Squid is a caching proxy that can reduce the bandwidth consumption by caching frequently requested static resources and delivers them to clients offline, saving precious bandwidth and enhances browsing experience.
It is preferably to configure Squid in transperent mode, in which you do configure your firewall "router" as well to intercept all outbound traffic to port 80, for example, and redirect it to Squid on port 3128, the default. At that point, Squid does some magic, pours and mixes chemicals to determine if the requested resource is already in the cache or not, and if it has a valid expiry date. Based on this decission, Squid retreives the requested resource and cache it, or, directly push the rewource from the cache.
The default squid.conf file will suffice for most cases. It is very very well documented and commented. However, there are two directives need to be revised:
http_port 127.0.0.1:3128 transparent
and
acl localnet src 10.10.10.0/24
The first one, http_port, defines the IP address that squid daemon will bind to and the port that is should listen on. The most important of all in the directive is the "transperent" part. If you skipped it, you will have "Invalid Request" errors orinted on the clients' browsers.
The second directive, acl, defines the local network ID. This directive is later interpreted by another directive, acl allow localnet.
Then you have the firewall part. In this document, we will be using PF on an OpenBSD 4.9 machine. The relevant config segements from pf.conf are:
match in on $int_if inet proto tcp from any to any port www rdr-to 127.0.0.1 port 3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
Reload your PF rules:
pfctl -f /etc/pf.conf
Initialize Squid cache:
squid -z
Confogure Squid to run at system boot:
vi /etc/rc.local and add:
if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'
/usr/local/sbin/squid
fi
Now, you can start Squid manually (instead of doing a system reboot) with:
squid
Squid will run in the background. Each subsequent system reboot, Squid will also run with no further interaction.
It is preferably to configure Squid in transperent mode, in which you do configure your firewall "router" as well to intercept all outbound traffic to port 80, for example, and redirect it to Squid on port 3128, the default. At that point, Squid does some magic, pours and mixes chemicals to determine if the requested resource is already in the cache or not, and if it has a valid expiry date. Based on this decission, Squid retreives the requested resource and cache it, or, directly push the rewource from the cache.
The default squid.conf file will suffice for most cases. It is very very well documented and commented. However, there are two directives need to be revised:
http_port 127.0.0.1:3128 transparent
and
acl localnet src 10.10.10.0/24
The first one, http_port, defines the IP address that squid daemon will bind to and the port that is should listen on. The most important of all in the directive is the "transperent" part. If you skipped it, you will have "Invalid Request" errors orinted on the clients' browsers.
The second directive, acl, defines the local network ID. This directive is later interpreted by another directive, acl allow localnet.
Then you have the firewall part. In this document, we will be using PF on an OpenBSD 4.9 machine. The relevant config segements from pf.conf are:
match in on $int_if inet proto tcp from any to any port www rdr-to 127.0.0.1 port 3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
Reload your PF rules:
pfctl -f /etc/pf.conf
Initialize Squid cache:
squid -z
Confogure Squid to run at system boot:
vi /etc/rc.local and add:
if [ -x /usr/local/sbin/squid ]; then
echo -n ' squid'
/usr/local/sbin/squid
fi
Now, you can start Squid manually (instead of doing a system reboot) with:
squid
Squid will run in the background. Each subsequent system reboot, Squid will also run with no further interaction.
