Skip to main content

Simple Squid (Proxy server) Configuration


1. SETUP THE INITIAL NETWORK CONNECTIVITY ON CENTOS

After installing centos completely configured the network interfaces as follows,

1. Add a network interface to centos virtual machine as “Lan segment”(Centos lan)



2. And configure the ip address for that LAN segment


If this centos machine has only one NIC we have to create two vlans and trunk them. 
  •            One to connect to the internet.
  •            One to connect to the local area network interface which we created earlier
3. Using fedora(Another vm guest os) verify the network connectivity


4. Pinging to the LAN-segment that we created in order to verify the internet connectivity.


Now we are connected to the private network that we created using centos earlier. Note that in this scenario centos is act as a router. So we are going to convert this centos virtual machine to router, in order to do that we need to inform it to kernel and configure it. Using sysctl command,


Note that to use that command we will required root permission. Furthermore, this command enable ipv4 traffic forwarding (enable it in kernel level).
So now we are going to setup NAT on the machine, to do that we have to issue iptable command.
Using NAT,                  
The packet which is going through the centos router that we are talking about, it will change the private address of the packet in one side of a router to public address which is in the other side of the router.    

So we going to Setup NAT in the WAN side


After completing the NAT setup on our WAN interface,
Using iptable command we can have a look on the NAT table that we configured earlier.
The command is : iptables -L -t nat
And in here we used iptables -L command,


Here we can see under the INPUT and FORWARD heading all protocols is rejected. So in order to forward the network traffic our cent os router we need to remove those restrictions.

INPUT:

FORWARD :


Now we can see that our guest os(Fedora) in other side of the cent os router can connect  to a public network (through centos router) in the sense we can connect to the internet. Lets ping to the www.google.com


2. SETUP THE SQUID PROXY SERVER



Now we are able to connect the external network through our centos router, so now we need filter those request in proper way in order to provide better service to our network users. So to do that we are going to setup squid on our centos virtual machine. 




So to do that we need to install squid to our centos virtual machine. So using yum (application manager in centos) we can install squid on our centos router.



2.1 What is squid? :


Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin. Squid supports caching of many different kinds of Web objects, including those accessed through HTTP and FTP. Caching frequently requested Web pages, media files and other content accelerates response time and reduces bandwidth congestion.
[http://whatis.techtarget.com/definition/Squid-proxy-server]




After installing squid we can see there is folder call squid in our etc folder in centos virtual machine.



Now to check weather our Proxy is active and ruining or not we can configure our browser on other guest-os. It is important to configure the browser in that guest os to use the proxy that we configured. 


Now we have to do is setup the caching policies & configuration.

2.2 What is caching:



A cache is a temporary storage area. For example, the files you automatically request by looking at a Web page are stored on your hard disk in a cache subdirectory under the directory for your browser. When you return to a page you've recently looked at, the browser can get those files from the cache rather than the original server, saving you time and saving the network the burden of additional traffic.

[http://whatis.techtarget.com/definition/caching]


Before do the any further changes it is preferred to backup the squid.conf.






The backup will stored in squid.conf.bak.

2.3 Lets configure the squid for our given scenario. :


According to the scenario given we have to configure squid to cache first ten web pages. In order to that we need to find out the sizes for given pages. 

Using an online application we can calculate the sizes of the given web pages, In here using http://analyze.websiteoptimization.com/





Page sizes :
http://www.bmw.com/com/en/                                                          1851.324KB
http://www5.mercedes-benz.com/en/                                                4079.307KB
http://edition.cnn.com/                                                                       1417.141KB
http://www.bbc.com/?/                                                                       842.069KB
http://www.cnet.com/                                                                         2106.747KB
http://www.uq.edu.au/                                                                        3061.657KB
http://www.cnet.com/                                                                         1392.702KB
http://www.mit.edu/                                                                           1066.017KB
http://www.sony.com/                                                                        3039.698KB
http://www.samsung.com/in/                                                             1490.042KB
11th  Page size
http://www.toshiba.com/tai/                                                                976.545KB
In here we assume that page the maximum cache size is 20 MB. 

2.4 So to do the squid configuration part we can open squid.conf file using vim. 



2.4 Lets look at the additional configurations.  :

 1.       visible_host_name NSD_HOST

This will use NSD_HOST as visible host name when it prompt the error messages and etc.



1. replacement_policy GDSF
This is specified the particular cache policy which is going to used by squid.
What is GDSF(Greedy-Dual Size Frequency),

“The latest web cache replacement policies incorporate the document size, frequency, and age in the decision process. Greedy-Dual-Size (GDS) policy is based on document size and has an elegant aging mechanism. Similarly, the Greedy-Dual-Frequency (GDF) policy takes into account file frequency and exploits the aging mechanism to deal with cache pollution. The efficiency of a cache replacement policy can be evaluated along two popular metrics: file hit ratio and byte hit ratio. Using four different web server logs, we show that GDS-like replacement policies emphasizing size yield the best file hit ratio but typically show poor byte hit ratio, while GDF-like replacement policies emphasizing frequency have better byte hit ratio but result in worse file hit ratio. We also propose a generalization of Greedy-Dual-Frequency-Size policy which allows to balance the emphasis on size vs.~frequency. We perform a sensitivity study to derive the impact of size and frequency on file and byte hit ratio, identifying parameters that aim at optimizing both metrics.”




