Pejman Moghadam / Slackware

Slackware 12.2 - Squid 2.7 / WCCP

Public domain

---

Downloading and Installing

cd /usr/src
wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE6.tar.gz
tar zxf squid-2.7.STABLE6.tar.gz
cd squid-2.7.STABLE6
ulimit -HSn 8192
./configure \
    --disable-internal-dns \
    --enable-forward-log \
    --enable-follow-x-forwarded-for \
    --enable-snmp \
    --enable-linux-netfilter \
    --enable-http-violations \
    --enable-delay-pools \
    --enable-storeio=diskd,aufs,ufs,coss \
    --with-coss-membuf-size=8388608 \
    --with-large-files \
    --enable-large-cache-files \
    --with-maxfd=8192 \
    --enable-async-io=64 \
    --enable-removal-policies=lru,heap \
    --enable-useragent-log \
    --enable-referer-log \
    --enable-err-languages=English \
    --enable-default-err-language=English
make && make install
cp /usr/local/squid/etc/squid.conf{,.bak}
egrep -v '^#|^ *$' /usr/local/squid/etc/squid.conf.bak > /usr/local/squid/etc/squid.conf

---

/usr/local/squid/etc/squid.conf

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.0.0/24 172.16.0.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
icp_access deny all
follow_x_forwarded_for allow localhost
follow_x_forwarded_for deny all
http_port 3128 transparent
cache_mem 1536 MB
maximum_object_size_in_memory 64 KB
hierarchy_stoplist cgi-bin ? dll aspx
cache_replacement_policy heap LFUDA
cache_dir aufs /cache/1 4096  16 256 max-size=262144
cache_dir aufs /cache/2 8192  16 256 max-size=524288
cache_dir aufs /cache/3 16384 16 256 max-size=2097152
cache_dir aufs /cache/4 32767 16 256
maximum_object_size 104857 KB
cache_swap_high 100
cache_swap_low 95
access_log /usr/local/squid/var/logs/access.log squid
logfile_rotate 1
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://download\.macromedia\.com/ 0 80% 20160 reload-into-ims
refresh_pattern ftp://ftp\.nai\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://ftp\.software\.ibm\.com/ 0 80% 20160 reload-into-ims
refresh_pattern         cgi-bin         1 20% 2
refresh_pattern         \.asp$          1 20% 2
refresh_pattern         \.acgi$         1 20% 2
refresh_pattern         \.cgi$          1 20% 2
refresh_pattern         \.pl$           1 20% 2
refresh_pattern         \.shtml$        1 20% 2
refresh_pattern         \.php3$         1 20% 2
refresh_pattern         \?              1 20% 2
refresh_pattern         \.gif$          10080   90%     43200 reload-into-ims
refresh_pattern         \.jpg$          10080   90%     43200 reload-into-ims
refresh_pattern         \.bom\.gov\.au     30   20%       120 reload-into-ims
refresh_pattern         \.html$           480   50%     22160 reload-into-ims
refresh_pattern         \.htm$            480   50%     22160 reload-into-ims
refresh_pattern         \.class$        10080   90%     43200 reload-into-ims
refresh_pattern         \.zip$          10080   90%     43200 reload-into-ims
refresh_pattern         \.jpeg$         10080   90%     43200 reload-into-ims
refresh_pattern         \.mid$          10080   90%     43200 reload-into-ims
refresh_pattern         \.shtml$          480   50%     22160 reload-into-ims
refresh_pattern         \.exe$          10080   90%     43200 reload-into-ims
refresh_pattern         \.thm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.wav$          10080   90%     43200 reload-into-ims
refresh_pattern         \.txt$          10080   90%     43200 reload-into-ims
refresh_pattern         \.cab$          10080   90%     43200 reload-into-ims
refresh_pattern         \.au$           10080   90%     43200 reload-into-ims
refresh_pattern         \.mov$          10080   90%     43200 reload-into-ims
refresh_pattern         \.xbm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ram$          10080   90%     43200 reload-into-ims
refresh_pattern         \.avi$          10080   90%     43200 reload-into-ims
refresh_pattern         \.chtml$          480   50%     22160 reload-into-ims
refresh_pattern         \.thb$          10080   90%     43200 reload-into-ims
refresh_pattern         \.dcr$          10080   90%     43200 reload-into-ims
refresh_pattern         \.bmp$          10080   90%     43200 reload-into-ims
refresh_pattern         \.phtml$          480   50%     22160 reload-into-ims
refresh_pattern         \.mpg$          10080   90%     43200 reload-into-ims
refresh_pattern         \.pdf$          10080   90%     43200 reload-into-ims
refresh_pattern         \.art$          10080   90%     43200 reload-into-ims
refresh_pattern         \.swf$          10080   90%     43200 reload-into-ims
refresh_pattern         \.mp3$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ra$           10080   90%     43200 reload-into-ims
refresh_pattern         \.spl$          10080   90%     43200 reload-into-ims
refresh_pattern         \.viv$          10080   90%     43200 reload-into-ims
refresh_pattern         \.doc$          10080   90%     43200 reload-into-ims
refresh_pattern         \.gz$           10080   90%     43200 reload-into-ims
refresh_pattern         \.Z$            10080   90%     43200 reload-into-ims
refresh_pattern         \.tgz$          10080   90%     43200 reload-into-ims
refresh_pattern         \.tar$          10080   90%     43200 reload-into-ims
refresh_pattern         \.vrm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.vrml$         10080   90%     43200 reload-into-ims
refresh_pattern         \.aif$          10080   90%     43200 reload-into-ims
refresh_pattern         \.aifc$         10080   90%     43200 reload-into-ims
refresh_pattern         \.aiff$         10080   90%     43200 reload-into-ims
refresh_pattern         \.arj$          10080   90%     43200 reload-into-ims
refresh_pattern         \.c$            10080   90%     43200 reload-into-ims
refresh_pattern         \.cpt$          10080   90%     43200 reload-into-ims
refresh_pattern         \.dir$          10080   90%     43200 reload-into-ims
refresh_pattern         \.dxr$          10080   90%     43200 reload-into-ims
refresh_pattern         \.hqx$          10080   90%     43200 reload-into-ims
refresh_pattern         \.jpe$          10080   90%     43200 reload-into-ims
refresh_pattern         \.lha$          10080   90%     43200 reload-into-ims
refresh_pattern         \.lzh$          10080   90%     43200 reload-into-ims
refresh_pattern         \.midi$         10080   90%     43200 reload-into-ims
refresh_pattern         \.movie$        10080   90%     43200 reload-into-ims
refresh_pattern         \.mp2$          10080   90%     43200 reload-into-ims
refresh_pattern         \.mpe$          10080   90%     43200 reload-into-ims
refresh_pattern         \.mpeg$         10080   90%     43200 reload-into-ims
refresh_pattern         \.mpga$         10080   90%     43200 reload-into-ims
refresh_pattern         \.pl$           10080   90%     43200 reload-into-ims
refresh_pattern         \.ppt$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ps$           10080   90%     43200 reload-into-ims
refresh_pattern         \.qt$           10080   90%     43200 reload-into-ims
refresh_pattern         \.qtm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ras$          10080   90%     43200 reload-into-ims
refresh_pattern         \.sea$          10080   90%     43200 reload-into-ims
refresh_pattern         \.sit$          10080   90%     43200 reload-into-ims
refresh_pattern         \.tif$          10080   90%     43200 reload-into-ims
refresh_pattern         \.tiff$         10080   90%     43200 reload-into-ims
refresh_pattern         \.snd$          10080   90%     43200 reload-into-ims
refresh_pattern         \.wrl$          10080   90%     43200 reload-into-ims
refresh_pattern         ^ftp:           1440   60%      22160
refresh_pattern         ^gopher:        1440   20%      1440
refresh_pattern         -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern         .               480     50%     22160 reload-into-ims
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
quick_abort_min 32 KB
quick_abort_max 32 KB
quick_abort_pct 95
dns_children 10
negative_ttl 3 minutes
positive_dns_ttl 15 hours
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mgr Pejman_Moghadam@yahoo.com
visible_hostname CacheServer
httpd_accel_no_pmtu_disc on
acl solar_ip src 172.16.0.4
acl snmppublic snmp_community casy
snmp_access allow snmppublic solar_ip
snmp_access deny all
coredump_dir /usr/local/squid/var/cache
pipeline_prefetch on
wccp2_router 192.168.0.4
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0

---

/etc/rc.d/rc.squid

#!/bin/sh
#
# /etc/rc.d/rc.squid
#
# Start/stop/restart the Squid web caching server.
#
# To make Squid start automatically at boot, make this
# file executable: chmod 755 /etc/rc.d/rc.squid
#

start()
{
  echo -n 'Starting Squid . . . '

  PROCESS=$(ps -A | egrep ' squid$')
  if [ "$PROCESS" == "" ]; then
    if [ -f /usr/local/squid/var/logs/squid.pid ] ; then
      rm /usr/local/squid/var/logs/squid.pid
    fi
  fi
  echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
  ulimit -HSn 8192
  /usr/local/squid/sbin/squid -D

  echo "Ok"
}

stop()
{
  echo 'Stoping Squid'

  /usr/local/squid/sbin/squid -k shutdown
  time=0
  while [ $time != "300" ] ; do
    time=`expr $time + 1`
    echo -n $time
    if [ ! -f /usr/local/squid/var/logs/squid.pid ] ; then
      break
    else
      echo -n "."
    fi
    sleep 1
  done

  echo ". .Ok"
}

reload()
{
  echo 'Reloading Squid'
  /usr/local/squid/sbin/squid -k reconfigure
  echo "Ok"
}

case "$1" in
  'start')
    start
    ;;

