The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
squid - installation and configuration 16 July 2000
Need more help on this topic? Click here
This article has no comments
Show me similar articles
Paul Lord wrote in to provide this how-to for squid.  Again, he did this back in May, so it's my fault it's taken so long to get into print.  Thank you Paul.
The install
I wanted to install a proxy/cache product to help with the slow dialup connection and to BLOCK some web sites.

So I installed the Squid port (note this is an older version squid23 is the latest port).  See Installing a port without installing the ports or Installing all the ports for more information about installing a port.  But in short, you do this:

cd /usr/ports/www/squid21
make install
The cache
You need to build the Cache directory first.  The default is 100MB so if you don't have that much room, or want more, modify /usr/local/etc/squid/squid.conf appropriately

The the '-z' option is used to build the cache

# /usr/local/sbin/squid -z

I got this message back - Permission denied

09:09:29| Creating Swap Directories FATAL: Failed to make
swap directory /usr/local/squid/cache/00: (13) Permission denied Squid
Cache (Version 2.1.PATCH2):Terminated abnormally. CPU Usage: 0.022
seconds Maximum Resident Size: 1000 KB Page faults with physical
i/o: 0

After some search on the mailing list archives I found this solution:

> a. There is no space left on drive.
> b. You have no /usr/local/squid/logs/ directory created before. (squid does
> not create it itself. Create one manually)
> c. Your /usr/local/squid/logs/cache.log is owned by root. You should
> change it like this. "chown nobody.nogroup /usr/local/squid/logs/cache.log"
> Note that all of the files in ../log and ../cache directories must be owned
> like that too.

I then checked for the directories and they where there, but the owner was root. so:

# chown nobody.nogroup /usr/local/squid/logs mygateway
# chown nobody.nogroup /usr/local/squid/cache

So now I tried to build the cache again:

# /usr/local/sbin/squid -z
2000/05/09 09:14:32| Creating Swap Directories

This time it worked!

Start the squid in Debug/Test mode and try your WIN98 client Browser.  Be sure add the proxy name and port 3128 to the options/connection section [ed. note: I have remove the date from the following extract to ensure the lines fit without scrolling).
mygateway# /usr/local/sbin/squid -NCd1

09:30:54| Starting Squid Cache version 2.1.PATCH2 for i386--freebsd3.2...
09:30:54| Process ID 1026
09:30:54| With 1064 file descriptors available
09:30:54| Performing DNS Tests...
09:30:54| Successful DNS name lookup tests...
09:30:54| helperOpenServers: Starting 5 'dnsserver' processes
09:30:54| Unlinkd pipe opened on FD 13
09:30:54| Swap maxSize 102400 KB, estimated 7876 objects
09:30:54| Target number of buckets: 157
09:30:54| Using 8192 Store buckets, replacement runs every 10 seconds
09:30:54| Max Mem  size: 8192 KB
09:30:54| Max Swap size: 102400 KB
09:30:54| Rebuilding storage in Cache Dir #0 (DIRTY)
09:30:54| Loaded Icons.
09:30:54| Accepting HTTP connections on port 3128, FD 35.
09:30:54| Accepting ICP messages on port 3130, FD 36.
09:30:54| Ready to serve requests.
09:30:54| storeRebuildFromDirectory: DIR #0 done!
09:32:10| Finished rebuilding storage disk.
09:32:10|         0 Entries read from previous logfile.
09:32:10|         0 Entries scanned from swap files.
09:32:10|         0 Invalid entries.
09:32:10|         0 With invalid flags.
09:32:10|         0 Objects loaded.
09:32:10|         0 Objects expired.
09:32:10|         0 Objects cancelled.
09:32:10|         0 Duplicate URLs purged.
09:32:10|         0 Swapfile clashes avoided.
09:32:10|   Took 76 seconds (   0.0 objects/sec).
09:32:10| Beginning Validation Procedure
09:32:10| storeLateRelease: released 0 objects
09:32:11|   Completed Validation Procedure
09:32:11|   Validated 0 Entries
09:32:11|   store_swap_size = 21k
09:32:31| parseHttpRequest: Unsupported method 'PROPFIND'
09:32:31| clientReadRequest: FD 14 Invalid Request

(Type Control C - to exit the squid)

09:33:44| Preparing for shutdown after 8 requests
09:33:44| Waiting 0 seconds for active connections to finish
09:33:44| FD 35 Closing HTTP connection
09:33:45| Shutting down...
09:33:45| FD 36 Closing ICP connection
09:33:45| Closing unlinkd pipe on FD 13
09:33:45| storeDirWriteCleanLogs: Starting...
09:33:45|   Finished.  Wrote 0 entries.
09:33:45|   Took 0 seconds (   0.0 entries/sec).

I modifed /usr/local/etc/squid/squid.conf

I added these lines right above the http_access deny all

# Add this to the squid.conf (ACL section) 
acl ourhosts src
http_access allow ourhosts
http_access deny all

Then I start squid again and try the browser, it WORKED!

# /usr/local/sbin/squid -NCd1
Don't let them bypass the proxy
OK.  Now I am caching sites, but how do I block port 80 so they cannot by pass squid?  You could always add a few things to your firewall rules.  These are examples for ipfw and assume that ed0 is the network card to your your users:
ipfw add 220 deny tcp from any to any 80 via ed0
ipfw add 230 deny udp from any to any 80 via ed0

Need more help on this topic? Click here
This article has no comments
Show me similar articles