2.       Cache_mem 32  MB

This one state that maximum amount of memory lets say RAM in simple word which is allowed to use when caching. It is reccomanded to put that value three time smaller than we are expecting because obviously it we will take more memory than it mentioned.

3.       Cache_mgr krishan@gmail.com

This specified the email address of cache administrator who is responsible for the given cache configuration. This person will notified by a email if squid sever encounter a problem.



4.       maximum_object_size 742 KB

    Sates that Set the default value for max-size parameter on any cache_dir.

5.      Cachemgr_passwdnsd123
We can put a password if willing to use cachemgr.cgi utility which will allowgettingoutput static in configured squid using a web interface.


2.4 Lets look at the cache_dir Command



1.       cache_dir aufs /var/spool/squid 100 16 256
Cache_dir commandstate that,
I. In which kind of storage system that we are going to store cache.
II. The path to cache folder (In here we did let default path to be).
III. Next parameter indicates the size of  the cache(we customized the parameter as instructed do caching only for given particular 10 pages).
IV. Flowing those two numbers stand for manipulate the sub directories that creating when caching.

2.       http_port 3128

It’s state that the particular port number which our proxy use.


3.      Offline_mode on
In here we are telling squid to do the validations on cache.






10.   In here the acl will permit trafficto 172.16.0.0/12 whichis our public network and also permit traffic to 192.168.0.0/16 which is LAN segment.



11. Visible_host_name NSD_HOST
This will use NSD_HOST as visible host name when it prompts the error messages and etc.




Labels:

Comments

  1. cynthiawilliamsJuly 17, 2018 at 2:52 AM

    Thanks for taking time to share this content with screeshot. It is really helpful.
    Cloud computing Training in Chennai | Best institute for Cloud computing in Chennai

    ReplyDelete
  2. Vicky RamJanuary 31, 2019 at 11:28 PM

    Nice post. I learned some new information. Thanks for sharing.

    atstartups
    Education

    ReplyDelete
  3. sathyarameshApril 8, 2019 at 10:40 PM

    This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.
    Digital Marketing Course in Chennai
    Digital Marketing Training in Chennai
    Java Training in Chennai
    Web Designing Course in chennai
    PHP Training in Chennai
    Hadoop Training in Chennai
    Digital Marketing Training in Tnagar

    ReplyDelete
  4. AnonymousApril 20, 2022 at 4:53 AM

    Simple Squid (Proxy Server) Configuration >>>>> Download Now

    >>>>> Download Full

    Simple Squid (Proxy Server) Configuration >>>>> Download LINK

    >>>>> Download Now

    Simple Squid (Proxy Server) Configuration >>>>> Download Full

    >>>>> Download LINK rn

    ReplyDelete
  5. AnonymousApril 20, 2022 at 4:54 AM

    Simple Squid (Proxy Server) Configuration >>>>> Download Now

    >>>>> Download Full

    Simple Squid (Proxy Server) Configuration >>>>> Download LINK

    >>>>> Download Now

    Simple Squid (Proxy Server) Configuration >>>>> Download Full

    >>>>> Download LINK wn

    ReplyDelete

Post a Comment

Popular posts from this blog

Asterisk on Docker

This Document covers asterisk basic installation on docker. Since till now there is no official asterisk image on Docker hub we will use Debian core to install the asterisk. Prerequisites Linux host to install docker, Internet connectivity and docker account to download docker images. 1. Installing Docker (Ensure your Internet connectivity) Centos 7           #wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm           #rpm -ivh epel-release-latest-7.noarch.rpm           #yum install docker  Install Docker on RHEL and CentOS 6          # yum install epel-release          # yum install docker-io 2. Start Docker Centos 7          # systemctl start docker          # systemctl status docker          # systemctl enable docker  On RHEL/CentOS 6          # service docker start          # service docker status          # chkconfig docker on Our Asterisk PBX will reside on Debain, So first we must set our Debian container
3 comments
Read more

HAProxy

HAProxy implementation Case Study This tutorial covers HAProxy Deployment on Firewall and SELinux enabled Centos7 systems. First of all lets get an overall idea about my situation.  I've bought a domain call mycompany.com so all of my  hosted sites should be followed by this main domain. As an example, if someone look for london.mycompany.com he should reach to London server, if someone look for chicago.mycompany.com he should reach to Chicago server So, I've created a Cloudflare account and point mycompany.com to our public IP address and created two                 CNAME entries from Cloudflare by adding London and Chicago. From the Cloudflare all the request to mycompany.com will forward to our public address and HAProxy may read those requests and Process them and forward them accordingly between two IIS servers. Note that all HTTPs connection should terminated at HAProxy.   Please see my post   HTTP
1 comment
Read more

