Setting Proxy in Windows using SquidNT

Finally we’ve got our own internet connection. My friend was in the best mood that day. He decided to buy an expensive Huawei E 220 series just before I desperate to get my own internet connection. So thanks to my friend for his massive contribution.

So, what’s the story today? Yes, I’ll tell you about my experience built our own internet connection using Huawei modem with telkomflash firmware on it (i dunno if the phrase firmware is right in these context). We have to be a member of telkomflash program in order to get this modem. This modem is kinda cute, tiny, and fragile (i think ). So, after all prerequisite met, we started to plan how this network should be. We started to think about OS. At that time we have no choice but Windows. The implant firmware on Huawei only work with windows and its variant. So we gave up. We used windows, windows xp, as server.

Wait, server for what? Yes, Server for proxy of course. This internet connection need to be shared among all member of this local area network (LAN). So, what is proxy? You can find the answer here. The first problem encounter here was the proxy server have a poor relation with windows (in this case windows XP). Combining proxy server with windows is not my favorite. I believe most of the proxy server in the world using non windows operating system to operate (this is just what i think). With a hard step, we try to get windows version of this proxy program, and we made it. It called SquidNT version 2.6 for windows. Squid have undoubtedly reputation within linux user. But in windows? yeah right. You can get it from here.

The configuration file, structure of program, is all identical with the linux have. You may see var, etc, bin, sbin folder inside it . So, this quite relished. It sure wont be difficult to find some tutorial how to configure, install, and start because this tool quite popular. First, we get into ACL section in /etc/squid.conf and make sure that you define all ACL correctly. Here what it does look like in my configuration:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 5050    # YM
acl YMPort port 5050 # Yahoo messenger
acl CONNECT method CONNECT

and then we go into http_access section. In this section we are able to set what address allowed to pass our proxy. Make sure we define our local network address correcty. Here’s mine:

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow CONNECT YMPort
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.2.0/24
http_access allow our_networks

That will be done enough. But if you want to block some unwanted site (this is probably because of its bandwidth consume content, or pornography reason :p) i’ve found this in the internet:

acl bad url_regex -i “c:\squid\etc\blockedsite.txt”
http_access deny bad

Just write any phrase on that blockedsite.txt file to prevent that site being accessed inside your proxy. Although this can be cheated by LOT of bypass proxy tool, but at least, we try to be a good man already.

You can set what port this proxy will listen at HTTP_PORT. Just write any number you think, usually 8080 or 3128. And here we go to the other main function of proxy. Proxy will cache any page you’ve visited. This cache is seem very useful when we likely browse same page in all day. I prefer to have a disk cache in this proxy server. Bigger better i think :p

cache_dir ufs c:/squid/var/cache 1024 32 256

We can read further explanation about what ufs and sequence of number above. But first number (1024) is how big your space reserved for cache in MB. I think that will enough to create a ‘beginner’ proxy server. Hehehe…

So, after we done with /etc/squid.conf file, we ready to move into installation of this squid. We can use “squid.exe -z” command to create a cache directory first, and then execute “squid.exe -i” to install squid into windows services through cmd. I recommend to switch squid service from automatically started into manually started. Because we use telkomflash application that connected via usb and identic with port number and so on, so starting squid first is not a good idea.

After installing squid, dont forget to set your firewall system to allow all packet come from port 3128 and 5050 for YM. Just look on the exception tab and add necessary port to unblock. And dont forget to enable router forwarding from registry. Just run regedit.exe and jump into HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters and set IPEnableRouter DWORD value to 1. That will done YM connecting problem in proxy in windows, i think.

So, that’s all my story today, and correct me when something above wrong. Sory for my bad english…