Definiton reference squid-chache.org., Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Here i am trying to combined mikrotik router and centos 5.2 64 bit where mikrotik as router for my workstation and the centos as squid server to cache website traffic.
EOIP ( Ethernet Over Internet Protokol) is Mikrotik Proprietary Protocol see on manual mikrotik (http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP), as long as i know this protokol only on mikrotik so if you want build tunneling using protocol eoip you should have mikrotik on a both side of your network. Below sample topology configuration on my network.
Asume we have configuration eoip tunneling betwen R3 & R1 also internet connection on R1 have working properly.
Configuration on R3 Mikrotik :
# ip address add address=10.20.30.2/30 interface=eoip
# ip address add address=172.22.22.2/31 interface=ether2
# ip address add address=192.168.0.1/24 interface=ether3
Adding nat and redirect port 80 to proxy/squid server
#chain=srcnat action=src-nat to-addresses=10.20.30.2 src-address=192.168.0.0/24 dst-address=0.0.0.0/0 out-interface=eoip protocol=tcp
#chain=dstnat action=dst-nat to-addresses=172.22.22.2 to-ports=3128 src-address=192.168.0.0/24 dst-address=0.0.0.0/0 dst-port=80 protocol=tcp
Configuration on proxy/squid server on centos 5.2 64 bit
You should using root to make this configuration
From the console following this command
#setup è setup ip address and default gateway (ip address 172.22.22.2 netmask 255.255.255.252 and the gateway 172.22.22.1
#nano /etc/resolv.conf èyou can use another text editor for this example I am using nano text editor. Use dns from your ISP
Installing squid using yum
# yum install squid
after finishing installation I will configuration squid, for configuration I am using nano editor text edito.
# nano /etc/squid/squid.conf èin my configuration like this
http_port 3128 transparent
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
access_log /var/log/squid/access.log squid
cache_mem 3000 MB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_swap_low 90
cache_swap_high 95
ipcache_size 3048
ipcache_low 98
ipcache_high 99
negative_ttl 2 minutes
half_closed_clients off
memory_pools off
buffered_logs on
cache_dir aufs /var/spool/squid/cache_01 6000 16 256
cache_dir aufs /var/spool/squid/cache_02 6000 16 256
cache_dir aufs /var/spool/squid/cache_03 6000 16 256
cache_dir aufs /var/spool/squid/cache_04 6000 16 256
visible_hostname PROXY
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
client_db off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl webserver src 172.22.22.2/255.255.255.255
http_access deny manager webserver
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.0.0/24
acl freeaccess src 192.168.0.254/255.255.255.255 #my ip get free access
acl restword url_regex -i “/etc/squid/nogoogle.txt” #block word prhase akses, define the words on the file nogoogle.txt
http_access deny restword lan
acl restdomain dstdomain “/etc/squid/blokdomain.txt” #block some domain here, define the domain you want block on this file
http_access deny restdomain lan
acl nodownload time MTWHF 07:00-16:30 #rule for ekstention download schedule
acl ekstension url_regex -i .mp3 .avi .mpeg .mpe .mpg .qt .rm .wav .3gp .wma
reply_body_max_size 2048000 allow ekstension nodownload !freeaccess
acl your_username proto cache_object # your username to access monitoring via web
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
##acl chatingan
acl SSL_ports port 1863 # MSN Messenger (Pidgin)
acl SSL_ports port 5050 # Yahoo Messenger (Pidgin)
# yahoo messenger File Transfer Connection (HTTP)
acl Safe_ports port 5000-5010
#acl for gmail
acl SSL_ports port 995 # pop
acl SSL_ports port 465 # smtp
acl Safe_ports port 995 # pop
acl Safe_ports port 465 # smtp
###acl other
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop
acl Safe_ports port 143 # imap
acl SSL_ports port 7071 # zimbra
acl SSL_ports port 446 # openfiler
acl Safe_ports port 446 # openfiler
acl Safe_ports port 3268 # zimbra GAL
acl CONNECT method CONNECT
cachemgr_passwd your_password all #password for access monitoring squid change your_password for your own
cache_mgr your_email # email of admin
http_access allow localhost
http_access allow lan
http_access allow freeaccess
http_access allow SSL_ports
http_access allow Safe_ports
http_access allow manager webserver
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
Then save and edit from text editor and then using this command
# squid –z
#/etc/init.d/squid start
