CS & IT Solutions

Squid is a proxy server and web cache daemon. It has a wide variety of uses: caching web, filtering traffic, caching DNS and other computer network lookups for a group of people sharing network resources.

Squid is primarily designed to run on Unix-like systems but it also runs on Windows-based systems. In this tutorial I’ll show you how to install and configure squid proxy server to run under Linux and FreeBSD.

A proxy server software is based on the TCP/IP protocol. It monitors a special port such as 3128 or 8080. A computer who runs a proxy server software is called a proxy server. If other computer want to connect to Internet through the proxy server, it should know the proxy server’s IP address and proxy port.

1. Squid Installation

Squid source code is available from squid-cache.org.Installation instructions are available in the ReadMe file in the source tar file. There is also binary packages for CentOS, Fedora, Red Hat Enterprise Linux, Ubuntu, Debian, FreeBSD and NetBSD.

To install Squid under CentOS/Fedora/RHEL, enter:

yum install squid

To install Squid under Debian/Ubuntu, enter: Read the rest of this entry »

Squid2MySQL for FreeBSD 5.2 (08.07.2004 r)

What Squid2MySQL? This authorization, and accounting traffic users
Internet. There is a proxy-server Squid (http://www.squid-cache.org/)
and the database MySQL, (http://dev.mysql.com/)
Squid caching of information involved, and MySQL stores information about
user (name, password, URL and downloaded, etc.).
Binder link – it Squid2MySQL (http://evc.fromru.com/squid2mysql/download.html) 1.0.0
by Eugene V. Chernyshev for Linux.

For those who use Linux as the OS for servers – it will be better
Visit poster’s Squid2MySQL and use information from
Copyright (http://evc.fromru.com/squid2mysql/download.html) site.
I just ported squid2mysql under FreeBSD, and corrected a few errors
them were reported to the author for correspondence e-mail.

This article describes the stages and features of the installation of the corrected
version squid2mysql under FreeBSD.
Let’s go …

1) must be installed MySQL, Squid and Perl. Check
efficiency of these programs: go to MySQL, make a simple
request to table mysql; check Perl command perl-v; do not forget
do for Squid base command squid-z. Check the DNS team
nslookup host, if there will be problems with DNS, you will not run Squid.

2) Download the archive squid2mysql (http://www.uvsw.narod.ru/project/squid2mysql_v.tar.gz)
under FreeBSD (~ 600 Kb) and unpack

# Tar-zxvf squid2mysql_v.tar.gz

3) Go to the newly created directory squid2mysql_v. Go to the subdirectory
for_perl and install the modules for the Perl DBI-1.42.tar.gz and
Msql-Mysql-modules-1.2219.tar.gz or download the newer.

# Tar-zxvf DBI-1.42.tar.gz
# Cd DBI-1.42
# Perl Makefile.PL
# Make
# Make test
# Make install

analogous set module Msql-Mysql-modules-1.2219.tar.gz Read the rest of this entry »

First we will compile kernal

proxy # cd / usr/src/sys/i386/conf /

backup your kernel configuration file used to it:

Proxy # cp GENERIC GENERIC-BAK

edit GENERIC file with your favorite editor

Proxy#nano GENERIC

and add these below options

its is optional for telling your kernal about cpu

cpu I686_CPU

#For optimizing squid #

options SYSVMSG
options MSGMNB=32768
options MSGMNI=164
options MSGSEG=8196
options MSGSSZ=512
options MSGTQL=2048

Add these lines below device

# For PF #

device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ # Class Bases Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In / Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build

after that

Proxy # config GENERIC
proxy # cd .. / .. / compile / GENERIC

or some times if you have installed standard installation then

proxy # cd .. / compile / GENERIC
proxy # make & & make depend
proxy # make & & make install

Install Squid

we need perl

proxy# cd /usr/ports/lang/perl5.10/
proxy# make install clean

Create group and user that will be used to run the squid:

proxy# pw group add squid -g 100
proxy# pw user add squid -u 100 -g squid -s /usr/sbin/nologin -d /usr/local/squid
proxy# chown -Rv squid:squid /cache
proxy# cd /usr/local/
proxy# fetch http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE23.tar.bz2
proxy# tar -zxvf squid-3.0.STABLE23.tar.bz2
proxy# cd squid-3.0.STABLE23

