NSLU2-Linux
view · edit · print · history

Setting up the SQUID-Proxy on Unslung 6.8x

If for any reason, you might need a proxy in your network, you can use the squid-package.

Preface

There was no HowTo on nslu2-linux.org so after I succeeded, I decided to write one. Please feel free to correct and add information to this HowTo!

1. Step: Install squid

Login to your slug as root via telnet or ssh.

Run

ipkg update
ipkg install squid

2. Step: Edit squid.conf

After the installation of squid, you will get an errormessage like "visible_hostame not set". So you have to edit the file /opt/etc/squid/squid.conf according to your requirements. I have installed the midnightcommander (mc) on my slug because I hate editing with vi! ;-) If you open squid.conf and you are a nnewbie to it like I was, you maybe close it again and think about watching some TV instead. There are a lot (really a LOT!!) of options to set.

To give you a starting point, I attach a working sample of a small "quick and dirty" squid.conf . You can tailor it again according to your needs.

cache_mgr bigbrother@unslung_squid  
visible_hostname hostname_of_your_slug    
cache_mem 8 MB                              
cache_dir ufs /opt/var/squid/cache 100 16 256
negative_dns_ttl 10 second            
connect_timeout 60 second             
read_timeout 80 second
request_timeout 80 second

cache_access_log /opt/var/squid/logs/access.log
cache_log /opt/var/squid/logs/debug 
cache_store_log /opt/var/squid/logs/storage

hierarchy_stoplist on
http_port 192.168.1.77:3128
# Global ACL-Definitions (Access control lists)

acl idents ident REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0 
acl intern dst 192.168.1.0/255.255.255.0
acl FTP proto FTP
always_direct allow FTP
acl Allowed_Ports port 80 99 443 21 563 488 777 210 1025-65535
acl yourLAN src 192.168.1.0/255.255.255.0  

#http_access definition 
http_access allow idents
http_access allow all
http_access allow intern
http_access deny manager all
http_access allow yourLAN
http_access deny all

icp_access deny all
miss_access allow all
always_direct allow intern

3. Step: Initialising Squid-Cache-Directories

Now, we have to create the cache-directories according to the squid.conf.

Just type

squid -z

This creates the directory-structure of the cache.

4. Step: Starting Squid

Type

/opt/etc/init.d/S80squid start

5. Step: Test, if it is working

First of all, using a "ps aux" you can check, if there is a pid squid residing in your slug. If yes - perfect. If no - what the hell did you do wrong!? Restart at Step 2! ;-) Now, open a Browser on any pc of your lan and change the network-settings from direct-Internet to use proxie.

Settings:

Proxy: 192.168.1.77 (or whatever is the IP of your slug) Port: 3128

Use same proxy for all protocols.

Save settings and try to load a webpage. It should appear after a couple of seconds. If not - Step 2!

Comment and recommendations

I got my squid "swimming" as described.

BUT:

The performance was quite poor. The reaction-time to open a webpage is too long in my opinion.

But if you need a platform for e.g. setting up a child-protection-system, you have at least a starting point.

I really recommend to read the squid-documentation! The small squid.conf presented is far away from beeing perfect! It's up to your own responsabilty to configure your squid properly!

Have fun!


I followed the above instructions and works perfect for me. Rapid opening of pages and great caching!!!! Thanks a lot!


Use the following option to disable the cache directory entirely (useful if you are running from a USB stick)

cache_dir null /dev/null

For this to work, you need a version of squid compiled with --enable-storeio=null


2007-02-08 Using OpenSlug 3.10, and the Unslung package. I can't get Squid to work. I see multiple people have, but I get the error:

    FATAL: Bungled Default Configuration line 9: cache_mem 8 MB
    Squid Cache (Version 2.6.STABLE9?): Terminated abnormally.

