Ever wanted to manage a chunk of internet traffic? Whether you are learning to use network management tools or doing something more nefarious, having a test bed of traffic is an important tool. Follow this tutorial and you'll be the boss of more traffic than you can handle. I'm showing you how to create an open internet proxy with Squid.

What's a proxy?

A proxy is a device that acts as an intermediary between your computer and the server that you are trying to reach. There are several reasons that you might want a proxy:

• Masking network addresses: Hackers use proxies because their source address is hidden from the destination, making it non-obvious who is doing the hacking. People behind firewalls (for instance, people who can't surf facebook at work) use proxies because the destination address is hidden from their corporate oppressors, making facebook appear despite the restrictions.
• Caching: If you have multiple people requesting the same website, the proxy only has to get the files from the remote server once. In big networks this can save real money.
• Policy Enforcement: The proxy can enforce policies (like no porn or gambling) for its users.

That last one is important. In order to effectively enforce policies, the proxy must be able to monitor and modify all the traffic. And if you run the proxy, those tools are yours.

What you need to get started

While it's possible to do this on your personal desktop, it is not at all advisable. You should have a VPS - virtual private server. One with unmetered bandwidth. The one I use has 3 cores, 3Gb of RAM and 60GB SSD. It does really well at running squid plus doing the packet inspection things I want it to. You only need one IP address. In this tutorial, I'll show you commands for Debian/Ubuntu - so that is the operating system you should pick.

Setting Up Squid

The first step is to install squid.

sudo apt update && sudo apt install squid

We configure squid via a 7900 line configuration file (no kidding) at /etc/squid/squid.conf. The file is that big because it's also a large part of the documentation for each feature. Learn how to search for a phrase in your favorite text editor.Here are the lines we need to add or modify.

• http_port: This is the port that squid will be accessible on. Modify the existing line to make it become a more widely known port. It should read

  http_port 8080

• http_access: This tells squid who is able to access the server. You'll see a line in the file that says "http_access deny all", in the line above it, add

  http_access allow all

• dns_v4_first: This line will increase the performance of your squid proxy dramatically. At least it did for me. Find the line that says "# dns_v4_first off" and remove the# that indicates a comment, then change it to say

  dns_v4_first on

Next we're going to set up "delay pools". These govern how much bandwidth Squid and your users are allotted. You can read all about it in the .conf file. Underneath the line that reads "# TAG: delay_pools" add the following

delay_pools 1delay_class 1 1delay_parameters 1 32000/64000delay_access 1 allow all

These lines say 1) there is only one delay pool, 2) delay pool number one is of class one (limits total bandwidth), 3) delay pool 1 is limited to this much bandwidth (these settings work out to ~2Mbps, don't ask me how that math works), and 4) all traffic goes into delay_pool 1.That's it. You've done the bare minimum to get squid running well. Now let's just restart it and we're ready to go.