IM Proxying With Squid on Centos
Squid is a proxy server and web cache daemon. You can use it to route all or only web traffic from your network with the help of a firewall. But if you use Windows Desktops in your network and configure proxy on them using Internet Explorer, other applications such as MSN messenger, Yahoo messenger also the proxy server by default. Since by default Squid does not allow IM applications to pass through these application would not work. Using this method you can allow popular IM application use Squid proxy and pass through.
Applicable to Centos Versions
Guide is designed keeping Centos 5.x in mind, but should work with other releases as well. Again this is only necessary if you have Windows Clients that require IM and IRC access. If your clients are running Linux, there are better ways of doing this.
Doing the work
- Install Squid if you haven’t done so already. Open a terminal, Login as root and install Squid
- Edit Squid configuration file
- If you want to change the Proxy server name then add the following line to your squid.conf
- Allow HTTP access to a network
- Now to allow IM and IRC access, add the following lines to squid.conf
- Save the file, exit and restart Squid
- Now configure your Windows machine to use your Squid server as proxy.
yum install squid
vi /etc/squid/squid.conf
visible_hostname MyMachineName
acl acl_home src 192.168.1.0/255.255.255.0 http_access allow acl_home
or allow only one IP
acl acl_JohnDoe src 128.128.128.128 http_access allow acl_JohnDoe
acl SSL_ports port 443 563 1863 5190 5222 5050 6667 # AOL Instant Messenger to connect to oscar.aol.com acl AIM_ports port 5190 9898 acl AIM_domains dstdomain .oscar.aol.com .blue.aol.com acl AIM_domains dstdomain .messaging.aol.com .aim.com acl AIM_hosts dstdomain login.oscar.aol.com login.glogin.messaging.aol.com toc.oscar.aol.com acl AIM_nets dst 64.12.0.0/255.255.0.0 acl AIM_methods method CONNECT # http_access allow AIM_methods AIM_ports AIM_nets http_access allow AIM_methods AIM_ports AIM_hosts # Permit IRC acl IRC_ports port 6667 acl IRC_domains dstdomain .freenode.net acl IRC_hosts dstdomain irc.freenode.net acl IRC_methods method CONNECT # http_access allow IRC_methods IRC_ports IRC_hosts http_access allow IRC_methods IRC_ports IRC_domains # Permit Yahoo Messenger acl YIM_ports port 5050 acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp acl YIM_methods method CONNECT # http_access allow YIM_methods YIM_ports YIM_hosts http_access allow YIM_methods YIM_ports YIM_domains # Permit Google Talk acl GTALK_ports port 5222 5050 acl GTALK_domains dstdomain .google.com acl GTALK_hosts dstdomain talk.google.com acl GTALK_methods method CONNECT # http_access allow GTALK_methods GTALK_ports GTALK_hosts http_access allow GTALK_methods GTALK_ports GTALK_domains # Permit MSN acl MSN_ports port 1863 443 1503 acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com acl MSN_hosts dstdomain messenger.hotmail.com acl MSN_nets dst 207.46.111.0/255.255.255.0 acl MSN_methods method CONNECT # http_access allow MSN_methods MSN_ports MSN_hosts http_access allow MSN_methods MSN_ports MSN_domains http_access allow MSN_methods MSN_ports MSN_nets http_access deny !Safe_ports !AIM_ports !YIM_ports !GTALK_ports !MSN_ports http_access deny CONNECT !SSL_ports
service squid restart
More Information
Keep in mind, using this method you may be violating network policy, please check with your network administrator for further information You have been warned.
Disclaimer
We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #centoshelp on irc.freenode.net