proxy# ./configure -prefix=/usr/local/squid \
–enable-gnuregex \
–enable-async-io=24 –with-pthreads –with-aio –with-dl –with-aufs-threads=24 –with-pthreads \
-enable-pf-transparent \
–enable-ipfw-transparent \
-enable-storeio=aufs \
-enable-removal-policies=heap \
-enable-delay-pools \
-enable-underscores \
–enable-http-violations \
–enable-unlinkd \
-enable-snmp \
-enable-useragent-log \
-enable-htcp \
-enable-ssl \
-enable-icmp \
–enable-poll \
-enable-arp-acl \
-enable-cache-digests \
-enable-kill-parent-hack \
-enable-large-cache-files \
-enable-follow-x-forwarded-for \
-enable-default-err-languages=English \
-enable-err-languages=English \
-disable-ident-lookups \
-disable-hostname-checks \
-disable-wccpv2 \
-disable-wccp && “Successful Done”

proxy# make && make install

After that edit the squid.conf is in accordance with the needs

proxy# ee /usr/local/squid/etc/squid.conf

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.10.0/27
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 8080 transparent
hierarchy_stoplist cgi-bin ?

cache_mem 6 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap LFUDA

cache_replacement_policy heap GDSF
cache_dir aufs /cache 10000 24 256
maximum_object_size 128 MB
cache_swap_low 90
cache_swap_high 95

access_log /var/log/squid/logs/access.log
cache_log /var/log/squid/logs/cache.log

coredump_dir /cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_mgr webmaster@domainku.com-(0752-xxxxxx)
cachemgr_passwd squid-cache password
cache_effective_user squid
cache_effective_group squid

proxy# squid -z
2009/05/10 16:38:37| Creating Swap Directories

first lets check the configuration with the command:

proxy # / usr / local / squid / sbin / squid-k parse
proxy # / usr / local / squid / sbin / squid-NCd1

once considered sufficient, a squid path:

proxy # / usr / local / squid / sbin / squid

and to run the config change, can be a command

proxy # / usr / local / squid / sbin / squid-k reconfigure

let me restart the streets every time the input parameters to the / etc / rc.conf

squid_enable = “YES”
pf_enable = “YES”

or enter the command /usr/local/squid/sbin/squid to /etc/rc.local

then add in / etc/ rc.local

chgrp squid /dev/pf & & chmod g+rw /dev/ pf

This is going to be an overview of the steps it takes to create a Walled Garden using FreeBSD, natd, ipfw and squid.

The basic scenario: You have a private IP network that you want to allow people to connect with, and you allow them basic web access (we’ll just do port 80 for now). For your default access you only want to allow these users to access certain URL’s – if they try to access anything else it will redirect them to your “portal” page. Presumbably your portal would have software that would do account signups and such, and once you authorize an ip you would allow it to connect to anything on the internet. Portal design won’t be discussed here, but I will show you how to punch a whole through the firewall.

For this exercise we are going to have a private ip network, and a public ip. Splitting off a management IP is highly advisable, but that won’t be covered here.

Our private IP network is going to be 10.7.0.0/16 our “public ip” is going to be 192.168.0.1 (which is really private, but ignore that – when deploying this substitute in a real public ip here)

First things first, you need to make sure your kernel has some options compiled into it, before doing anything else, go compile these in right now:

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_FORWARD

Once you install that kernel and reboot your server we can proceed with configuration.

For the next step let’s go ahead and install squid. This can be done using whatever method for installing software you prefer, but I’m going to list the package add method, because it’s so simple:

# pkg_add -r squid Read the rest of this entry »

‘m getting an error which read as follows under FreeBSD 7.2 server and Squid stable caching server:

WARNING! Your cache is running out of filedescriptors

How do I fix this problem and increase the number of system-wide available filedescriptors for FreeBSD server?

For busy proxy caching server, you need to to increase the number of system-wide available filedescriptors, by editing /etc/sysctl.conf file. There is no need to make changes to squid.conf.

Find Current Squid File Descriptors Limits Under FreeBSD

Type the following command:
# squidclient mgr:info | grep 'file descri'
OR
# squidclient -p 8080 -u USERNAME -w 'secretePassword' mgr:info | grep 'file descri'

Increase Squid File Descriptors Limits

Type the following command at a shell prompt:
# sysctl kern.maxfilesperproc=8192
# sysctl kern.maxfiles=65535
To keep settings after reboot add them to /etc/sysctl.conf
echo 'kern.maxfilesperproc=8192' >> /etc/sysctl.conf
echo 'kern.maxfiles=65535' /etc/sysctl.conf
Where,

1. kern.maxfilesperproc – Set maximum number of open files to 65535
2. kern.maxfiles – Set maximum files allowed open per process to 8192

Optionally you may also want to increase port ranges:
# sysctl net.inet.ip.portrange.last=65535
# sysctl net.inet.ip.portrange.first=1024

Finally restart the squid and verify you got new FD settings for squid proxy server:
# squidclient mgr:info | grep 'file descri'

source here