Squid as a transparent web cache on FreeBSD

Posted: July 17, 2010 in Freebsd

thanks to Red Antigua

# Modify /etc/rc.conf
echo ‘# IPFILTER enabled’ >> /etc/rc.conf
echo ‘ipfilter_enable=”YES”‘ >> /etc/rc.conf
echo ‘ipfilter_program=”/sbin/ipf”‘ >> /etc/rc.conf
echo ‘ipfilter_rules=”/etc/ipf.rules”‘ >> /etc/rc.conf
echo ‘ipfilter_flags=””‘ >> /etc/rc.conf
echo ‘# IPNAT enabled’ >> /etc/rc.conf
echo ‘ipnat_enable=”YES”‘ >> /etc/rc.conf
echo ‘ipmon_enable=”/sbin/ipf”‘ >> /etc/rc.conf
echo ‘ipfs_enable=”/sbin/ipf”‘ >> /etc/rc.conf
# ipfilter rules for transparent cache (change fxp0 to whatever NIC you use)
echo ‘## Allow ALL , loopback’ > /etc/ipf.rules
echo ‘pass in on lo0 all’ >> /etc/ipf.rules
echo ‘pass out on lo0 all’ >> /etc/ipf.rules
echo ‘## Allow ALL, fxp0’ >> /etc/ipf.rules
echo ‘pass in on fxp0 all’ >> /etc/ipf.rules
echo ‘pass out on fxp0 all’ >> /etc/ipf.rules
# ipnat rule for transparent cache (change fxp0 to whatever NIC you use)
echo ‘## Redirect incoming TCP traffic port 80 on fxp0 to port 3128 (Squid)’ > /etc/ipnat.rules
echo ‘rdr fxp0 0/0 port 80 -> 127.0.0.1 port 3128 tcp’ >> /etc/ipnat.rules
# Recompile kernel with ipfilter support, increase the NMBCLUSTERS parameter
cd /sys/i386/conf
cp GENERIC IPFILTER
echo ‘options IPFILTER #ipfilter support’ >> IPFILTER
echo ‘options IPFILTER_LOG #ipfilter logging’ >> IPFILTER
echo ‘options NMBCLUSTERS=32768 #set max mbufs, check with netstat -m’ >> IPFILTER
/usr/sbin/config IPFILTER
cd ../../compile/IPFILTER
make depend
make
make install
reboot
# Squid as transparent cache
# Build
gunzip -c squid-2.5.STABLE6.tar.gz |tar -xf –
cd squid-2*
env CPPFLAGS=”-I/usr/src/sys/contrib/ipfilter/netinet” ./configure –prefix=/usr/local/squid –enable-ipf-transparent
# Build with WCCP support:
env CPPFLAGS=”-I/usr/src/sys/contrib/ipfilter/netinet” ./configure –prefix=/usr/local/squid –enable-ipf-transparent –enable-wccp
make all
make install
# Configure /usr/local/squid/etc/squid.conf:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Cache dir size (45000 = 45 GB in this example, don’t use more than half the partition size)
cache_dir ufs /usr/local/squid/var/cache 45000 16 256
#Max object size in memory
cache_mem 64 MB
#Max object size on disk
maximum_object_size 200000 KB
maximum_object_size_in_memory 128 KB
# Disable store.log
cache_store_log none
# The following line requires WCCP on your router redirecting the web traffic to Squid
wccp_router YOUR.ROUTER.IP.HERE
# Startup script
cp squid.sh /usr/local/etc/rc.d/squid.sh
chmod 755 /usr/local/etc/rc.d/squid.sh
# Log file permissions
chown -R nobody:nobody /usr/local/squid/var/logs
# Create cache
mkdir /usr/local/squid/var/cache
chown -R nobody:nobody /usr/local/squid/var/cache
/usr/local/squid/sbin/squid -z
# If the following error:
# FATAL: Could not determine fully qualified hostname. Please set ‘visible_hostname’
# then edit squid.conf:
visible_hostname squid.YOURDOMAINHERE.com
# Start Squid
/usr/local/etc/rc.d/squid.sh start
# Web tools
– Install Apache, configure to run on port 8080
– Install rrdtool from ports, /usr/ports/net/rrdtool
– Install webalizer from ports, /usr/ports/www/webalizer, configure to use squid.conf and incremental log
# Cron jobs
# Run webalizer a quarter to midnight only, as during the day it affects the traffic
45 23 * * * /usr/local/bin/webalizer
# Rotate squid log file at 0:00 AM (midnight)
0 0 * * * /usr/local/squid/sbin/squid -k rotate
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s