Install and bring up Squid as a basic HTTP proxy service. Verify the service is enabled and confirm it is listening on port 3128.
A small internal environment needs a forward proxy to route outbound web traffic through a single controlled point. Your task is to install Squid, bring it online with systemd, and prove it is listening on the default proxy port before you introduce access controls, auth, or caching policies.
This is a standard “bring the service online” workflow: install, enable, verify listener state, and confirm the port is reachable. Hardening comes after baseline functionality is proven.
3128.3128 unless overridden in Squid configuration.
ss), then behavior-level (client tests with curl).
# Debian/Ubuntu
sudo apt update
sudo apt install -y squid
# RHEL / Fedora / CentOS
sudo dnf install -y squid
# or (older flows)
sudo yum install -y squid
# Arch
sudo pacman -S squidInstalling Squid lays down the default configuration and systemd unit required to start the proxy.
# Example result (varies by distro):
# squid installed successfully.sudo systemctl enable --now squidThis starts Squid immediately and ensures it will start at boot. If it fails, inspect status and logs before changing config.
# Quick verification:
systemctl status squid --no-pagersudo ss -lntp | grep -E ':\b3128\b' || trueThis proves Squid has successfully bound to the proxy listener. If nothing is listening, the service may not be running, or the port may be overridden in configuration.
# Example:
LISTEN 0 128 0.0.0.0:3128 ... squid
LISTEN 0 128 [::]:3128 ... squid# A simple behavior-level check (uses Squid as an HTTP proxy):
curl -I -x http://localhost:3128 http://example.comThis confirms the end-to-end path: client connects to Squid, Squid makes an outbound request, and you receive an HTTP response. If this fails, check Squid logs and ACL defaults.
# Example (varies):
HTTP/1.1 200 OK
Confirm the service is active, then check logs for startup failures. Verify the configured listener port in
/etc/squid/squid.conf (commonly http_port 3128).
Check systemctl status squid and journalctl -u squid. Common issues include config syntax errors,
permission problems, or a port conflict.
Squid ACLs may block traffic by default in some distros. Verify you can reach the listener first, then review ACL behavior in
/etc/squid/squid.conf.
Disable the proxy service if you don’t want it running after practice. Remove packages only if you’re done with the lab.
# Stop/disable the service
sudo systemctl disable --now squid
# Optional: remove package (choose your distro)
# Debian/Ubuntu
# sudo apt remove -y squid
# RHEL-family
# sudo dnf remove -y squid
# Arch
# sudo pacman -R squidapt install squid: Install Squid on Debian/Ubuntu.
-y: assume “yes” to promptsdnf install squid: Install Squid on RHEL-family systems.
-y: assume “yes” to promptspacman -S squid: Install Squid on Arch.
systemctl enable --now squid: Enable at boot and start immediately.
enable: start at boot--now: start immediatelysystemctl status squid: Check Squid service state.
--no-pager: print directlyss -lntp: Show listening TCP sockets and owning processes.
-l: listening sockets-n: numeric output-t: TCP sockets-p: process infocurl -I -x http://localhost:3128 http://example.com: Validate proxy behavior using Squid as an HTTP proxy.
-I: headers only-x: proxy URLjournalctl -u squid: View Squid logs from systemd.
-n 50: last 50 lines--no-pager: print directly/etc/squid/squid.conf: Primary Squid configuration file on many distros.
3128: Default Squid proxy port (unless overridden).