Hi there!
I have set up squid for satellite utilisation for more than one subnet which have different routes.
Since I need to have different outgoing addresses, squid 2.4 wasn't an option. I have to use squid 2.5 Devel 1 w/ http://squid.sourceforge.net/tosaddracl/ patch.
Please note that I am a newbie to squid and linux.
This is my system config:
IBM Netfinity 3000
PII 400MHz
192MB memory
(3) 9.1GB IBM SCSI UW HD
6.4GB WD IDE drive
3COM Etherlink NIC
Redhat 7.0.
Here are the instructions which I had to learn the hard way.
1. Install Linux (In my case Redhat 7.0)
Create user groups of your choice. Eg, squid and frox
2. Install webmin rpm http://www.webmin.com/webmin/
3. Use wedmin to install redhat kernel rpm latest update.
4. Follow the instructions below before rebooting.
http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade-3.html
mkinitrd /boot/initrd-kernel.img kernel
edit the /etc/lilo.conf file
image=/boot/vmlinuz-<kernel version goes here>
label=linux-test
root=<your root (/) partition goes here
initrd=/boot/initrd-<kernel version goes here>
read-only
then run lilo -v
5. For simplicity,
edit the etc/rc.local and paste in these statements at the bottom.
ulimit -HSn 8192
echo 1024 32768 > /proc/sys/net/ipv4/ip_local_port_range
echo 1024 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -I input 1 -s network/netmask -d 0/0 80 -p tcp -j REDIRECT 3128
AS many are you need for each subnet on your network
/sbin/ipchains -A input -p tcp -s network/netmask -d 0/0 21 -j REDIRECT 12345 (for FTP caching)
AS many are you need for each subnet on your network
/usr/local/squid/bin/squid
/usr/local/sbin/frox
Please follow the instructions on Joe Cooper page
"
One more thing you need to do before compiling squid is raise the number of file descriptors on your system. This requires two steps in recent 2.2.x series kernels. First you need to edit this line in the /usr/include/bits/types.h file:
#define __FD_SETSIZE 8192
"
Reboot the system and neglect the errors when squid and frox starts up.
6. Install Squid 2.5 http://www.squid-cache.org/Doc/FAQ/FAQ-2.html
7. Compile squid.
Here is a sample config. Do not config with items not needed.
./configure --enable-gnuregex --enable-splaytree --enable-xmalloc-statistics --enable-carp --enable-async-io --enable-storeio=diskd,ufs,aufs --enable-removal-policies=lru,heap --enable-icmp --enable-delay-pools --enable-kill-parent-hack --enable-snmp --enable-time-hack --enable-cachemgr-hostname=cacbdscachesrvr.cariaccess.com --enable-arp-acl --enable-htpc --enable-forw-via-db --enable-cache-digests
8. Do a make to compilie
9. Do a make install to install squid.
10. Do a make install-pinger
11. After you have created the cache directories run 'chown squid:squid /cache directories/
12. run chown again on the /usr/local/squid/logs.
13. Follow cachemgr config in http://www.squid-cache.org/Doc/FAQ/FAQ-9.html
14. Replace the squid.conf with your new config file in the /usr/local/squid/etc directory. (attach)
Installing FROX
1. down load frox. http://www.hollo32.fsnet.co.uk/frox/
I use the lastest snapshot
2. extract it.
tar xzf 'file'
3. run this command or also read the configure file for options. Follow the instructions on the website also.
This is my config script. ./configure --enable-cache --enable-transparent-data --enable-http-cache
4. Do a make and make install.
5. The frox config file will be in /usr/local/etc folder.
You must edit this file using either vi or pico and change the required settings.
Look at the attach sample.
6. type frox at the prompt to activate the frox.
7. You have a new squid machine.
If I have left out anything, please email me and let me know.
Again, please read the FAQ's. There are valuable.
Thank you very much.
Best regards,
Edward Millington
(Network Administrator & Senior Technical Support Technician)
Cariaccess Communications Ltd.
Wildey
St. Michael
Barbados
1-246-430-7435
Fax : 1-246-431-0170
www.cariaccess.com
FOR Additional Reading
The tosaddracl branch on Sourceforge has now been cleaned up, and as a
result the configuration directives have changed sligthly.
TAG: tcp_outgoing_tos
Allows you to select a TOS/Diffserv value to mark outgoing connections
with, based on the username or source address making the request.
tcp_outgoing_tos ds-field [!]aclname ...
Example where normal_service_net uses the TOS value 0x00 and
normal_service_net uses 0x20
acl normal_service_net src 10.0.0.0/255.255.255.0
acl good_service_net src 10.0.1.0/255.255.255.0
tcp_outgoing_tos 0x00 normal_service_net 0x00
tcp_outgoing_tos 0x20 good_service_net
TOS/DSCP values really only have local significance - so you should
know what you're specifying. For more, see RFC 2474
The TOS/DSCP byte must be exactly that - a byte, value 0 - 255.
Processing proceeds in the order specified, and stops at first fully
matching line.
TAG: tcp_outgoing_address
Allows you to map requests to different outgoing IP addresses based on
the username or sourceaddress of the user making the request.
tcp_outgoing_address ipaddr [[!]aclname] ...
Example where requests from 10.0.0.0/24 will be forwareded with source
address 10.1.0.1, 10.0.2.0/24 forwarded with source address 10.1.0.2 and
the rest will be forwarded with source address 10.1.0.3.
acl normal_service_net src 10.0.0.0/255.255.255.0
acl good_service_net src 10.0.1.0/255.255.255.0
tcp_outgoing_address 10.0.0.1 normal_service_net
tcp_outgoing_address 10.0.0.2 good_service_net
tcp_outgoing_address 10.0.0.3
Processing proceeds in the order specified, and stops at first fully
matching line.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:58 MST