Red Antigua Logo
Yet another piece of web.
Search this site (by Google)
Tools    (top)
Check a site for broken links
(W3C)

Perl modules    (top)
Tree::Numbered::Tools
(CPAN)
Perl tutorials    (top)
Perl modules
HTML::Template
CGI::Application
Cookies with CGI::Application
Upload files with CGI::Application
Download files with CGI::Application
Redirect with CGI::Application
CPAN shell
Install DBD::mysql from the CPAN shell
Perl trim function
Validate an IP with Perl
Run suid Perl scripts under Apache
Perl taint mode
Perl date functions with Date::Calc

In Spanish
Curso de Perl

C tutorials    (top)
C - Introduction
C - Absolute beginner's Emacs
C - Examples for beginners
C - Makefile examples
C - Autotools examples
Server configurations    (top)
DNS
Apache
Apache Authentication and Access Control
mod_perl on FreeBSD
MySQL
MySQL add account
phpMyAdmin
Squid
DHCP

UNIX on Windows    (top)
MSYS2 - UNIX environment for MS Windows 32/64 bits
Apache setup on Windows
MySQL setup on Windows
PHP setup on Windows
Perl setup on Windows
Emacs setup on Windows
PuTTY
WinSCP
GIMP on Windows
MinGW - gcc on Windows
MSYS - UNIX-styled shell on Windows
msysDTK - autotools on Windows
GDB for MinGW on Windows

Misc. FreeBSD/UNIX    (top)
'portupgrade' on FreeBSD
'ipf' on FreeBSD
'pf' on FreeBSD
'su' on FreeBSD
Mount an ISO image under FreeBSD
Load the correct sound driver under FreeBSD without knowing what sound card you are using
Simultaneous sound channels on FreeBSD
FreeBSD network stuff
DOS-to-UNIX file conversion
favicon.ico on UNIX
Emacs tips
Command Line Calculator
Save multimedia streams with 'mplayer'
xargs - solution to 'Argument list too long'
Process multiple images from the command line using 'ImageMagick'
Turn the system bell off under X Windows
Process each line in an input file from the command line (or in a shell script)
How to keep a program running in the background using 'nohup'
How to remove symbolic links in the current directory using 'find' and 'rm'
How to remove Emacs backup files in the current directory and all subdirectories using 'find' and 'rm'
How to execute .profile without logging in
Configure X to handle non-English characters
How to move /var to /usr/var

Redirect a web page    (top)
Redirect to another web page
Apache redirect
C redirect
Perl redirect
PHP redirect
HTML redirect
JavaScript redirect

Javascript    (top)
Trim function
Login form
Register form
Popup window

Squid as a transparent web cache on FreeBSD
Squid as a transparent web cache on FreeBSD
This is a brief guide to install Squid and configure it to work as a transparent web cache.
This is a working configuration that has been used in production, but there are no explainations on each step.
The FreeBSD kernel is recompiled to activate the ipf firewall, and Squid is compiled with ipf support.
A router has to be configured to redirect web traffic (TCP port 80) to port 80 on the Squid box.
The steps how to configure the router are not included.
# Modify /etc/rc.conf
echo '# IPFILTER enabled' >> /etc/rc.conf
echo 'ipfilter_enable="YES"' >> /etc/rc.conf
echo 'ipfilter_program="/sbin/ipf"' >> /etc/rc.conf
echo 'ipfilter_rules="/etc/ipf.rules"' >> /etc/rc.conf
echo 'ipfilter_flags=""' >> /etc/rc.conf
echo '# IPNAT enabled' >> /etc/rc.conf
echo 'ipnat_enable="YES"' >> /etc/rc.conf
echo 'ipmon_enable="/sbin/ipf"' >> /etc/rc.conf
echo 'ipfs_enable="/sbin/ipf"' >> /etc/rc.conf

# ipfilter rules for transparent cache (change fxp0 to whatever NIC you use)
echo '## Allow ALL , loopback' > /etc/ipf.rules
echo 'pass in on lo0 all' >> /etc/ipf.rules
echo 'pass out on lo0 all' >> /etc/ipf.rules
echo '## Allow ALL, fxp0' >> /etc/ipf.rules
echo 'pass in on fxp0 all' >> /etc/ipf.rules
echo 'pass out on fxp0 all' >> /etc/ipf.rules

# ipnat rule for transparent cache (change fxp0 to whatever NIC you use)
echo '## Redirect incoming TCP traffic port 80 on fxp0 to port 3128 (Squid)' > /etc/ipnat.rules
echo 'rdr fxp0 0/0 port 80 -> 127.0.0.1 port 3128 tcp' >> /etc/ipnat.rules

# Recompile kernel with ipfilter support, increase the NMBCLUSTERS parameter
cd /sys/i386/conf
cp GENERIC IPFILTER
echo 'options         IPFILTER                #ipfilter support' >> IPFILTER
echo 'options         IPFILTER_LOG            #ipfilter logging' >> IPFILTER
echo 'options         NMBCLUSTERS=32768       #set max mbufs, check with netstat -m' >> IPFILTER
/usr/sbin/config IPFILTER
cd ../../compile/IPFILTER
make depend
make
make install
reboot

# Squid as transparent cache

# Build
gunzip -c squid-2.5.STABLE6.tar.gz |tar -xf -
cd squid-2*
env CPPFLAGS="-I/usr/src/sys/contrib/ipfilter/netinet" ./configure --prefix=/usr/local/squid --enable-ipf-transparent
# Build with WCCP support:
env CPPFLAGS="-I/usr/src/sys/contrib/ipfilter/netinet" ./configure --prefix=/usr/local/squid --enable-ipf-transparent --enable-wccp

make all
make install

# Configure /usr/local/squid/etc/squid.conf:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# Cache dir size (45000 = 45 GB in this example, don't use more than half the partition size) 
cache_dir ufs /usr/local/squid/var/cache 45000 16 256
#Max object size in memory 
cache_mem 64 MB
#Max object size on disk
maximum_object_size 200000 KB
maximum_object_size_in_memory 128 KB

# Disable store.log
cache_store_log none

# The following line requires WCCP on your router redirecting the web traffic to Squid
wccp_router YOUR.ROUTER.IP.HERE

# Startup script
cp squid.sh /usr/local/etc/rc.d/squid.sh
chmod 755 /usr/local/etc/rc.d/squid.sh

# Log file permissions
chown -R nobody:nobody /usr/local/squid/var/logs

# Create cache
mkdir /usr/local/squid/var/cache
chown -R nobody:nobody /usr/local/squid/var/cache
/usr/local/squid/sbin/squid -z

# If the following error:
#   FATAL: Could not determine fully qualified hostname.  Please set 'visible_hostname'
# then edit squid.conf:
visible_hostname squid.YOURDOMAINHERE.com


# Start Squid
/usr/local/etc/rc.d/squid.sh start

# Web tools
- Install Apache, configure to run on port 8080
- Install rrdtool from ports, /usr/ports/net/rrdtool
- Install webalizer from ports, /usr/ports/www/webalizer, configure to use squid.conf and incremental log

# Cron jobs
# Run webalizer a quarter to midnight only, as during the day it affects the traffic
45 23 * * * /usr/local/bin/webalizer
# Rotate squid log file at 0:00 AM (midnight)
0 0 * * * /usr/local/squid/sbin/squid -k rotate

More about Squid at:
http://www.squid-cache.org
More about transparent caching, also known as interception caching:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy


Last modified: Wed Sep 7 06:24:53 EDT 2016