CS & IT Solutions

First we will compile kernal

proxy # cd / usr/src/sys/i386/conf /

backup your kernel configuration file used to it:

Proxy # cp GENERIC GENERIC-BAK

edit GENERIC file with your favorite editor

Proxy#nano GENERIC

and add these below options

its is optional for telling your kernal about cpu

cpu I686_CPU

#For optimizing squid #

options SYSVMSG
options MSGMNB=32768
options MSGMNI=164
options MSGSEG=8196
options MSGSSZ=512
options MSGTQL=2048

Add these lines below device

# For PF #

device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ # Class Bases Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In / Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build

after that

Proxy # config GENERIC
proxy # cd .. / .. / compile / GENERIC

or some times if you have installed standard installation then

proxy # cd .. / compile / GENERIC
proxy # make & & make depend
proxy # make & & make install

Install Squid

we need perl

proxy# cd /usr/ports/lang/perl5.10/
proxy# make install clean

Create group and user that will be used to run the squid:

proxy# pw group add squid -g 100
proxy# pw user add squid -u 100 -g squid -s /usr/sbin/nologin -d /usr/local/squid
proxy# chown -Rv squid:squid /cache
proxy# cd /usr/local/
proxy# fetch http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE23.tar.bz2
proxy# tar -zxvf squid-3.0.STABLE23.tar.bz2
proxy# cd squid-3.0.STABLE23

proxy# ./configure -prefix=/usr/local/squid \
–enable-gnuregex \
–enable-async-io=24 –with-pthreads –with-aio –with-dl –with-aufs-threads=24 –with-pthreads \
-enable-pf-transparent \
–enable-ipfw-transparent \
-enable-storeio=aufs \
-enable-removal-policies=heap \
-enable-delay-pools \
-enable-underscores \
–enable-http-violations \
–enable-unlinkd \
-enable-snmp \
-enable-useragent-log \
-enable-htcp \
-enable-ssl \
-enable-icmp \
–enable-poll \
-enable-arp-acl \
-enable-cache-digests \
-enable-kill-parent-hack \
-enable-large-cache-files \
-enable-follow-x-forwarded-for \
-enable-default-err-languages=English \
-enable-err-languages=English \
-disable-ident-lookups \
-disable-hostname-checks \
-disable-wccpv2 \
-disable-wccp && “Successful Done”

proxy# make && make install

After that edit the squid.conf is in accordance with the needs

proxy# ee /usr/local/squid/etc/squid.conf

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.10.0/27
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 8080 transparent
hierarchy_stoplist cgi-bin ?

cache_mem 6 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap LFUDA

cache_replacement_policy heap GDSF
cache_dir aufs /cache 10000 24 256
maximum_object_size 128 MB
cache_swap_low 90
cache_swap_high 95

access_log /var/log/squid/logs/access.log
cache_log /var/log/squid/logs/cache.log

coredump_dir /cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_mgr webmaster@domainku.com-(0752-xxxxxx)
cachemgr_passwd squid-cache password
cache_effective_user squid
cache_effective_group squid

proxy# squid -z
2009/05/10 16:38:37| Creating Swap Directories

first lets check the configuration with the command:

proxy # / usr / local / squid / sbin / squid-k parse
proxy # / usr / local / squid / sbin / squid-NCd1

once considered sufficient, a squid path:

proxy # / usr / local / squid / sbin / squid

and to run the config change, can be a command

proxy # / usr / local / squid / sbin / squid-k reconfigure

let me restart the streets every time the input parameters to the / etc / rc.conf

squid_enable = “YES”
pf_enable = “YES”

or enter the command /usr/local/squid/sbin/squid to /etc/rc.local

then add in / etc/ rc.local

chgrp squid /dev/pf & & chmod g+rw /dev/ pf