Você está na página 1de 7

MikroTik + Squid 2.6 com cache full [Artigo] https://www.vivaolinux.com.br/artigos/impressora...

MIKROTIK + SQUID 2.6 COM CACHE FULL

Autor: Raniel Guimaraes <ranielguimaraesfreire at gmail.com>


Data: 19/11/2008

INTRODUO

SOFTWARES UTILIZADOS

Para criar este documento eu utilizei de:

MikroTik 2.9.51
Squid-2.6.STABLE13
Patch do Zero Penality Hit
Slackware Linux (//www.vivaolinux.com.br/linux/) 12.0

Todo crdito configurao e instalao do Linux ao nosso amigo kerneldark


(http://www.vivaolinux.com.br/~kerneldark) e seu artigo Squid 2.6 + HTB-tools com cache full
(http://www.vivaolinux.com.br/artigo/Squid-2.6-+-HTBtools-com-cache-full).

CENRIO DE NOSSA CONFIGURAO

1 of 7 20-04-2016 16:05
MikroTik + Squid 2.6 com cache full [Artigo] https://www.vivaolinux.com.br/artigos/impressora...

(//static.vivaolinux.com.br

/imagens/artigos/comunidade/img.JPG)

BAIXANDO OS ARQUIVOS NECESSRIOS

Os arquivos aqui utilizados foram os mesmos utilizados no artigo do kerneldark.

Baixar o Squid: download squid-2.6.STABLE13.tar.gz (http://kerneldark.googlepages.com/squid-


2.6.STABLE13.tar.gz)

Baixar o patch: http://kerneldark.googlepages.com/patch.zip (http://kerneldark.googlepages.com


/patch.zip)

CONFIGURAO DO SQUID (SQUID.CONF)

Deixar seu squid.conf da seguinte maneira:

http_port 3128 transparent


hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache

2 of 7 20-04-2016 16:05
MikroTik + Squid 2.6 com cache full [Artigo] https://www.vivaolinux.com.br/artigos/impressora...

broken_vary_encoding allow apache


cache_mem 64 MB
maximum_object_size 40 MB
cache_dir aufs /var/cache/squid 20000 16 256
access_log none #se quiserem colocar o access.log basta criar o arquivo e d permisso de
escrita
cache_store_log none
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost


http_access allow all
http_reply_access allow all
icp_access allow all

zph_tos_local 0x30
zph_tos_peer 0
zph_tos_parent off

3 of 7 20-04-2016 16:05
MikroTik + Squid 2.6 com cache full [Artigo] https://www.vivaolinux.com.br/artigos/impressora...

zph_preserve_miss_tos on

forwarded_for off
error_directory /usr/share/squid/errors/Portuguese
coredump_dir /var/cache/squid
detect_broken_pconn on
pipeline_prefetch on

APLICANDO O PATCH E INSTALANDO O SQUID

Depois de baixar e descompactar o Squid e o patch, entrar no diretrio do Squid e aplicar o patch:

# cd squid-2.6.STABLE13
# patch -p1 < ../80_all_squid-2.6.13-gentoo.patch
# patch -p1 < ../81_all_squid-i2d-13_of_void.patch
# patch -p1 < ../90_all_squid-2.6.STABLE13-
ToS_Hit_ToS_Preserve.patch

#./configure \
--prefix=/usr \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--datadir=/usr/share \
--sysconfdir=/etc \
--localstatedir=/var/lib \
--sysconfdir=/etc/squid \
--libexecdir=/usr/libexec/squid \
--localstatedir=/var \
--datadir=/usr/share/squid \
--enable-auth=basic,digest,ntlm \
--enable-removal-policies=lru,heap \
--enable-ident-lookups \
--enable-useragent-log \
--enable-cache-digests \
--enable-delay-pools \
--enable-referer-log \

4 of 7 20-04-2016 16:05
MikroTik + Squid 2.6 com cache full [Artigo] https://www.vivaolinux.com.br/artigos/impressora...

--enable-arp-acl \
--with-pthreads \
--with-large-files \
--enable-htcp \
--enable-carp \
--enable-follow-x-forwarded-for \
--disable-snmp \
--enable-ssl \
--enable-storeio=ufs,diskd,coss,aufs,null \
--enable-async-io \
--enable-linux-netfilter

# make
# make install

Criar o usurio para o cache:

# groupadd squid -g 31
# useradd -u 31 squid -g squid -s /bin/false

Criar a pasta pra armazenar as pginas do Squid:

# cd /var/cache
# mkdir squid
# chown squid.squid squid
# chmod 775 squid

Criar os arquivos necessrios pra log do Squid:

# cd /var/logs
# touch cache.log

Se decidiu tambm logar os acessos:

# touch access.log

E assim por diante.

Rodar o "squid -z" para criar o swap directory do Squid, necessrio apenas uma vez:

# squid -z

5 of 7 20-04-2016 16:05
MikroTik + Squid 2.6 com cache full [Artigo] https://www.vivaolinux.com.br/artigos/impressora...

Voc deve ver algo como:

2007/07/18 11:38:30| Creating Swap Directories

Iniciar o squid:

# squid -DYC

Para ver se foi iniciado:

# ps aux | squid

CONFIGURANDO O MIKROTIK

Configurao de firewall nat:

/ip firewall nat add chain=dstnat src-address=10.111.1.2


dst-address=10.111.1.2 protocol=tcp dst-port=80 action=accept

/ip firewall nat add chain=dstnat protocol=tcp dst-port=80


action=dst-nat to-address=10.111.1.2 to-ports=3128

Configurao de firewall mangle:

/ip firewall mangle chain=forward action=mark-connection


new-connection-mark=forward-hits passthrough=yes content=X-Cache:
HIT

/ip firewall mangle chain=forward action=mark-packet new-packet-


mark=cache-hits passthrough=no connection-mark=forward-hits

/ip firewall mangle chain=postrouting action=mark-connection


new-connection-mark=proxy-hits passthrough=yes tos=48

/ip firewall mangle chain=postrouting action=mark-packet


new-packet-mark=proxy-squid passthrough=no connection-
mark=proxy-hits

6 of 7 20-04-2016 16:05
MikroTik + Squid 2.6 com cache full [Artigo] https://www.vivaolinux.com.br/artigos/impressora...

Queue tree:

/queue tree add name="cache_hits" parent=global-out packet-


mark=proxy-squid limit-at=0 queue=default priority=8
max-limit=8000000 burst-limit=0 burst-threshold=0 burst-time=0s

/queue tree add 27 name="cache" parent=global-out packet-


mark=cache-hits limit-at=0 queue=default priority=8
max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s

CONSIDERAES FINAIS

Bem pessoal, isto a, abaixo um exemplo de configurao de mangle e queue tree:

Linux: Configurao de mangle e queue tree (//static.vivaolinux.com.br/imagens/artigos


/comunidade/img2.JPG)

Qualquer dvida....

Crditos ao artigo: Squid 2.6 + HTB-tools com cache full (http://www.vivaolinux.com.br/artigo/Squid-


2.6-+-HTBtools-com-cache-full)

Voltar (verArtigo.php?codigo=9180)

7 of 7 20-04-2016 16:05