Simple Squid (Proxy server) Configuration

1. SETUP THE INITIAL NETWORK CONNECTIVITY ON CENTOS

After installing centos completely configured the network interfaces as follows,

1. Add a network interface to centos virtual machine as “Lan segment”(Centos lan)

2. And configure the ip address for that LAN segment

If this centos machine has only one NIC we have to create two vlans and trunk them. 

•            One to connect to the internet.
•            One to connect to the local area network interface which we created earlier

3. Using fedora(Another vm guest os) verify the network connectivity

4. Pinging to the LAN-segment that we created in order to verify the internet connectivity.

Now we are connected to the private network that we created using centos earlier. Note that in this scenario centos is act as a router. So we are going to convert this centos virtual machine to router, in order to do that we need to inform it to kernel and configure it. Using sysctl command,

Note that to use that command we will required root permission. Furthermore, this command enable ipv4 traffic forwarding (enable it in kernel level).

So now we are going to setup NAT on the machine, to do that we have to issue iptable command.

Using NAT,                  

The packet which is going through the centos router that we are talking about, it will change the private address of the packet in one side of a router to public address which is in the other side of the router.    

So we going to Setup NAT in the WAN side

After completing the NAT setup on our WAN interface,

Using iptable command we can have a look on the NAT table that we configured earlier.

The command is : iptables -L -t nat

And in here we used iptables -L command,

Here we can see under the INPUT and FORWARD heading all protocols is rejected. So in order to forward the network traffic our cent os router we need to remove those restrictions.

INPUT:

FORWARD :

Now we can see that our guest os(Fedora) in other side of the cent os router can connect  to a public network (through centos router) in the sense we can connect to the internet. Lets ping to the www.google.com

2. SETUP THE SQUID PROXY SERVER

Now we are able to connect the external network through our centos router, so now we need filter those request in proper way in order to provide better service to our network users. So to do that we are going to setup squid on our centos virtual machine. 

So to do that we need to install squid to our centos virtual machine. So using yum (application manager in centos) we can install squid on our centos router.

2.1 What is squid? :

Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin. Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP. Caching frequently requested Web pages, media files and other content accelerates response time and reduces bandwidth congestion.

[http://whatis.techtarget.com/definition/Squid-proxy-server]

After installing squid we can see there is folder call squid in our etc folder in centos virtual machine.

Now to check weather our Proxy is active and ruining or not we can configure our browser on other guest-os. It is important to configure the browser in that guest os to use the proxy that we configured. 

Now we have to do is setup the caching policies & configuration.

2.2 What is caching:

A cache is a temporary storage area. For example, the files you automatically request by looking at a Web page are stored on your hard disk in a cache subdirectory under the directory for your browser. When you return to a page you've recently looked at, the browser can get those files from the cache rather than the original server, saving you time and saving the network the burden of additional traffic.

[http://whatis.techtarget.com/definition/caching]

Before do the any further changes it is preferred to backup the squid.conf.

The backup will stored in squid.conf.bak.

2.3 Lets configure the squid for our given scenario. :

According to the scenario given we have to configure squid to cache first ten web pages. In order to that we need to find out the sizes for given pages. 

Using an online application we can calculate the sizes of the given web pages, In here using http://analyze.websiteoptimization.com/

Page sizes :

http://www.bmw.com/com/en/                                                          1851.324KB

http://www5.mercedes-benz.com/en/                                                4079.307KB

http://edition.cnn.com/                                                                       1417.141KB

http://www.bbc.com/?/                                                                       842.069KB

http://www.cnet.com/                                                                         2106.747KB

http://www.uq.edu.au/                                                                        3061.657KB

http://www.cnet.com/                                                                         1392.702KB

http://www.mit.edu/                                                                           1066.017KB

http://www.sony.com/                                                                        3039.698KB

http://www.samsung.com/in/                                                             1490.042KB

11th  Page size

http://www.toshiba.com/tai/                                                                976.545KB

In here we assume that page the maximum cache size is 20 MB. 

2.4 So to do the squid configuration part we can open squid.conf file using vim. : 

2.4 Lets look at the additional configurations.  :

 1.       visible_host_name NSD_HOST

This will use NSD_HOST as visible host name when it prompt the error messages and etc.

1. replacement_policy GDSF
This is specified the particular cache policy which is going to used by squid.
What is GDSF(Greedy-Dual Size Frequency),

“The latest web cache replacement policies incorporate the document size, frequency, and age in the decision process. Greedy-Dual-Size (GDS) policy is based on document size and has an elegant aging mechanism. Similarly, the Greedy-Dual-Frequency (GDF) policy takes into account file frequency and exploits the aging mechanism to deal with cache pollution. The efficiency of a cache replacement policy can be evaluated along two popular metrics: file hit ratio and byte hit ratio. Using four different web server logs, we show that GDS-like replacement policies emphasizing size yield the best file hit ratio but typically show poor byte hit ratio, while GDF-like replacement policies emphasizing frequency have better byte hit ratio but result in worse file hit ratio. We also propose a generalization of Greedy-Dual-Frequency-Size policy which allows to balance the emphasis on size vs.~frequency. We perform a sensitivity study to derive the impact of size and frequency on file and byte hit ratio, identifying parameters that aim at optimizing both metrics.”

[http://www.hpl.hp.com/personal/Lucy_Cherkasova/projects/gdfs.html]

2.       Cache_mem 32  MB

This one state that maximum amount of memory lets say RAM in simple word which is allowed to use when caching. It is reccomanded to put that value three time smaller than we are expecting because obviously it we will take more memory than it mentioned.

3.       Cache_mgr krishan@gmail.com

This specified the email address of cache administrator who is responsible for the given cache configuration. This person will notified by a email if squid sever encounter a problem.

4.       maximum_object_size 742 KB

    Sates that Set the default value for max-size parameter on any cache_dir.

5.      Cachemgr_passwdnsd123

We can put a password if willing to use cachemgr.cgi utility which will allowgettingoutput static in configured squid using a web interface.

2.4 Lets look at the cache_dir Command

1.       cache_dir aufs /var/spool/squid 100 16 256

Cache_dir commandstate that,

I. In which kind of storage system that we are going to store cache.

II. The path to cache folder (In here we did let default path to be).

III. Next parameter indicates the size of  the cache(we customized the parameter as instructed do caching only for given particular 10 pages).

IV. Flowing those two numbers stand for manipulate the sub directories that creating when caching.

2.       http_port 3128

It’s state that the particular port number which our proxy use.

3.      Offline_mode on

In here we are telling squid to do the validations on cache.

10.   In here the acl will permit trafficto 172.16.0.0/12 whichis our public network and also permit traffic to 192.168.0.0/16 which is LAN segment.

11. Visible_host_name NSD_HOST

This will use NSD_HOST as visible host name when it prompts the error messages and etc.