Squid Proxy - Configuring as an External Proxy?



  • I am setting up a Squid proxy server on Fedora 29 (via Vultr). The goal is to allow access only from a certain range of IP addresses (our corporate office WAN IP range).

    My first question involves the ACLs. In the squid.conf file, it has numerous default ACL entries for "localnet". As this is not going to be used locally, I want to make sure that I don't have to somehow specify/designate another type of source for external/public ranges somewhere else. Also, if I comment out all the internal network lines for private IPs, will it cause any issues?

    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
    acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
    acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
    acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
    acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
    acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
    acl localnet src fc00::/7               # RFC 4193 local private network range
    acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
    
    


  • Without reading more about this, I would guess you add your Office WAN IP acl localnet src 1.2.3.4/30, save and restart squid. Add a firewall rule to allow access to 3128.