access controls, auth, or caching policies.

Operator context

This is a standard “bring the service online” workflow: install, enable, verify listener state, and confirm the port is reachable. Hardening comes after baseline functionality is proven.

Objective

  • Install Squid using your distro’s package manager.
  • Enable and start the Squid service with systemd.
  • Confirm Squid is listening on port 3128.

Concepts

  • Squid is a forward proxy: clients connect to Squid, and Squid fetches content on their behalf.
  • The default proxy listener is TCP 3128 unless overridden in Squid configuration.
  • Readiness proof is socket-level first (ss), then behavior-level (client tests with curl).

Walkthrough

Step 1 : Install Squid.
Commands
# Debian/Ubuntu
sudo apt update
sudo apt install -y squid

# RHEL / Fedora / CentOS
sudo dnf install -y squid
# or (older flows)
sudo yum install -y squid

# Arch
sudo pacman -S squid

Installing Squid lays down the default configuration and systemd unit required to start the proxy.

# Example result (varies by distro):
# squid installed successfully.
Step 2 : Enable and start Squid.
Command
sudo systemctl enable --now squid

This starts Squid immediately and ensures it will start at boot. If it fails, inspect status and logs before changing config.

# Quick verification:
systemctl status squid --no-pager
Step 3 : Confirm Squid is listening on port 3128.
Command
sudo ss -lntp | grep -E ':\b3128\b' || true

This proves Squid has successfully bound to the proxy listener. If nothing is listening, the service may not be running, or the port may be overridden in configuration.

# Example:
LISTEN 0 128 0.0.0.0:3128 ... squid
LISTEN 0 128 [::]:3128    ... squid
Step 4 : (Optional) Prove proxy behavior with a local test request.
Commands
# A simple behavior-level check (uses Squid as an HTTP proxy):
curl -I -x http://localhost:3128 http://example.com

This confirms the end-to-end path: client connects to Squid, Squid makes an outbound request, and you receive an HTTP response. If this fails, check Squid logs and ACL defaults.

# Example (varies):
HTTP/1.1 200 OK

Breakpoints

Port 3128 not listening

Confirm the service is active, then check logs for startup failures. Verify the configured listener port in /etc/squid/squid.conf (commonly http_port 3128).

Service fails to start

Check systemctl status squid and journalctl -u squid. Common issues include config syntax errors, permission problems, or a port conflict.

Proxy request denied

Squid ACLs may block traffic by default in some distros. Verify you can reach the listener first, then review ACL behavior in /etc/squid/squid.conf.

Cleanup checklist

Disable the proxy service if you don’t want it running after practice. Remove packages only if you’re done with the lab.

Commands
# Stop/disable the service
sudo systemctl disable --now squid

# Optional: remove package (choose your distro)
# Debian/Ubuntu
# sudo apt remove -y squid

# RHEL-family
# sudo dnf remove -y squid

# Arch
# sudo pacman -R squid

Reference

  • apt install squid: Install Squid on Debian/Ubuntu.
    • -y: assume “yes” to prompts
  • dnf install squid: Install Squid on RHEL-family systems.
    • -y: assume “yes” to prompts
  • pacman -S squid: Install Squid on Arch.
  • systemctl enable --now squid: Enable at boot and start immediately.
    • enable: start at boot
    • --now: start immediately
  • systemctl status squid: Check Squid service state.
    • --no-pager: print directly
  • ss -lntp: Show listening TCP sockets and owning processes.
    • -l: listening sockets
    • -n: numeric output
    • -t: TCP sockets
    • -p: process info
  • curl -I -x http://localhost:3128 http://example.com: Validate proxy behavior using Squid as an HTTP proxy.
    • -I: headers only
    • -x: proxy URL
  • journalctl -u squid: View Squid logs from systemd.
    • -n 50: last 50 lines
    • --no-pager: print directly
  • /etc/squid/squid.conf: Primary Squid configuration file on many distros.
  • 3128: Default Squid proxy port (unless overridden).