Squid/Configure

From ImageStream Router Documentation

< Squid(Difference between revisions)
Jump to: navigation, search
(Undo revision 2237 by Syoder (Talk))
 
(7 intermediate revisions not shown)
Line 1: Line 1:
==ImageStream's Default Squid Configuration==
==ImageStream's Default Squid Configuration==
 +
ImageStream runs Squid in Forward Proxy mode listening on TCP port 3128. To use the Squid cache in this default mode configure your Web browser to access the Squid proxy at your router's IP on the default port 3128.
 +
 +
[[Image:Squid_Firefox.JPG]]
 +
 +
Simply start squid with the default configuration to use the Forward Proxy mode.
 +
 +
==Transparent Proxy Configuration==
 +
Interception Caching goes under many names - Interception Caching, Transparent Proxying and Cache Redirection. Interception Caching is the process by which HTTP connections coming from remote clients are redirected to a cache server, without their knowledge or explicit configuration.
 +
 +
To configure squid for Transparent Proxy mode simply add the ''http_port 3129 transparent'' directive to your /etc/squid.conf file:
 +
 +
lab1:/usr/local/sand# pico /etc/squid.conf
 +
 +
Resulting file:
 +
include /usr/local/squid/etc/squid.conf
 +
http_port 3129 transparent
 +
 +
Next you will need to redirect all port 80 (web) and port 21 (ftp) traffic coming from your clients to port 3129.
 +
 +
Firewall configuration (rc.firewall):
 +
 +
# Redirect all Web traffic coming in Ethernet0 to Squid's transparent proxy port 3129
 +
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3129
 +
 +
# Redirect all FTP traffic coming in Ethernet0 to Squid's transparent FTP proxy (frox) port 2121
 +
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j REDIRECT --to-port 2121
 +
 +
==Bridged Transparent Proxy Configuration
 +
 +
Firewall configuration (rc.firewall):
 +
 +
# Tell the kernel to process bridged Web packets
 +
ebtables -t broute -A BROUTING -p IPv4 –ip-protocol 6 \
 +
  –ip-destination-port 80 -j redirect –redirect-target ACCEPT
 +
# Tell the kernel to process bridged FTP packets
 +
ebtables -t broute -A BROUTING -p IPv4 –ip-protocol 6 \
 +
  –ip-destination-port 21 -j redirect –redirect-target ACCEPT
 +
 +
# Redirect all Web traffic coming in the bridge ports to Squid's transparent proxy port 3129
 +
iptables -t nat -A PREROUTING -i bvi0 -p tcp –dport 80 -j REDIRECT –to-port 3129
 +
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3129
 +
iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3129
 +
 +
# Redirect all FTP traffic coming in the bridge ports to Squid's transparent FTP proxy (frox) port 2121
 +
iptables -t nat -A PREROUTING -p tcp -i bvi0 --dport 21 -j REDIRECT --to-port 2121
 +
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j REDIRECT --to-port 2121
 +
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 21 -j REDIRECT --to-port 2121
 +
 +
 +
Advanced users can override any and all of ImageStream's default settings via the /etc/squid.conf file by placing new directives after the ''include /usr/local/squid/etc/squid.conf'' line.
 +
 +
[[Squid default configuration|Squid default configuration (/usr/local/squid/etc/squid.conf)]]
==Running Squid==
==Running Squid==

Latest revision as of 15:20, 20 December 2009

ImageStream's Default Squid Configuration

ImageStream runs Squid in Forward Proxy mode listening on TCP port 3128. To use the Squid cache in this default mode configure your Web browser to access the Squid proxy at your router's IP on the default port 3128.

Squid Firefox.JPG

Simply start squid with the default configuration to use the Forward Proxy mode.

Transparent Proxy Configuration

Interception Caching goes under many names - Interception Caching, Transparent Proxying and Cache Redirection. Interception Caching is the process by which HTTP connections coming from remote clients are redirected to a cache server, without their knowledge or explicit configuration.

To configure squid for Transparent Proxy mode simply add the http_port 3129 transparent directive to your /etc/squid.conf file:

lab1:/usr/local/sand# pico /etc/squid.conf

Resulting file:

include /usr/local/squid/etc/squid.conf
http_port 3129 transparent

Next you will need to redirect all port 80 (web) and port 21 (ftp) traffic coming from your clients to port 3129.

Firewall configuration (rc.firewall):

# Redirect all Web traffic coming in Ethernet0 to Squid's transparent proxy port 3129
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3129
# Redirect all FTP traffic coming in Ethernet0 to Squid's transparent FTP proxy (frox) port 2121
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j REDIRECT --to-port 2121

==Bridged Transparent Proxy Configuration

Firewall configuration (rc.firewall):

# Tell the kernel to process bridged Web packets
ebtables -t broute -A BROUTING -p IPv4 –ip-protocol 6 \
  –ip-destination-port 80 -j redirect –redirect-target ACCEPT
# Tell the kernel to process bridged FTP packets
ebtables -t broute -A BROUTING -p IPv4 –ip-protocol 6 \
  –ip-destination-port 21 -j redirect –redirect-target ACCEPT
# Redirect all Web traffic coming in the bridge ports to Squid's transparent proxy port 3129
iptables -t nat -A PREROUTING -i bvi0 -p tcp –dport 80 -j REDIRECT –to-port 3129
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3129
iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3129
# Redirect all FTP traffic coming in the bridge ports to Squid's transparent FTP proxy (frox) port 2121
iptables -t nat -A PREROUTING -p tcp -i bvi0 --dport 21 -j REDIRECT --to-port 2121
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j REDIRECT --to-port 2121
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 21 -j REDIRECT --to-port 2121


Advanced users can override any and all of ImageStream's default settings via the /etc/squid.conf file by placing new directives after the include /usr/local/squid/etc/squid.conf line.

Squid default configuration (/usr/local/squid/etc/squid.conf)

Running Squid

  • Start squid
lab1:/usr/local/sand# Start squid
Starting the Squid service...Adding user 'nobody' to the password file...
Adding user 'nobody' to the shadow file...
  Mounting add-on program partition read-write...  done.
  Mounting add-on program partition read-only...  done.
2009/06/16 14:45:00| Creating Swap Directories
2009/06/16 14:45:00| /usr/local/squid/var/cache exists
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/00
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/01
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/02
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/03
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/04
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/05
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/06
2009/06/16 14:45:00| Making directories in /usr/local/squid/var/cache/07
2009/06/16 14:45:01| Making directories in /usr/local/squid/var/cache/08
2009/06/16 14:45:01| Making directories in /usr/local/squid/var/cache/09
2009/06/16 14:45:02| Making directories in /usr/local/squid/var/cache/0A
2009/06/16 14:45:02| Making directories in /usr/local/squid/var/cache/0B
2009/06/16 14:45:02| Making directories in /usr/local/squid/var/cache/0C
2009/06/16 14:45:02| Making directories in /usr/local/squid/var/cache/0D
2009/06/16 14:45:04| Making directories in /usr/local/squid/var/cache/0E
2009/06/16 14:45:04| Making directories in /usr/local/squid/var/cache/0F
done.
Started FTP caching server...
Personal tools
Router software releases