Defcon1-Header
Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

SQUID How-To

How to Step by Step Installation of Squid
======================================================
1. Get Squid Port installed to do that
 cd /usr/ports/www/squid22/  (I prefer Squid22 better)

2. make install

Ok now that squid is installed, we have to configure the kernel , create
a swap directory and of course the squid.conf
======================================================
 
Configuring the kernel (This configuration is for Transparent caching
with FreeBSD)
======================================================
1. cd /usr/src/sys/i386/conf/ 
2.edit your kernel
       You got to add these two lines in your kernel

     options     IPFIREWALL
     options     IPFIREWALL_FORWARD

3. save exit

4. /usr/sbin/config (editted kernel)

5. cd ../../compile/your kernel
6. make depend
7. make
8. make install

======================================================
             IP Firewall Rules
======================================================
Its time to configure the IP firewall rules with ipfw. By default, there are no "allow" rules and all packets are denied. Add this commands to /etc/rc.local just to be able to use the machine on the network:

    ipfw add 60000 allow all from any to any But we're still not hijacking connections. To accomplish that, add these rules:
    ipfw add 49 allow tcp from 0.0.0.0 to any
    ipfw add 50 fwd 127.0.0.1 tcp from any to any 80
change the above (0.0.0.0) ip according to the ip address of your machine.

======================================================
            Editing squid.conf file
======================================================
NOTE: This options may be needed to be changed to get Squid running. Most user will not need to change all of these settings. You will need to change at least one part of the configuration file though: the default squid.conf denies access to all browsers. If you don't change this, Squid will not be very useful!
       http_access deny all

change this to
       http_access allow all
 
P.N. : The above setting will run the Squid. The below setting will allow more capability and performance of squid.
======================================================
            Setting Squid's HTTP Port
======================================================
You can use multiple ports appending a second port number to the
http_port variable. Here is an example:
           http_port 3128 8080
======================================================
Forwarding all request to another Proxy Server
======================================================
You need to give Squid a parent cache. Second, you need to tell Squid it can not connect directly to origin servers. This is done with three configuration file lines:
    cache_peer example.proxy.com parent 3128 0 no-query default
    acl all src 0.0.0.0/0.0.0.0
    never_direct allow all


In case you want to be able to use direct connections when all the parents go down you should use a different approach: 
    cache_peer example.proxy.com parent 3128 0 no-query
    prefer_direct off

=====================================================
What is ACL? (Configuring of permission for only Network/local/dial-in
users) 
ACCESS CONTROL LIST.
=====================================================
acl off src "/usr/local/etc/squid/data/list" (Note: created a file with
all the ip No. and called the file list. Called ACL as off)
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT



# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow off  (Note: Only the IP in the list file will be
allowed to squid)
http_access deny all   ((Note: Rest all be denied with squid error)

# TAG: icp_access
# Reply to all ICP queries we receive
# same as above
icp_access allow off
icp_access deny all

=====================================================
             Running of Squid
=====================================================
Squid should now be configured, and the directories should have the
correct permissions. We should now be able to start Squid, and you can
try and access the cache with a web browser.
         cache1:~ # /usr/local/squid/bin/squid -z
Note: If any error message or permission denied, just chmod accordingly.
This will take sometime to create, depending on the speed of your
computer.
Reboot your computer and Squid will be running on the startup.

====================================================
ROBERT PINTO               

Hi Friends ,
      Big thanks to SOLARIS_S and Group from #freebsdhelp For giving
me this opportunity to write this HOW-TO. Well this is how I first installed it on freeBSD 4.1 than tried on 4.2 and belive me it works great did everything that I wanted to do with squid proxy, cache, transparent-proxy and other stuff..First time it took me hell of a time to configure it but now it look a piece of cake so thought to share with you guys. Below you will find a easy way just follow step –by step instruction and believe me you will not have any problem (a big pat on my back...hahahah)
      
Peace to the Guys in #freebsdhelp love you guys J 

© 1997 - 20013 Defcon1, www.defcon1.org , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.

Defcon1-Header2
Tool-Bar-2Defcon1  Webmail