Ard Notes
  • Home
  • Privacy
  • Contact Me
  • About Ardnetwork
You are here : Ard Notes » Linux » Configuration Squid on Centos 5

Configuration Squid on Centos 5

Posted By admin On Sunday, November 27, 2011 08:41 PM. Under Linux  

Definiton reference squid-chache.org., Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

Here i am trying to combined mikrotik router and centos 5.2 64 bit where mikrotik as router for my workstation and the centos as squid server to cache website traffic.

EOIP ( Ethernet Over Internet Protokol) is Mikrotik Proprietary Protocol see on manual mikrotik (http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP), as long as i know this protokol  only on mikrotik so if you want build tunneling using protocol eoip you should have mikrotik on a both side of your network. Below sample topology configuration on my network.

Asume we have configuration eoip tunneling betwen R3 & R1 also internet connection on R1 have working properly.

Configuration on R3 Mikrotik :

# ip address add address=10.20.30.2/30 interface=eoip

# ip address add address=172.22.22.2/31 interface=ether2

# ip address add address=192.168.0.1/24 interface=ether3

 

Adding nat and redirect port 80 to proxy/squid server

#chain=srcnat action=src-nat to-addresses=10.20.30.2 src-address=192.168.0.0/24 dst-address=0.0.0.0/0 out-interface=eoip protocol=tcp

#chain=dstnat action=dst-nat to-addresses=172.22.22.2 to-ports=3128 src-address=192.168.0.0/24 dst-address=0.0.0.0/0 dst-port=80 protocol=tcp

 

Configuration on proxy/squid server on centos 5.2 64 bit

You should using root to make this configuration

From the console following this command

#setup è setup ip address and default gateway (ip address 172.22.22.2 netmask 255.255.255.252 and the gateway 172.22.22.1

#nano /etc/resolv.conf èyou can use another text editor for this example I am using nano text editor. Use dns from your ISP

 

Installing squid using yum

# yum install squid

after finishing installation I will configuration squid,  for configuration I am using nano editor text edito.

# nano /etc/squid/squid.conf èin my configuration like this

http_port 3128 transparent

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

access_log /var/log/squid/access.log squid

cache_mem 3000 MB

cache_replacement_policy heap LFUDA

memory_replacement_policy heap GDSF

cache_swap_low 90

cache_swap_high 95

ipcache_size 3048

ipcache_low 98

ipcache_high 99

negative_ttl 2 minutes

half_closed_clients off

memory_pools off

buffered_logs on

cache_dir aufs /var/spool/squid/cache_01 6000 16 256

cache_dir aufs /var/spool/squid/cache_02 6000 16 256

cache_dir aufs /var/spool/squid/cache_03 6000 16 256

cache_dir aufs /var/spool/squid/cache_04 6000 16 256

visible_hostname PROXY

quick_abort_min 0 KB

quick_abort_max 0 KB

quick_abort_pct 98

client_db off

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl webserver src 172.22.22.2/255.255.255.255

http_access deny manager webserver

acl localhost src 127.0.0.1/255.255.255.255

acl lan src 192.168.0.0/24

acl freeaccess src 192.168.0.254/255.255.255.255 #my ip get free access

 

 

acl restword url_regex -i “/etc/squid/nogoogle.txt”   #block word prhase akses, define the words on the file nogoogle.txt

http_access deny restword lan

acl restdomain dstdomain “/etc/squid/blokdomain.txt”   #block some domain here, define the domain you want block on this file

http_access deny restdomain lan

 

acl nodownload time MTWHF 07:00-16:30   #rule for ekstention download schedule

acl ekstension url_regex -i .mp3 .avi .mpeg .mpe .mpg .qt .rm .wav .3gp .wma

reply_body_max_size 2048000 allow ekstension nodownload !freeaccess

 

acl your_username proto cache_object # your username to access monitoring via web

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443 563     # https, snews

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

##acl chatingan

acl SSL_ports port 1863         # MSN Messenger (Pidgin)

acl SSL_ports port 5050         # Yahoo Messenger (Pidgin)

# yahoo messenger File Transfer Connection (HTTP)

acl Safe_ports port 5000-5010                         

#acl for gmail

acl SSL_ports port 995          # pop

acl SSL_ports port 465          # smtp

acl Safe_ports port 995         # pop

acl Safe_ports port 465         # smtp

 

###acl other

acl Safe_ports port 25          # smtp

acl Safe_ports port 110         # pop

acl Safe_ports port 143         # imap

acl SSL_ports port 7071         # zimbra

acl SSL_ports port 446          # openfiler

acl Safe_ports port 446         # openfiler

acl Safe_ports port 3268        # zimbra GAL

acl CONNECT method CONNECT

 

cachemgr_passwd your_password all   #password for access monitoring squid change your_password for your own

cache_mgr your_email   # email of admin

http_access allow localhost

http_access allow lan

http_access allow freeaccess

http_access allow SSL_ports

http_access allow Safe_ports

http_access allow manager webserver

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access deny all

 

Then save and edit from text editor and then using this command

# squid –z

#/etc/init.d/squid start

 

Tags: centos, configuration, linux, squid

Trackbacks/Pingbacks

  1. What Is The Need Of Clean Window Registry? | RegEdit Cleaner
  2. HP?s TouchPad & webOS ? Losing the Fight (A Review of Sorts)hothotblogs.info – 5 | hothotblogs.info - 5
  3. HP Touchpad Review
  4. How To Make My Computer Go Faster | RegEdit Cleaner
  5. Ryan Morring
« Configuration Routing Table on Mikrotik
Samba Configuration On Centos 5.6 64 Bit »
  • StudioPress Premium WordPress Themes
  • Recent Posts
    • Taksi Uber Bandung
    • Make easy build multiple SSID and network using unifi vlan id
    • Linux command line example
    • Mikrotik Ipsec Site To Site Problem
    • Network Storage ISCSI Freenas 8 and Centos 5
  • Categories
    • Cloud Computing
    • Daily Notes
    • Data Center
    • Domain
    • Hosting
    • Linux
    • Mikrotik
    • Storage
    • Tips Today
    • Voip
    • Windows
  • Archives
    • August 2015
    • May 2013
    • January 2013
    • September 2012
    • June 2012
    • May 2012
    • April 2012
    • March 2012
    • February 2012
    • January 2012
    • December 2011
    • November 2011
    • October 2011
    • September 2011
    • May 2011
    • December 2010
  • Categories
    • Cloud Computing (4)
    • Daily Notes (2)
    • Data Center (5)
    • Domain (1)
    • Hosting (1)
    • Linux (7)
    • Mikrotik (4)
    • Storage (3)
    • Tips Today (6)
    • Voip (1)
    • Windows (3)
  • Pages
    • Privacy
    • Contact Me
    • About Ardnetwork
  • Archives
    • August 2015 (1)
    • May 2013 (1)
    • January 2013 (1)
    • September 2012 (1)
    • June 2012 (2)
    • May 2012 (1)
    • April 2012 (2)
    • March 2012 (5)
    • February 2012 (1)
    • January 2012 (2)
    • December 2011 (6)
    • November 2011 (7)
  • Blogroll
  • Meta
    • Log in
    • XHTML
    • CSS
Copyright © 2019. All Rights Reserved.