Installing Squid Cache for Windows
Linux users mostly already know Squid proxy server as the best and most used proxy server. As on my previous post “Bandwidth Shaping Using Squid Cache and WIPFW” I need a free proxy server for my windows server. I found SquidNT which is ported from its Linux version by Guido Serassio.
You can download SquidNT from Acme Consulting’s website or here. If you want to do bandwidth shaping then you must download SquidNT with Delay Pool version. On this installation guide, I use the Delay Pool version as I want to do bandwidth shaping.
Step 1: download SquidNT Delay Pool version here
Step 2: extract the zip file and put it on C: drive
Step 3: configure the squid.conf file on /etc folder. There is squid.conf.default you can rename it to squid.conf and edit it.
Step 4: configure the DNS nameserver. On squid.conf find:
# TAG: dns_nameservers
# Use this if you want to specify
# a list of DNS name servers (IP addresses)
# to use instead of those given in your
# /etc/resolv.conf file.
#
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#
#Default:
# none
dns_nameservers 192.168.0.1
To find what is your nameserver is type: ipconfig on command prompt and find the IP number on Default Gateway field. Copy it to your squid.conf file like above.
Step 5: setup ACL
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from
# where browsing should be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
acl our_networks src 192.168.0.0/16
http_access allow our_networks
Here you can setup which network that allowed to use your proxy server. From ipconfig command you can find out what is your IP address, usually it have 192.168.0.x format so you can apply the configuration above.
Step 6: Setup the hostname
# TAG: visible_hostname
# If you want to present a special hostname ...
# then define this. Otherwise, the return ...
# will be used. If you have multiple caches ...
# get errors about IP-forwarding you must ...
# names with this setting.
#
#Default:
# none
visible_hostname localhost
Here you can define the name for your hostname, for example you can use “localhost” or “server.youdomain.com”
Step 7: Setup cache directory
Run this command from command prompt: c:\squid\sbin\squid -D -z
Step 8: On Windows XP/2000/2003 you can setup SquidNT as a service
Run this command from command prompt: c:\squid\sbin\squid -i
You can start/stop/restart the service called Squid from: Control Panel > Administrative Tools > Services
Step 9: Setup your browser to use proxy server
For Internet Explorer users, go to: Tools > Internet Options. Select Connection tab and click on LAN Settings
On the pop up window you’ll find proxy box, give a check on “Use a proxy server for your LAN…” and fill your server’s IP (where you install SquidNT) on the address field and fill “3128” on port field. 3128 is the default port for SquidNT.
Click Ok to save the configuration. Now try to open a web page and see if you can open it. If you can then the configuration is set correctly.
Step 10: Setup the Delay Pool.
As I want to do bandwidth shaping then I needs to setup the Delay Pool. Here is the configuration:
#
#Default:
# delay_pools 0
delay_pools 1
delay_class 1 1
Then create delay_access:
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
#
#Default:
# none
delay_access 1 allow our_networks
delay_access 1 deny all
Now we setup how much bandwidth we want to allocate. For example, you have 384 Kbps ADSL connection which means you can download at around 40KB/s. Now you want to shape the maximum to around 30KB/s download rate, here is the configuration:
#
#delay_parameters 2 32000/32000 8000/8000 600/8000
#
# There must be one delay_parameters line for each delay pool.
#
#Default:
# none
delay_parameters 1 30000/30000
Step 11: Restart the Squid service from: Control Panel > Administrative Tools > Services
Done! Now you have 30KB/s for browsing and another 10KB/s reserved for other internet connection like chatting or streaming radio 
May 25th, 2009 - 16:41
does all the client setup to access via proxy or they directly connected to the internet?
if they are directly connected to the internet then the rule in the proxy is not used as they didn’t connected through proxy
May 25th, 2009 - 17:13
all are setup to use through proxy only
The acl is as follows pls check
acl localnet src 192.168.170.0/24
acl jaffer src 192.168.170.42/24
acl posadm src 192.168.170.12/24
acl lulu src 192.168.170.99/24
#
#Allowed clients
http_access allow jaffer
http_access allow lulu
http_access allow posadm
http_access deny localnet
#
# And finally deny all other access to this proxy
http_access deny all
May 26th, 2009 - 11:11
I soved it. /24 is not necessary when giving individual ip.
