How To Setup Proxy Server in OpenBSD

Introduction:

This guide will teach the audience on how to setup a proxy server. This is very useful in sharing the internet access within the company. Additional benefits are software can be added to the service to perform a content filtering to websites that are not allowed by the company or administration policies viewed select specific IP address that can only access the internet service and more. Network administrators can also control the throughput of the browsing or download speed per network.

For this setup we will need a computer with minimal specification. The most important specifications for this basic setup are 2 Ethernet cards and lots of memory for content filtering in squid proxy server.

Purpose:

Create a proxy server in order to share the internet access within the company.

Installation:

SERVER SIDE:

Operating System: OpenBSD 4.x

Setup the repository base the location to http://www.openbsd.org/ftp.html

#export PKG_PATH=ftp://ftp.jp.openbsd.org/pub/OpenBSD/<version>/packages/i386/

# pkg_add squid-<version>.STABLE-snmp

That’s it the squid is now installed.

CLIENT SIDE:

Operating System: OpenBSD 4.x, CentOS 5.x, Windows 95-Up and any other Operating System

Install the OS and don’t forget to assign the proper IP address of the specified unit. Configuration can be found in the Configuration in Client Side.

Configuration:

SERVER SIDE:

We need to start squid proxy server automatically every time the server reboot. So you need to edit the rc.local using your favorite editor.

# nano /etc/rc.local
if [ -x /usr/local/sbin/squid ]; then
echo -n ‘ squid’; /usr/local/sbin/squid
fi

# /usr/local/sbin/squid –z

Using your favorite editor edit the squid.conf located at /etc/squid/

#nano  /etc/squid/squid.conf

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl my_network src 192.168.0.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# And finally deny all other access to this proxy
http_access allow my_network
http_access allow localhost
http_access deny all

CLIENT SIDE:

Configuring clients for our proxy server:

After adding the lines restart squid then use a client for testing. The default port for squid is 3128. So this will be your configuration for your web browser. HTTP proxy: <your server’s IP address> and port: <squid proxy server’s default port>. For those using a text based internet browser you like lynx, links or elinks then you must export our proxy settings by doing this in CLI:

# export http_proxy=http://<Proxy server’s IP address>:<port number>

# echo  $http_proxy

References/Sources:

http://www.opensolutions101.com/openbsd-installation-configuration/gateway-squid-proxy-server/