Asterisk Gateway Interface - Perl

Asterisk Gateway Interface 1. What is Asterisk Gateway Interface?  In simple word AGI is Language Independent API to programmers to control the call flow on their Asterisk PBXs. Asterisk provides more than its own dial-plan, to control to the call flow or lets say call logics. So which means you may use either one of Dialplan Asterisk Manager Interface (AMI) Asterisk Gateway Interface (AGI) to manipulate your call logics. Before we move on to AGI lets briefly discuss about each one of above, Dialplan Dial plan is Asterisk native call logics performer, it's fast, easy to learn and efficient. But this configuration script is more closer to assembly program (If you have any previous experience on assembly), the main drawback of the Asterisk Dialplan in it's lack of support on standard procedural  language as an example when you want create a loop.  Any way in the following tutorials we will only discuss about the AGI, But we can't avoi
1 comment
Read more

FreePBX-Installation

FreePBX-Installation 1. Pre-installation In order to setup call center server first we have to confirm that our system is full filled the minimum requirements. This asterisk deployment is based on RedHat distribution aka CentOS.  To full-fill the above requirement we are going to setup asterisk 11 on CentOS 6.5 (x64). 1.2 CentOS 6.5x64 installation  It is recommended to install CentOS 6.5x64 minimum version and manually install all the other package as our requirement.  At the beginning it recommended to configure the logical disk drives aka Raid.  Note that some of the server-rigs will not compatible to centos 6.5x64, most of the time it’s because the particular server’s Raid drivers might not be found in centos 6.5x64 disk. In such scenario please follow the below instruction. First we have to download the Raid driver from relevant vendor. (If it’s HP you will find somewhat like this hpvsa-X.X.X-X.rhel6u.5x86_64.dd). Note that if the dr
Post a Comment
Read more

Discussion : SIP vs BRI/PRI

SIP SIP standards for Session Initiation Protocol and It's Purely IP based.  BRI/PRI PRI stands for Primary Rate Interface and It contains One 64Kbps T1 or E1 Chanel for Signaling AKA Channel D and 23 T1 or 30 E1 Channels as Bearing Chanel aka Channel B.\ BRI standards for Basic Rate Interface and Contain Two Barer channel and One Signaling Chnnel AKA 2B+D. Further Both Both PRI and BRI are ISDN services and also data rate of PRI is 2.048Mbps while 128-144Kbps. ISDN : Integrated Service Digital Network / It's Some Dumb Network SIP vs BRI/PRI SIP does Best effort Delivery as same as IP traffic do, while BRI/PRI Provide QoS. If someone requires to attain QoS through SIP something like MPLS will do with a considerable amount cost. SIP is more flexible than BRI/PRI because it can be accommodated by company existing data network while BRI/PRI reuires to have a dedicated link for it self.
1 comment
Read more

RHEL Recover your root Password

Root Password recovery In this tutorial I will demonstrate you how to recover you lost password. This tutorial is for RHEL 7 Password recovery. Before we go further I would like to brief Linux boot process, When pushed power button your PC/Server it will powered on and the system firmware will runs POST (Power On Self Test) which will check and initiate attached hardware. You can do modifications to these process by BIOS/UFFI configuration After POST, system firmware will look for bootable device in other words it look for Master Boor Record (MBR) Then the System will reads the boot loader from the disk and let boot loader to take control of the system Now the boot loader loads its configuration from disk, at that point you may display the boot options Depends on your selection boot loader will load the kernel and initramfs from disk to you memory(RAM). Initramfs  is some gziped archive contains kernel modules for hardware all hardware which requ
Post a Comment
Read more

Perl - Database Transactions

Database Transactions with Perl To understand what is a database transaction lets look at a simple bank withdrawal and deposit scenario. Assume that you have two bank accounts call A and B, and you need withdraw some amount from account A and Deposit it on account B. In this scenario what happen if you couldn't withdraw money from your account A, the deposit part won't carry out. Again if you couldn't deposit the money to your account B you have to deposit them back on account A (Which means a roll back). So in the  context of Database, Transaction is refer to  a sequence of jobs which is supposed to run as a whole. So in other words, it should happen as whole or not. So as in our following example, we have 3 Database queries which should perform as a whole. Further assume that our first Database query is supposed to perform a insert if successful, second query  should update a table if successful, third query  should delete an entry from a table.  So i
Post a Comment
Read more

Share-A-Directory-between-two-server-NFS

Share-A-Directory-between-two-server-NFS Please grant the relevant permission on the shell scripts ./client_Export.sh Takes three argument as follows 1. server ip address to be exported 2. client directory which should be exported to the particular server 3. options aka permission for the expoted folder rw: This option allows the client server to both read and write within the shared directory sync: Sync confirms requests to the shared directory only once the changes have been committed. no_subtree_check: This option prevents the subtree checking. When a shared directory is the subdirectory of a larger filesystem, nfs performs scans of every directory above it, in order to verify its permissions and details. Disabling the subtree check may increase the reliability of NFS, but reduce security. no_root_squash: This phrase allows root to connect to the designated directory E
Post a Comment
Read more