July 13th, 2009 - 08:44
Hi Markus,
i’m using Squid 2.7 STABLE 6 and Softperfect BWM on my windows server 2008, it’s new installation,
everything that required squid to run are checked, for example;
firewall, standard acl, BWM everything are OK.
but when i try to enable Squid, the client can’t access to the internet anymore, but still can telnet to the server.
please advise…
Thank you.
July 13th, 2009 - 08:55
and also 1 more thing, this might be makes more clearly, here’s my conf
…
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl bad_url dstdomain “c:\squid\etc\restricted-sites.squid”
acl badkeywords url_regex “c:\squid\etc\squid-blockkeywords.acl”
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname …
#
# NOTE on default values:
#
# If there are no “access” lines present, the default is to deny
# the request.
#
# If none of the “access” lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an “deny all” or “allow all” entry at the end
# of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access deny bad_url
http_access deny badkeywords
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
August 11th, 2009 - 02:41
hi there i having problem i do every thing but when i started the Squid services for Administrative tool its give the Error
Could not start the SquidNT service on Local Computer.
Error 1067: The process terminated unexpectedly
August 11th, 2009 - 02:51
please see the error log, and paste here the error you see there
August 11th, 2009 - 02:58
how could i see the log if the services are not running this is the error comes in front when i start the services
Could not start the SquidNT service on Local Computer.
Error 1067: The process terminated unexpectedly
Error 1067
August 11th, 2009 - 03:04
go to: C:\squid\var\logs
August 11th, 2009 - 03:14
The following messege
2009/08/11 00:06:36| Starting Squid Cache version 2.7.STABLE6 for i686-pc-winnt…
2009/08/11 00:06:36| Running as Squid Windows System Service on Windows Server 2003
2009/08/11 00:06:36| Service command line is:
2009/08/11 00:06:36| Process ID 176
2009/08/11 00:06:36| With 2048 file descriptors available
2009/08/11 00:06:36| With 2048 CRT stdio descriptors available
2009/08/11 00:06:36| Windows sockets initialized
2009/08/11 00:06:36| Using select for the IO loop
2009/08/11 00:06:36| Performing DNS Tests…
2009/08/11 00:06:36| Successful DNS name lookup tests…
2009/08/11 00:06:36| DNS Socket created at 0.0.0.0, port 1653, FD 5
2009/08/11 00:06:36| Adding DHCP nameserver 10.0.16.1 from Registry
2009/08/11 00:06:36| Adding DHCP nameserver 10.125.132.12 from Registry
2009/08/11 00:06:36| Adding domain from Registry
2009/08/11 00:06:36| User-Agent logging is disabled.
2009/08/11 00:06:36| Referer logging is disabled.
2009/08/11 00:06:36| errorTryLoadText: ‘c:/squid/share/errors/English/ERR_INVALID_REQ’: (2) No such file or directory
FATAL: failed to find or read error text file.
Squid Cache (Version 2.7.STABLE6): Terminated abnormally.
August 11th, 2009 - 03:51
this is your problem:
2009/08/11 00:06:36| errorTryLoadText: ‘c:/squid/share/errors/English/ERR_INVALID_REQ’: (2) No such file or directory
FATAL: failed to find or read error text file.
Squid Cache (Version 2.7.STABLE6): Terminated abnormally.
please re-download squid here: http://rapidshare.com/files/186522118/SquidProxyBWManager.rar and extract the squid zip file to c: drive
January 18th, 2011 - 07:12
Hey Markus – I am trying to configure squid 2.7 stable7 in windows server 2008. I gave the command to create service, it was fine. But when I started the service, I am getting error “Windows could not start the squid service on local computer Error 1067: The Process terminated unexpectedly”
Before doing with stable7, I tried stable8 (new release on this month), still got the same error. After that I deleted the service and & tried to reconfigure stable7, I couldnt find any log in C:\squid\var\logs….any suggestions what to do next……pls let me know.
