Usually, you would operate a Linux machine with a user account rather than the super-user root account, which provides privileges that allow you to render the OS inoperable. When setting things up for the first time, though, overall privileges are appropriate. Just be careful.
The first job was to select the services that could safely be switched off, using the principle that only software whose purpose you know -- or at least have an idea ought to be running -- should be left live. The first candidate for switch-off was telnet -- there are few justifications these days for telnetting into a server, since it's very insecure and there are better alternatives such as the cross-platform VNC. We switched off cups and other print serving services, since we shan't be using those, along with NFS, Unix's native but insecure file sharing system. Other services disabled included SNMP, PCMCIA and, for the moment, httpd -- the Apache Web server.
Items we ensured were running included Squid, the Web caching service; FTP, so we could access files from elsewhere on the network; and of course SMB, the Samba server that shares files for Windows networks.
Once it looked more like a server, we switched on the required features. First we created user accounts with RHL's user manager and assigned their home directories to folders on the 40GB disk. On this occasion, there was no need to rummage around in Linux's text-based configuration files. With that basic task done, it was time to turn to start building the server proper.
Web caching
Web caching speeds up browsing for all users, and saves download volumes by storing frequently used objects so they can be delivered to users quickly from local storage. It's part of RHL and comes with a sensibly configured configuration file (/etc/squid/squid.conf -- recognised as a configuration file by Linux via its .conf extension). What's more, the configuration file, although large, is well self-documented which makes the task much easier.
Access control
Squid's default settings work fine as a basic proxy and caching server, so the main issue is to define who can have access to the cache and who can't. You'll want to provide access to nodes on the local network while denying access to anyone from the outside. Assuming your LAN uses the subnet 192.168.1.0, you would do this by adding the subnet to the access control list as follows:
http_access allow 192.168.1.0/255.255.255.0
For most small addresses outside that subnet will be refused. However, making it explicit by adding:
http_access allow localhost
http_access deny all
is good practice. We also changed the default IP port of 3128 to the more memorable 8080:
http_port 8080
Performance
Improving performance is the next step. We increased the amount of memory that Squid devotes to caching objects -- the server won't have a huge amount else to do, and we've stuffed it with memory for this reason. So we changed the default cache_mem setting as follows:
cache_mem 50 MB
Then we increased the maximum size of object Squid will save in RAM to 32MB:
maximum_object_size 32768 KB
That's probably all you need to get started.
13%
1%
Just a quick correction - if you're using a 2.4.x kernel (as in this article), you'll be using 'iptables' for firewall config rather than the older 'ipchains'. Hence I suggest you read the iptables howto rather than the ipchains one, as that won't get you far :)