Standalone squid server



  • Seeing as most you guys here are network gurus, has anyone got any easy instructions on how to setup a squid transparent proxy with lightsquid for logs?  I would like to have this on a standalone machine and not on my pfSense box anymore.  I would love it if there is someway of having a GUI to setup squid like in pfSense.

    I need to cache alot as my bandwidth is so expensive here, so think that maybe its a better idea to have this separated from my pfSense Firewall.

    Any help or suggestions? Link to an easy to follow tutorial maybe? Have looked around but not found anything as yet.

    Thanks in advance



  • You can try webmin:
    http://www.webmin.com/screens/squid.html

    webmin offers a GUI for many other tools.



  • Thanks for that.  I do already use Webmin on my servers for other reasons. But mainly what i need first is some kinda instruction on hoe to setup a standalone transparent proxy server so i can cache away :)



  • @luke240778:

    I would love it if there is someway of having a GUI to setup squid like in pfSense.

    Hi luke,

    Just use another pfsense to be your cache server.
    This way you will have the same gui and the same easy backup util. :)

    Just enable softupdates during your new install to get better io performance.

    I suggest sarg instead of lightsquid for reports as it has more log options and a realtime tab.

    On the other hand, it's better to find where your users goes on internet and maybe finding a youtube cache tutorial to be more efficient then just a squid cache.

    Varnish acting as a reverse proxy can speedup your user experience too.  ;)

    att,
    Marcello Coutinho



  • @luke240778:

    Thanks for that.  I do already use Webmin on my servers for other reasons. But mainly what i need first is some kinda instruction on hoe to setup a standalone transparent proxy server so i can cache away :)

    To be able to transparent proxy, you will need to configure it on a gateway/firewall.

    users -> gateway with transparente proxy -> internet

    If pfsense is the only gateway you have, then you have to configure it there.

    You can use squid options to forward transparent data to another proxy.

    users -> gateway with transparente proxy -> non http traffic -> internet
                                  |
                          proxy server –--> http traffic ---> internet



  • @marcelloc:

    @luke240778:

    I would love it if there is someway of having a GUI to setup squid like in pfSense.

    Hi luke,

    Just use another pfsense to be your cache server.
    This way you will have the same gui and the same easy backup util. :)

    Just enable softupdates during your new install to get better io performance.

    I suggest sarg instead of lightsquid for reports as it has more log options and a realtime tab.

    On the other hand, it's better to find where your users goes on internet and maybe finding a youtube cache tutorial to be more efficient then just a squid cache.

    Varnish acting as a reverse proxy can speedup your user experience too.  ;)

    att,
    Marcello Coutinho

    Hey Marcello! I am happy you replied with this, as i was wondering if i was able to use another pfsense box just as a transparent proxy, but wan't sure if i was able to setup pfSense with no WAN…  because i am guessing to use pfSense just as a standalone transparent proxy, it would need to have just LAN?  in essence i would have my main pfSense box doing all firewalling and NAT and everything that it is.. and have the second one as just squid and lightsquid or sarg as you mentioned?  Hav enever heard of Sarg, but will look into it.



  • Since pfsense 2.x, you can install it only with one interface(wan).

    I use this way to balance my postfixforwarder pool as well dansguardinas  :)

    You will need to keep squid on your gateway to be able to forward traffic(parent proxy) to this new server.



  • Which topology you people are using for your proxy ?

    Obviously it depends on the actual needs, e.g. some people just put Squid in the DMZ. However this setup won't help if someone is using pfsense multi-WAN with source-tracking, since all traffic initiate by squid's IP will go out via a single gateway.

    In such cases a solution would be to use Squid w/TPROXY (only available on Linux) which maintains original client's IP, and put Squid server in bridge mode on the LAN i.e. clients -> TPROXY -> pfsense -> Internet.



  • dhatz, i am just using squid on pfSense in Transparent proxy mode, to try and cache as much as i can, and i use Lightsquid so i can see who is doing what.

    I basically want just to keep the same kind of setup but would like to have squid & cache on another machine, basically because my pfSense is running on a VM and that machine doesnt have the space that i want to have available for cache.. And i have another machine that i can use which has 3tb disk space in it.

    Originally i wanted to have the cache saved to another machine an still be able to run lightsquid on the pfSense VM, but was told once before that i couldnt do this.



  • @marcelloc:

    Since pfsense 2.x, you can install it only with one interface(wan).

    I use this way to balance my postfixforwarder pool as well dansguardinas  :)

    You will need to keep squid on your gateway to be able to forward traffic(parent proxy) to this new server.

    Hi Marcelloc, just want to be clear before i go ahead with this.

    So i keep my main pfsense box running squid and Lightsquid to see the logs there, and create another pfsense, with only WAN, and this will also be running squid and Lightsquid?

    I guess there are some settings on squid on the main box that will tell it to use the second box to store cache and run transparently?



  • leave lightsquid/sarg on the second pfsense

    firewall with squid in transparent mode on lan + upstream configuration

    second pfsense with squid and report package



  • @marcelloc:

    leave lightsquid/sarg on the second pfsense

    firewall with squid in transparent mode on lan + upstream configuration

    second pfsense with squid and report package

    Thanks. I'll have to look into this. I have never used or heard of sarg.

    As my pfSense main firewall is a VM, if i put the cache off onto anothe rbox like this, how much HDD space does pfSense actually need to work efficiently?


Log in to reply