January 31st, 2011 - 15:20
did you run the installation script as Administrator?
February 9th, 2011 - 06:13
Thanks Bro, I did run as Admin & it worked fine :)
August 11th, 2009 - 19:34
Thanks Brother problem resolved but its working as proxy server i install and configure the BM and port forwarding in it
i do the following
Open the newly copied c:\squid\etc\squid.conf in Notepad and locate the line http_port 3128. Add the keyword transparent to make Squid understand regular HTTP request, so the line is http_port 3128 transparent.
Before you start Squid for the first name, you must initialize its cache. Launch c:\squid\sbin\squid.exe -z to initialize the cache.
Install Squid as a Windows service. Launch c:\squid\sbin\squid.exe -i to install it as a service.
Attempt to start the service by typing net start squid at a command prompt.If it starts successfully, you have finished initial Squid configuration. If it does not and displays “The process terminated unexpectedly”, there is one more configuration parameter that you need to change. Open c:\squid\etc\squid.conf again and uncomment the unlinkd_program parameter. Then replace regular slashes with backslashes, i.e. change it from c:/squid/libexec/unlinkd.exe to c:\squid\libexec\unlinkd.exe. Now you should be able to start the Squid service cleanly.
but it is working as proxy server not transperent now what to do
August 11th, 2009 - 19:42
please read here: http://markus.revti.com/2009/01/squid-transparent-proxy-server-on-windows-server-2003/
August 11th, 2009 - 20:14
I do it but still not working
August 11th, 2009 - 20:18
what is not working? squid? SBM?
what are you try to do and what result you get?
can you browse the web?
please do explain more as i can’t help you if you only say “it doesn’t work” without giving more details
August 11th, 2009 - 22:37
i am providing interne services to 20 user ok i configure squid proxy server in linux it is working fine on client side browsing is fine msn messenger working fine issue comes when client is using torrent or P2P sofware,
P2p and torrent are not connecting so i decided to configure transperent proxy but i am unable to configure on linux then i search the Squid Nt read your article now squid is working fine as proxy server But when i direct the connect Eg no setting on Client side then it is not working no browsing no thing and when i set setting in explorer proxy setting then its working mean that squid is working as a proxy not transperent proxy i want to make every thing direct i am 2 LAn one connected to the DSL other to the internal network my BM port forwarding is not working
September 18th, 2009 - 20:17
Hello i have lease line (configure win 2003 server as router for share)
how could i see the log if the services are not running this is the error comes in front when i start the services
Could not start the SquidNT service on Local Computer.
Error 1067: The process terminated unexpectedly
Error 1067
September 18th, 2009 - 20:19
it’s on C:\squid\var\logs
September 19th, 2009 - 13:37
Hello
i am configure as par give staps its working but in local pc (install SquidNT) pc only how to alllow other pc
September 19th, 2009 - 15:53
the configuration here is allowing access to the proxy server from local network, see step 5:
acl our_networks src 192.168.0.0/16
http_access allow our_networks
if your network not using 192.168.x.x IP configuration then you have to change it.
then follow step 9 on each of your client PCs
September 19th, 2009 - 13:38
how to allow to other client pc
September 28th, 2009 - 17:15
Hello
I got the error DNS lookup fail when start service in Windows server 2003 how should i do:
009/09/28 12:24:03| Starting Squid Cache version 2.7.STABLE5 for i686-pc-winnt…
2009/09/28 12:24:03| Running as Squid Windows System Service on Windows Server 2003
2009/09/28 12:24:03| Service command line is:
2009/09/28 12:24:03| Process ID 2272
2009/09/28 12:24:03| With 2048 file descriptors available
2009/09/28 12:24:03| With 2048 CRT stdio descriptors available
2009/09/28 12:24:03| Windows sockets initialized
2009/09/28 12:24:03| Using select for the IO loop
2009/09/28 12:24:03| Performing DNS Tests…
FATAL: ipcache_init: DNS name lookup tests failed.
Squid Cache (Version 2.7.STABLE5): Terminated abnormally.