IPFire uses squid proxy to control access or to log and cache visits to web pages, optimization of bandwidth and speed. It features a proxy cache as well as an update accelerator to help in distributing windows and linux updates and patches centrally to all client computers in the network.
IPFire also ships as an addon, the squidClamAV that takes care of data privacy.
All these and more, we will be covering in this “Complete Squid Proxy Configuration Guide on IPFire Firewall” series.
If you are new to web proxies, take a look at web proxy implementation on ubuntu.
Want to know how to monitor your web proxy? Check this “How to install SARG for squd proxies“.
To install IPFire Firewall properly, follow this guide.
There are 2 modes used by IPFire to run squid. These are:
(a) Conventional mode. This is the Non transparent mode.
(b) Transparent Mode.
Complete Squid Proxy Configuration Guide on IPFire Firewall
In the non transparent mode, the ip address of the squid proxy is entered into each clients browser settings as shown. Note that the default port used by IPFire squid proxy in non transparent mode is 800. This can be changed according to your needs.
To ensure that our web proxy is working in transparent or non transparent mode, simply enable logging.
Tick log enabled to activate the web proxy logging feature.
To view full url of web pages visited, tick log query terms. Logs can be viewed in Logs => Proxy logs.
Click on update to get data from the proxy log.
Also generate log reports by going to Logs => Proxy Reports.
To view proxy reports, tick enable requester in the proxy report screen. Click on create report, and click view
You could also access your IPFire terminal and view your logs by typing #cat /var/log/squid/access.log.
The cache management feature is a whole lot similar to what we have accomplished in this guide “how to manage and monitor squid proxy traffic“, but a lot easier.
To achieve cache management, tick activate cache manager to display statistics of memory used by proxy process and other important details.
Save and restart the squid proxy. Enter an email address and password.
Now navigate to https://ip address of IPFire:444/cgi-bin/cachemgr.cgi
The familiar looking screen will be shown as under.
DENY ACCESS TO INTERNET USING CLASSROOM EXTENSION.
To allow or deny some computers with ip addresses access to the internet, simply create a group and place the ip addresses to be denied or allowed access to the internet under the group created.
First tick classroom extension to enable it. Save and restart squid.
Now create a group ,say, ITSupport like this [ITSupport], then add all ip addresses of computers used by IT Support personnel under the group just created.
To block or allow access to the internet, visit https://ip address of IPFire:444/cgi-bin/webaccess.cgi.