I have tried freeing up memory, I have tried different versions, I have tried different configs, I've tried no config, I have tried many things without success. I always get that exact same error. If anyone has any ideas, please let me know. --Mannkind

==========================oOo=========================================

Squid on Debian

This will provide a local cache of accessed web pages and page components, hopefully speeding up Internet access all round. There is good documentation, in the Squid wiki. Thatís a good thing because it has a formidable conf file, though thankfully most of it can be left as it comes out of the box. However, Debian makes it very easy for you, if you

apt-get install squid

it will install all the necessary files, create the disk cache, install and start the squid daemon. In order to get a working slug system you just need a few edits to the /etc/squid/squid.conf file:

1. Pick a port for squid to listen on, 8080 seems to be favourite

http_port 8080

2. Allow access to machines on your network (obviously use your IP addresses)!

acl our_networks src 192.168.1.1-192.168.1.100

http_access allow our_networks

http_access allow localhost

3. If you have the disk space, increase the size of Squidís cache files (here 500Mb):

cache_dir ufs /var/spool/squid 500 16 256

4. If you want to, identify yourself as the webmaster:

cache_mgr bofh@slugspalace.org

5. and then restart Squid: /etc/init.d/squid restart

You can either set up the proxy name in the preferences for each browser or for all browsers in the system preferences (Mac OSX), something like

192.168.1.77:8080

if you are using a fixed IP address for your slug.

An easy way to check that the cache is being used is to enter a non-existent URL in the browser, you will get an error message which is obviously from the proxy if its working OK.

By default Squid will log every URL entered by every user on your network in /var/log/squid/* . Once you are happy it is working OK you need to decide whether or not to keep doing this. If you decide to respect their privacy you can stop the logging by replacing the logfile names with none in squid.conf .

Tuning

After running with Squid for a few days, a couple of problems came to light when the network was quite heavily loaded. Firstly Squid was running at about 40% of available memory, secondly when two or more people were downloading large files or streaming video then the video streams would stutter and rebuffer. Although this wasnít a major problem most of the time (there are only five potential concurrent users of the network!) it was time to start poking around in squid.conf again.

There is a fair amount of tuning information around on the web, but most of it is aimed at large scale operations and scaling up the proxy, rather than squeezing as much as possible out of a little box. Also the most obvious move for most users is to add more RAM, an option not open to me in this case (Iím not ready to wield the soldering iron just yet). Nevertheless there seemed to be a few things worth trying.

Firstly I moved the squid cache to my faster hard disk, and upped the size to 1Gb. I was tempted to go higher, but exercised some caution as allocating more space here also increases the RAM usage slightly. I also DECREASED the number of level 1 sub-directories to 8. Therefore the squid.conf entry becomes:

cache_dir ufs /mnt/sdb1/squidcache 1000 8 256

Obviously the squidcache directory needs to be created beforehand and the squid user given RW access to it. After editing squid.conf it was necessary to stop Squid

/etc/init.d/squid stop

and then call it from root with the -z option to initialise the new cache files

squid -z

which took only a couple of seconds, and then restart Squid

/etc/init.d/squid start

This seems to have been very successful, with the memory usage sticking at a max of 18% under heavy load, which is fine.

Now on to the streaming issue. There are mixed views as to whether large files should be cached or not. Clearly there will be advantages if they are going to be accessed by more than one user, or more than once, but on balance I decided it was just too much work for the poor little slug, and so in Squid terminology Ďcreated an access rule to deny caching to typical large or streamed filetypesí. I couldnít find any info on whether or not filenames are case sensitive so rather than laboriously try it out I just played safe, with the following in squid.conf:

acl streamorlarge urlpath_regex -i \.swf$ \.SWF$ \.asf$ \.asx$ \.wmv$ \.mpg$ \.rm$ \.mov$ \.flv$ \.mpeg$ \.FLV$ \.rar$ \.zip$ \.ZIP$ \.iso$

no_cache deny streamorlarge

Restarted squid, and the streaming problem was solved. Now we have memory usage peaking at 18%, streaming working fine, and noticeably snappier browsing, especially on busy sites such as ebay, the BBC and the Apple store.

So there we have it, Iím sure there is more performance to be found with more effort, and YMMV, but worth giving it a go to get the best out of this amazing little box.

See it in action at my site http://www.zonko.ath.cx

view · edit · print · history · Last edited by Vic Z.
Based on work by Vic Z, Mannkind, bf, simfun, and Armin.
Originally by Armin.
Page last modified on March 24, 2007, at 10:29 PM