Original by: Alexmax
Translated by: rinrinrenacuajo
Credits and document sources: Marcos do Vale - Squid Para o BFW (Original
):Revisado el 26/07/2008
Version: 2.6.STABLE16-20071108 (09/11/2007)
Version BFW requiered: v.2.30.1 or higher.
Additional Addons: libpthread.tgz (Versions higher than BFW v2.31.10 did not require it)
Conflicts: RRDSTATS (port used)
Introduction
Using squid, you can block unwanted or inappropriate content from the Internet. It is often necessary to control the content of the local area network environments for children, schools, etc., or even companies. Therefore, squid is one of the best options for controlling content, too let work with caching files, so we have a noticeable acceleration in response to requests for navigation, providing greater speed and saving bandwidth.
Squid is a powerful instrument, which can be further analyzed reading the squid.conf.default file.
Here we will see how to perform a basic configuration and fast for beginners.
STEP 1 – Download and install the libpthread.tgz library (if necessary).
Log in your BFW Machine, and input the following script in the console:
mt
cd / mnt
wget http://www.brazilfw.com.br/downloads/addons/libpthread.tgz
wget http://www.brazilfw.com.br/users/marcos/squid.tgz
cd /
umt
reboot
STEP 2 – Configurando Squid
Set the following settings:
a) Habilite Squid
Click on “Yes”, let 8080 as port.
b) Define the proxy
We must use the TRANSPARENT mode to redirect the clients traffic to our Squid Proxy.
c) Maximum number of connections
It is in accordance with the needs of every network administrator, if in doubt leave the initial configuration default. (0 = default)
d) Networks to use with Squid.
This is just an example. Here, you must put the number for your network.
STEP 3- Configure CACHE
e) Habilite Cache: Use or no use?
Using the Squid cache, we will save time, that is, files that have been solicited for BFW, are stored in the cache and when someone makes the request of pages and files already visited, the files are downloaded directly from the cache, and do not use the Internet connection, well we won speed and save bandwidth.
However, with the cache enabled, the memory consumption will be much larger. Be careful, because if you set wrong values, navigation can be slow.
Marcos Vale Do explanation:
"This relation is around of 1%. ie.
If you set in Squid: 10 Gbytes as quote of Hard Disk cache, and set 8 Mbytes for memory cache. Then:
1% of 10 Gbytes = 100 Mbytes
100 Mbytes + 8 = 108 Mbytes Aprox.
The server requires a minimum 108 Mbytes avaliables of RAM for squid.
Remember: Your machine requieres additional memory to use other process (DNS, DHCP, Webadmin, O.S.)
Another ie:
The server machine has 128 MB of RAM, then:
128 MB of RAM /4 = Set your squid only 32 MB for cache memory.
Don't use more than 2GB as quote of Hard Disk cache in machines with less of 512MB de RAM.
ie.: 5GB = 5000MB 1% = 50 MB of RAM for Squid.
"If you no respects this limits, can stop or cancel vital BFW process as webadmin, SSH, squid.”
f) Lenguage for errores
Select the idiom that you want show the error messages.
STEP 4 – Configuring FILTERS
g) Black List
Here you can insert all sites that you want will be locked, inadequate sites or sites that for reasoning that can not be accessed.
ex:
h) Prohibited words
Sometimes users search of unwanted sites that are not on the blacklist of sites, using words and phrases on search engines. Adding a few words can achieve great results in the blockade. Remember to add words to be careful because there are many areas (for example, "hot" = may be referring to receip), some pages of cooking could be affected.
ie:
i) Deny Extensions
We recommend blocking the extensions CMD, BAT and PIF
other options such as mp3, wav, etc. can also be added, according to their needs.
ie:
j) Cache Force
If you enabled the HD cache option, this let store YouTube (and videos of other sites) in the cache memory.
ie:
STEP 3 – Finish
After complete configuration of Squid, click ok "Send" button, Then, clic on RELOAD SQUID and goto “simple firewall configuration” and click on RELOAD FIREWALL.
Don't forget make backup!
Good Luck.
