Slackware 12.2 - Squid 2.7 / WCCP ================================= Public domain ******************************************************************************** ### Downloading and Installing cd /usr/src wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE6.tar.gz tar zxf squid-2.7.STABLE6.tar.gz cd squid-2.7.STABLE6 ulimit -HSn 8192 ./configure \ --disable-internal-dns \ --enable-forward-log \ --enable-follow-x-forwarded-for \ --enable-snmp \ --enable-linux-netfilter \ --enable-http-violations \ --enable-delay-pools \ --enable-storeio=diskd,aufs,ufs,coss \ --with-coss-membuf-size=8388608 \ --with-large-files \ --enable-large-cache-files \ --with-maxfd=8192 \ --enable-async-io=64 \ --enable-removal-policies=lru,heap \ --enable-useragent-log \ --enable-referer-log \ --enable-err-languages=English \ --enable-default-err-language=English make && make install cp /usr/local/squid/etc/squid.conf{,.bak} egrep -v '^#|^ *$' /usr/local/squid/etc/squid.conf.bak > /usr/local/squid/etc/squid.conf ******************************************************************************** ### /usr/local/squid/etc/squid.conf acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 192.168.0.0/24 172.16.0.0/24 http_access allow our_networks http_access allow localhost http_access deny all icp_access deny all follow_x_forwarded_for allow localhost follow_x_forwarded_for deny all http_port 3128 transparent cache_mem 1536 MB maximum_object_size_in_memory 64 KB hierarchy_stoplist cgi-bin ? dll aspx cache_replacement_policy heap LFUDA cache_dir aufs /cache/1 4096 16 256 max-size=262144 cache_dir aufs /cache/2 8192 16 256 max-size=524288 cache_dir aufs /cache/3 16384 16 256 max-size=2097152 cache_dir aufs /cache/4 32767 16 256 maximum_object_size 104857 KB cache_swap_high 100 cache_swap_low 95 access_log /usr/local/squid/var/logs/access.log squid logfile_rotate 1 refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://download\.macromedia\.com/ 0 80% 20160 reload-into-ims refresh_pattern ftp://ftp\.nai\.com/ 0 80% 20160 reload-into-ims refresh_pattern http://ftp\.software\.ibm\.com/ 0 80% 20160 reload-into-ims refresh_pattern cgi-bin 1 20% 2 refresh_pattern \.asp$ 1 20% 2 refresh_pattern \.acgi$ 1 20% 2 refresh_pattern \.cgi$ 1 20% 2 refresh_pattern \.pl$ 1 20% 2 refresh_pattern \.shtml$ 1 20% 2 refresh_pattern \.php3$ 1 20% 2 refresh_pattern \? 1 20% 2 refresh_pattern \.gif$ 10080 90% 43200 reload-into-ims refresh_pattern \.jpg$ 10080 90% 43200 reload-into-ims refresh_pattern \.bom\.gov\.au 30 20% 120 reload-into-ims refresh_pattern \.html$ 480 50% 22160 reload-into-ims refresh_pattern \.htm$ 480 50% 22160 reload-into-ims refresh_pattern \.class$ 10080 90% 43200 reload-into-ims refresh_pattern \.zip$ 10080 90% 43200 reload-into-ims refresh_pattern \.jpeg$ 10080 90% 43200 reload-into-ims refresh_pattern \.mid$ 10080 90% 43200 reload-into-ims refresh_pattern \.shtml$ 480 50% 22160 reload-into-ims refresh_pattern \.exe$ 10080 90% 43200 reload-into-ims refresh_pattern \.thm$ 10080 90% 43200 reload-into-ims refresh_pattern \.wav$ 10080 90% 43200 reload-into-ims refresh_pattern \.txt$ 10080 90% 43200 reload-into-ims refresh_pattern \.cab$ 10080 90% 43200 reload-into-ims refresh_pattern \.au$ 10080 90% 43200 reload-into-ims refresh_pattern \.mov$ 10080 90% 43200 reload-into-ims refresh_pattern \.xbm$ 10080 90% 43200 reload-into-ims refresh_pattern \.ram$ 10080 90% 43200 reload-into-ims refresh_pattern \.avi$ 10080 90% 43200 reload-into-ims refresh_pattern \.chtml$ 480 50% 22160 reload-into-ims refresh_pattern \.thb$ 10080 90% 43200 reload-into-ims refresh_pattern \.dcr$ 10080 90% 43200 reload-into-ims refresh_pattern \.bmp$ 10080 90% 43200 reload-into-ims refresh_pattern \.phtml$ 480 50% 22160 reload-into-ims refresh_pattern \.mpg$ 10080 90% 43200 reload-into-ims refresh_pattern \.pdf$ 10080 90% 43200 reload-into-ims refresh_pattern \.art$ 10080 90% 43200 reload-into-ims refresh_pattern \.swf$ 10080 90% 43200 reload-into-ims refresh_pattern \.mp3$ 10080 90% 43200 reload-into-ims refresh_pattern \.ra$ 10080 90% 43200 reload-into-ims refresh_pattern \.spl$ 10080 90% 43200 reload-into-ims refresh_pattern \.viv$ 10080 90% 43200 reload-into-ims refresh_pattern \.doc$ 10080 90% 43200 reload-into-ims refresh_pattern \.gz$ 10080 90% 43200 reload-into-ims refresh_pattern \.Z$ 10080 90% 43200 reload-into-ims refresh_pattern \.tgz$ 10080 90% 43200 reload-into-ims refresh_pattern \.tar$ 10080 90% 43200 reload-into-ims refresh_pattern \.vrm$ 10080 90% 43200 reload-into-ims refresh_pattern \.vrml$ 10080 90% 43200 reload-into-ims refresh_pattern \.aif$ 10080 90% 43200 reload-into-ims refresh_pattern \.aifc$ 10080 90% 43200 reload-into-ims refresh_pattern \.aiff$ 10080 90% 43200 reload-into-ims refresh_pattern \.arj$ 10080 90% 43200 reload-into-ims refresh_pattern \.c$ 10080 90% 43200 reload-into-ims refresh_pattern \.cpt$ 10080 90% 43200 reload-into-ims refresh_pattern \.dir$ 10080 90% 43200 reload-into-ims refresh_pattern \.dxr$ 10080 90% 43200 reload-into-ims refresh_pattern \.hqx$ 10080 90% 43200 reload-into-ims refresh_pattern \.jpe$ 10080 90% 43200 reload-into-ims refresh_pattern \.lha$ 10080 90% 43200 reload-into-ims refresh_pattern \.lzh$ 10080 90% 43200 reload-into-ims refresh_pattern \.midi$ 10080 90% 43200 reload-into-ims refresh_pattern \.movie$ 10080 90% 43200 reload-into-ims refresh_pattern \.mp2$ 10080 90% 43200 reload-into-ims refresh_pattern \.mpe$ 10080 90% 43200 reload-into-ims refresh_pattern \.mpeg$ 10080 90% 43200 reload-into-ims refresh_pattern \.mpga$ 10080 90% 43200 reload-into-ims refresh_pattern \.pl$ 10080 90% 43200 reload-into-ims refresh_pattern \.ppt$ 10080 90% 43200 reload-into-ims refresh_pattern \.ps$ 10080 90% 43200 reload-into-ims refresh_pattern \.qt$ 10080 90% 43200 reload-into-ims refresh_pattern \.qtm$ 10080 90% 43200 reload-into-ims refresh_pattern \.ras$ 10080 90% 43200 reload-into-ims refresh_pattern \.sea$ 10080 90% 43200 reload-into-ims refresh_pattern \.sit$ 10080 90% 43200 reload-into-ims refresh_pattern \.tif$ 10080 90% 43200 reload-into-ims refresh_pattern \.tiff$ 10080 90% 43200 reload-into-ims refresh_pattern \.snd$ 10080 90% 43200 reload-into-ims refresh_pattern \.wrl$ 10080 90% 43200 reload-into-ims refresh_pattern ^ftp: 1440 60% 22160 refresh_pattern ^gopher: 1440 20% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 480 50% 22160 reload-into-ims acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast quick_abort_min 32 KB quick_abort_max 32 KB quick_abort_pct 95 dns_children 10 negative_ttl 3 minutes positive_dns_ttl 15 hours acl apache rep_header Server ^Apache broken_vary_encoding allow apache cache_mgr Pejman_Moghadam@yahoo.com visible_hostname CacheServer httpd_accel_no_pmtu_disc on acl solar_ip src 172.16.0.4 acl snmppublic snmp_community casy snmp_access allow snmppublic solar_ip snmp_access deny all coredump_dir /usr/local/squid/var/cache pipeline_prefetch on wccp2_router 192.168.0.4 wccp_version 4 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 ******************************************************************************** ### /etc/rc.d/rc.squid #!/bin/sh # # /etc/rc.d/rc.squid # # Start/stop/restart the Squid web caching server. # # To make Squid start automatically at boot, make this # file executable: chmod 755 /etc/rc.d/rc.squid # start() { echo -n 'Starting Squid . . . ' PROCESS=$(ps -A | egrep ' squid$') if [ "$PROCESS" == "" ]; then if [ -f /usr/local/squid/var/logs/squid.pid ] ; then rm /usr/local/squid/var/logs/squid.pid fi fi echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range ulimit -HSn 8192 /usr/local/squid/sbin/squid -D echo "Ok" } stop() { echo 'Stoping Squid' /usr/local/squid/sbin/squid -k shutdown time=0 while [ $time != "300" ] ; do time=`expr $time + 1` echo -n $time if [ ! -f /usr/local/squid/var/logs/squid.pid ] ; then break else echo -n "." fi sleep 1 done echo ". .Ok" } reload() { echo 'Reloading Squid' /usr/local/squid/sbin/squid -k reconfigure echo "Ok" } case "$1" in 'start') start ;; 'stop') stop ;; 'restart') stop start ;; 'rotate') echo -n 'Rotating Squid log files . . . ' /usr/local/squid/sbin/squid -k rotate echo "Ok" ;; 'reload') reload ;; *) echo "usage $0 start|stop|restart|reload|rotate" ;; esac exit 0 ******************************************************************************** ### /etc/rc.d/rc.local # Load NAT and GRE Modules for MOD in $(/usr/bin/find /lib/modules/$(uname -r)/kernel/net -name "*nat*"); do /sbin/modprobe $(/usr/bin/basename $MOD .ko) done for MOD in $(/usr/bin/find /lib/modules/$(uname -r)/kernel/net -name "*_gre.ko"); do /sbin/modprobe $(/usr/bin/basename $MOD .ko) done # Make GRE Tunnel between cache and router ROUTER=192.168.0.129 CACHE=192.168.0.131 ip link set eth0 mtu 1476 ip tunnel add wccp0 mode gre remote $ROUTER local $CACHE dev eth0 ip addr add $CACHE dev wccp0 ip link set wccp0 up iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 # Start Squid Cache Server; if [ -x /etc/rc.d/rc.squid ]; then /etc/rc.d/rc.squid start fi ******************************************************************************** ### /etc/rc.d/rc.local_shutdown # take down tunnel /usr/sbin/ip link set wccp0 /usr/sbin/ip tunnel del wccp0 # Stop Squid Cache Server: if [ -x /etc/rc.d/rc.squid ]; then /etc/rc.d/rc.squid stop fi ******************************************************************************** ### /etc/logrotate.d/squid /usr/local/squid/var/logs/access.log { daily rotate 10 start 1 copytruncate compress compresscmd /usr/bin/bzip2 compressext .bz2 compressoptions -sq9 dateext notifempty missingok } /usr/local/squid/var/logs/cache.log { daily rotate 10 start 1 copytruncate compress compresscmd /usr/bin/bzip2 compressext .bz2 compressoptions -sq9 dateext notifempty missingok } /usr/local/squid/var/logs/store.log { daily rotate 10 start 1 copytruncate compress compresscmd /usr/bin/bzip2 compressext .bz2 compressoptions -sq9 dateext notifempty missingok postrotate /usr/local/squid/sbin/squid -k rotate endscript } ******************************************************************************** ### First time lunching mkdir /usr/local/squid/var/cache mkdir -p /cache/{1,2,3,4} chown -R nobody:nobody /cache chown -R nobody:nobody /usr/local/squid/var/logs chmod +x /etc/rc.d/rc.local_shutdown chmod +x /etc/rc.d/rc.squid /usr/local/squid/sbin/squid -z /etc/rc.d/rc.squid start ******************************************************************************** ### Cisco Router Building configuration... Current configuration : 1620 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Aliabad-GW ! aaa new-model aaa authentication login default local enable secret 5 ****************************** ! username admin password 7 ******************** ip subnet-zero ip wccp web-cache ip cef ! ! no ip domain-lookup ip name-server 192.9.9.3 ! ! ! ! interface FastEthernet0/0 ip address 192.168.0.4 255.255.255.0 ip wccp web-cache redirect in ip nat inside duplex auto speed auto ! interface Serial0/0 ip unnumbered FastEthernet0/0 ip nat outside ! ip nat translation tcp-timeout 200 ip nat translation udp-timeout 180 ip nat translation syn-timeout 180 ip nat pool par 192.168.0.184 192.168.0.191 prefix-length 29 ip nat inside source list 10 pool par overload ip nat inside source static tcp 172.16.0.27 80 1.2.3.4 80 extendable ip nat inside source static tcp 192.168.13.2 22 10.20.30.40 22 extendable ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 ip route 172.16.0.0 255.255.240.0 192.168.13.2 ip route 192.168.14.0 255.255.255.248 192.168.13.2 no ip http server ip pim bidir-enable ! access-list 4 permit 172.16.0.4 access-list 10 permit 172.16.0.3 access-list 10 permit 172.16.8.0 0.0.0.255 access-list 10 permit 172.16.9.0 0.0.0.255 access-list 10 permit 172.16.10.0 0.0.0.255 access-list 10 permit 192.168.13.0 0.0.0.7 access-list 20 deny 192.168.0.4 access-list 20 permit any snmp-server community ********* RO 4 ! line con 0 line aux 0 line vty 0 4 ! end ******************************************************************************** _BY: Pejman Moghadam_ _TAG: squid, wccp, cisco2610_ _DATE: 2009-05-06 17:34:32_