Professional Documents
Culture Documents
Setting up Squid
First, get squid running. There is a lot of documentation in the Squid distribution, so I won't
cover basic configuration here. On my Fedora box, I just installed the rpm, and that was all.
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Also check that your network appears in the ACLs section. For example, if your network is
192.168.1.0 netmask 255.255.255.0, use:
For testing, you may omit the "acl" line and just comment this:
Be careful if you don't want to allow everyone to use your Webcache. I recommend using this
configuration only for testing.
In this example, I suppose you are using eth0 and eth1. In the ifconfig line, I
assigned IP address 20.1.2.3 to the bridge so I can access it remotely. Use an IP
address in your network. Don't forget it; you will need it later.
Plug your machine into the network, and everything should work. Your Linux box is now a big,
expensive two-port switch
Go to a PC in your LAN and manually configure a proxy. If you use Firefox, for example, go to
the Edit menu and select Preferences. Select General and click "Connection Settings", choose
"Manual Proxy Configuration", and enter the IP address of your bridge. The port is 3128, unless
you have changed it.
Try surfing the Web. If it works, you have squid running and working as desired. Now we'll
move on to the fun stuff and build a "brouter".
First, install ebtables on the bridge machine. Then, just run these two commands:
The first command says that packets passing through the bridge going to port 80 will be
redirected to the local machine, instead of being bridged. The second uses iptables to redirect
those packets to local port 3128, so squid can take care of them.
You should see a lot of "[x]__HIT" messages, meaning that all that content is being caught.
Fine Tuning
You may want to fine-tune squid, adjusting how much memory or disk space it will use. Just edit
/etc/squid/squid.conf.
Remember to create the ACLs (Access Control Lists) for your networks.
You may want to have a script to set up all of this at boot. Use something like this:
/var/my-start-scripts/bridgeBrouter-up.sh
Have fun!
Speaking of fine tunning for Fedora Core, you can use:
> /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
ONBOOT=yes
BOOTPROTO=static
IPADDR=200.1.2.3
NETMASK=255.255.255.0
TYPE=Bridge
> In order that the configuration to work you have also to modify the configuration files for
eth0 and eth1
> /etc/sysconfig/network-scripts/ifcfg-eth[01]
DEVICE=eth0 # or eth1
ONBOOT=yes
BOOTPROTO=static
BRIDGE=br0
And enjoy. It's better to use the tools from the linux distro than to placing configuration scripts
in rc.local.