  'stop')
    stop
    ;;

  'restart')
    stop
    start
    ;;

  'rotate')
    echo -n 'Rotating Squid log files . . . '
    /usr/local/squid/sbin/squid -k rotate
    echo "Ok"
    ;;

   'reload')
     reload
     ;;

  *)
    echo "usage $0 start|stop|restart|reload|rotate"
    ;;

esac

exit 0

---

/etc/rc.d/rc.local

# Load NAT and GRE  Modules
for MOD in $(/usr/bin/find /lib/modules/$(uname -r)/kernel/net -name "*nat*"); do
  /sbin/modprobe $(/usr/bin/basename $MOD .ko)
done
for MOD in $(/usr/bin/find /lib/modules/$(uname -r)/kernel/net -name "*_gre.ko"); do
  /sbin/modprobe $(/usr/bin/basename $MOD .ko)
done

# Make GRE Tunnel between cache and router
ROUTER=192.168.0.129
CACHE=192.168.0.131
ip link set eth0 mtu 1476
ip tunnel add wccp0 mode gre remote $ROUTER local $CACHE dev eth0
ip addr add $CACHE dev wccp0
ip link set wccp0 up
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

# Start Squid Cache Server;
if [ -x /etc/rc.d/rc.squid ]; then
 /etc/rc.d/rc.squid start
fi

---

/etc/rc.d/rc.local_shutdown

# take down tunnel
/usr/sbin/ip link set wccp0
/usr/sbin/ip tunnel del wccp0

# Stop Squid Cache Server:
if [ -x /etc/rc.d/rc.squid ]; then
 /etc/rc.d/rc.squid stop
fi

---

/etc/logrotate.d/squid

/usr/local/squid/var/logs/access.log {
  daily
  rotate 10
  start 1
  copytruncate
  compress
  compresscmd /usr/bin/bzip2
  compressext .bz2
  compressoptions -sq9
  dateext
  notifempty
  missingok
}

/usr/local/squid/var/logs/cache.log {
  daily
  rotate 10
  start 1
  copytruncate
  compress
  compresscmd /usr/bin/bzip2
  compressext .bz2
  compressoptions -sq9
  dateext
  notifempty
  missingok
}

/usr/local/squid/var/logs/store.log {
  daily
  rotate 10
  start 1
  copytruncate
  compress
  compresscmd /usr/bin/bzip2
  compressext .bz2
  compressoptions -sq9
  dateext
  notifempty
  missingok
  postrotate
    /usr/local/squid/sbin/squid -k rotate
  endscript
}

---

First time lunching

mkdir /usr/local/squid/var/cache
mkdir -p /cache/{1,2,3,4}
chown -R nobody:nobody /cache
chown -R nobody:nobody /usr/local/squid/var/logs
chmod +x /etc/rc.d/rc.local_shutdown
chmod +x /etc/rc.d/rc.squid
/usr/local/squid/sbin/squid -z
/etc/rc.d/rc.squid start

---

Cisco Router

Building configuration...

Current configuration : 1620 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Aliabad-GW
!
aaa new-model
aaa authentication login default local
enable secret 5 ******************************
!
username admin password 7 ********************
ip subnet-zero
ip wccp web-cache
ip cef
!
!
no ip domain-lookup
ip name-server 192.9.9.3
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.4 255.255.255.0
 ip wccp web-cache redirect in
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0
 ip unnumbered FastEthernet0/0
 ip nat outside
!
ip nat translation tcp-timeout 200
ip nat translation udp-timeout 180
ip nat translation syn-timeout 180
ip nat pool par 192.168.0.184 192.168.0.191 prefix-length 29
ip nat inside source list 10 pool par overload
ip nat inside source static tcp 172.16.0.27 80 1.2.3.4 80 extendable
ip nat inside source static tcp 192.168.13.2 22 10.20.30.40 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 172.16.0.0 255.255.240.0 192.168.13.2
ip route 192.168.14.0 255.255.255.248 192.168.13.2
no ip http server
ip pim bidir-enable
!
access-list 4 permit 172.16.0.4
access-list 10 permit 172.16.0.3
access-list 10 permit 172.16.8.0 0.0.0.255
access-list 10 permit 172.16.9.0 0.0.0.255
access-list 10 permit 172.16.10.0 0.0.0.255
access-list 10 permit 192.168.13.0 0.0.0.7
access-list 20 deny   192.168.0.4
access-list 20 permit any
snmp-server community ********* RO 4
!
line con 0
line aux 0
line vty 0 4
!
end

---

BY: Pejman Moghadam
TAG: squid, wccp, cisco2610
DATE: 2009-05-06 17:34:32

---

Pejman Moghadam / Slackware [ TXT ]