Squid Proxy + Mikrotik

I have installed a cache proxy to centos server and works with good TCP_HIT. i’m using centos 5.x. proxy took the data that we request from browsing activities and save it as cache. the second request will take from this cache, that means the connection uses full bandwith on the local network. we got two thing, reduce bandwith consumtion from the ISP and increase the speed. squid has other feature such as redirect, blocking, etc.

on this case, the proxy’s IP set to 192.168.168.12, the same level to client computers.

install squid package from repository.

yum -y install

edit /etc/squid/squid.conf

change/add some.

#change the proxy port to 3128 and set as transparent. The transparent parameter means, this proxy can be used over the IP with port redirect.
 http_port 3128 transparent
 #add the hostname
 visible_hostname proxyserver
 #the TCP_HIT quantities depends on the refresh pattern parameter.
 refresh_pattern ^ftp:        1440    20%    10080
 refresh_pattern ^gopher:        1440    0%    1440
 refresh_pattern ^http:        720    90%    432000
 refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
 refresh_pattern (Release|Package(.gz)*)$    0    20%    2880
 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
 refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320
 refresh_pattern .        0    20%    4320

save the file. then, create a swap directory

/usr/sbin/squid -z #swap

Check squid configuration. If there is an output, something wrong with squid.config, otherwise, all’s ok.

/usr/sbin/squid -k parse

start squid service

/etc/rc.d/init.d/squid start

use chkconfig to set squid to load on boot.

/sbin/chkconfig squid on

now, configure browser’s proxy to IP port 3128. open some static webpages and check log file.

tail /var/log/squid/access.log

if success, the webpage will loaded and squid will generate TCP_MISS to the logfile. we need to check again. give attention to logfile. clear the browser cache or use other computer to load the same pages. if TCP_HIT appears on the log, then your squid server is working fine. TCP_MISS means the data is not exist on cache and proxy server will load it from the internet. You will get TCP_HIT when data is exists and client load it from cache. the more you get TCP_IP, the more browsing speed increased for lots of data.

this is not yet complete. we need to enable the proxy server on router and setup it to redirect to 192.168.168.12:3128 using parent-proxy parameter.

set enabled=yes src-address=0.0.0.0 port=3328 parent-proxy=192.168.168.12 parent-proxy-port=3128

then, add a nat rule to force all request to router’s proxy (port 3328). strike the command bellow.

chain=dstnat action=redirect to-ports=3328 protocol=tcp src-address=!192.168.168.12 dst-port=80

voila.🙂

NB : ini tulisan pertama dengan bahasa inggris. saya harap banyak yang salah dan seseorang memberitahu sehingga saya bisa belajar dari itu.

0 Responses to “Squid Proxy + Mikrotik”



  1. Tinggalkan sebuah Komentar

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s




This blog has been discontinued. All the contents, and new posts can be found at blog.pdft.net
Indonesia Linux Conference 2011

stats

SEO Stats powered by MyPagerank.Net
Counter Powered by  RedCounter

hits

  • 316,997 hits


This blog is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.
pejuang mimpi tak ingkar janji

%d blogger menyukai ini: