Shttp://www.basicconfig.com/linuxserver http://www.Ceylonlinux.com/book.

html

/etc/squid/squid.conf

squid is an open source caching proxy server. As a cache proxy server, squid accepts request
data from client and passes it to appropriate Internet server. It keeps a copy of the returned
data, especially hot objects cached in RAM. Squid also caches DNS lookups and supports non-
blocking DNS lookups. Even when a client terminates a request, squid continues to fetch and
complete the requested data. When it receives the same request again from other client, it
just passes the stored data in its cache. This is the basic concept of how squid works,
speeding up the Internet access and saving bandwidth.

Other than http protocol, squid supports FTP, gopher, and HTTP data objects. Squid also
supports other caching protocols too, such as:

• Internet cache protocol (ICP)

• Cache digests
• Simple network management protocol (SNMP)
• Hyper text caching protocol (HTCP)

A cache proxy server can greatly improve Internet performance and squid cache proxy server
is very fast and well known for high performance caching proxy server in Linux world. A
normal firewall proxy does not store copy of returned data like squid does. Squid cache proxy
server works great with firewall on the upper level and squid in the lower level protecting local
network from each other.

Setup squid cache proxy server in Ubuntu

Before setting up a squid cache proxy server, you should consider several things that will
influence the performance of the caching server later. The most important things are server
hardware.

Basic hardware requirements

As we already know, squid stores meta data especially hot objects cached in RAM. So having a
big RAM will improve squid performance and overall server performances. However, cpu power
doesn't really effect squid performance.
While keeping all caches in the hard disk, having a fast random-seek-time hard disk would
boost squid performances. A high rpm hard disk is good but the price is higher. You would
better consider adding extra hard disk with fast random-seek-time because having many hard
disk also improve squid performances.

Install squid proxy in Ubuntu

You can check whether squid is already installed by checking squid service with ps command.
To simply grab a running squid service with ps command, add | (pipe) and grep option like the
example below:

luzar@ubuntu:~$ ps aux | grep squid

luzar 5667 0.0 0.1 3236 796 pts/0 S+ 16:45 0:00 grep squid
luzar@ubuntu:~$

So there is no squid process running in our system. Then we can install squid package using
apt-get package management system. Example of squid package installation in Ubuntu using
apt-get:

luzar@ubuntu:~$ sudo apt-get install squid

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
openssl-blacklist squid-common ssl-cert
Suggested packages:
squidclient squid-cgi logcheck-database resolvconf smbclient winbind
The following NEW packages will be installed:
openssl-blacklist squid squid-common ssl-cert
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 7542kB of archives.
After this operation, 19.5MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://us.archive.ubuntu.com intrepid/main openssl-blacklist 0.4.2
[6337kB]
4% [1 openssl-blacklist 360983/6337kB 5%] 4770B/s 25min5s
As you can see, squid file is quite big. So the downloading and installation is going to take
some times. After the installation is finished, you can begin configuring squid as a caching
proxy server.

Configure squid caching proxy server in Ubuntu

Squid configuration file is in /etc/squid directory. So change directory to /etc/squid and see
what we have there.

luzar@ubuntu:~$ cd /etc/squid/
luzar@ubuntu:/etc/squid$ ls
squid.conf
luzar@ubuntu:/etc/squid$

We just have one file, squid.conf, which is the main configuration file for squid. For a safety
reason, we will make a copy of squid.conf as a backup before we start editing the file. Here is
a command to copy squid.conf:

luzar@ubuntu:/etc/squid$ sudo cp squid.conf squid.conf.bac

luzar@ubuntu:/etc/squid$ ls -l
total 344
-rw------- 1 root root 168394 2008-12-24 16:20 squid.conf
-rw------- 1 root root 168394 2008-12-24 17:07 squid.conf.bac
luzar@ubuntu:/etc/squid$

Here is a step by step guide on how to configure a basic squid caching proxy server. Open
squid.conf with your favorite text editor. Here is an example using vim editor :

luzar@ubuntu:/etc/squid$ sudo vim squid.conf

[sudo] password for luzar:

This is an example of squid.conf file when you open it with vim editor:
Go to the line http_port. We are going to set http port for the squid caching proxy server.
You can set port as in example below:

Tips: If you are using vim, in command mode, type /term to search for the term you are
looking for. Pres n to find the next occurrence of the search term. Squid.conf is quite a big file
for you to scroll.

# Squid normally listens to port 3128

http_port 3128

Next, we are going to set cache directory for our squid caching proxy server. The cache_dir is
disabled by default. You can copy that line and add your preferred cache directory size for
your caching proxy server. You can set more than one cache directory if you have many
partitions and named the cache directory as cache1, cache2, cache3, so forth.

#Default:
# cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /var/spool/squid/cache1 1000 16 256

The value 100 after cache directory is the size value in MB. Set it according to your need.
Remember that the cache directory must be empty. In the example above, I set it to 1000MB.
The second and third values (16 256) are sub directory first and second tier.

We can set administrator email address in cache_mgr so email can automatically sent to us if
squid dies.

#Default:
# cache_mgr webmaster
cache_mgr webmaster
Another important configuration we need to set is squid log. Squid log can be set in
access_log parameter. This is the default path and file used:

# And priority could be any of:

# err, warning, notice, info, debug.
access_log /var/log/squid/access.log squid

Squid automatically create a default user proxy and a group proxy during the installation.
Enable those names in the cache_effective_user and cache_effective_group in squid.conf
file.

#Default:
# cache_effective_user proxy
cache_effective_user proxy
#Default:
# none
cache_effective_group proxy

Enable ftp anonymous user if you need that.

#Default:
# ftp_user Squid@
ftp_user Squid@

Now we need to set simple access control (acl) to allow ip address in our local network. Search
for the acl localnet line and add your local area network ip addresses.

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
# acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl local_itnet src 192.168.0.0/255.255.255.0 # IT network
acl local_admnet src 192.168.1.0/255.255.255.0 # Admin network

Enable http_access from local network:

#Allow HTTP queries from local networks only
http_access allow acl local_itnet
http_access allow acl local_admnet
http_access deny all

Tips: Only allow ip address in your network.

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
acl local_itnet src 192.168.0.0/255.255.255.0 # It networkhttp_access
allow localnet
acl local_admnet src 192.168.1.0/255.255.255.0 # Admin networkhttp_access
allow localnet

Allow icp from local network:

#Allow ICP queries from local networks only

icp_access allow acl local_itnet
icp_access allow acl local_admnet
icp_access deny all

That covers all the basic squid configurations. Now we can restart squid service:

lluzar@ubuntu:/etc/squid$ sudo vim squid.conf

luzar@ubuntu:/etc/squid$ sudo /etc/init.d/squid restart
* Restarting Squid HTTP proxy squid [ OK ]
luzar@ubuntu:/etc/squid$
 DHCP

This is a guide for Ubuntu dhcp server installation setup. DHCP is a Dynamic Host
Configuration Protocol. By configuring a dhcp server, system administrator won't have to
manually assign static ip address and other information for clients.

A traditional Linux dhcp server called dhcpd. However, a default Ubuntu server Hardy
installation, you can no longer install dhcpd. There is no more dhcpd. Ubuntu Hardy or
Intrepid only has these dhcp client and server packages:

dhcp-helper (0.7-2) [universe]

A DHCP relay agent
dhcp3-client (3.0.6.dfsg-1ubuntu9)
DHCP client
dhcp3-common (3.0.6.dfsg-1ubuntu9)
common files used by all the dhcp3* packages
dhcp3-relay (3.0.6.dfsg-1ubuntu9) [universe]
DHCP relay daemon
dhcp3-server (3.0.6.dfsg-1ubuntu9)
DHCP server for automatic IP address assignment
dhcp3-server
virtual package provided by udhcpd
dhcpcd (1:3.0.17-2) [universe]
DHCP client for automatically configuring IPv4 networking

Never mind, so we need to install dhcp3-server instead. Here we go:

luzar@ubuntu:~$ sudo apt-get install dhcp3-server

[sudo] password for luzar:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libdns32 libisc32
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
dhcp3-server
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 318kB of archives.
After this operation, 774kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com hardy/main dhcp3-server 3.0.6.dfsg-1ubuntu9
[318kB]
Fetched 318kB in 5s (61.2kB/s)
Preconfiguring packages ...
Selecting previously deselected package dhcp3-server.
(Reading database ... 18954 files and directories currently installed.)
Unpacking dhcp3-server (from .../dhcp3-server_3.0.6.dfsg-1ubuntu9_i386.deb) ...
Setting up dhcp3-server (3.0.6.dfsg-1ubuntu9) ...
Generating /etc/default/dhcp3-server...
* Starting DHCP server dhcpd3 [fail]
invoke-rc.d: initscript dhcp3-server, action "start" failed.
luzar@ubuntu:~$

Well, now we have Starting DHCP server dhcpd3 - Fail. Let's see what is the problem:

luzar@ubuntu:~$ tail /var/log/syslog

Nov 21 11:14:54 ubuntu dhcpd:
Nov 21 11:14:54 ubuntu dhcpd: No subnet declaration for eth0 (192.168.0.47).
Nov 21 11:14:54 ubuntu dhcpd: ** Ignoring requests on eth0. If this is not what
Nov 21 11:14:54 ubuntu dhcpd: you want, please write a subnet declaration
Nov 21 11:14:54 ubuntu dhcpd: in your dhcpd.conf file for the network segment
Nov 21 11:14:54 ubuntu dhcpd: to which interface eth0 is attached. **
Nov 21 11:14:54 ubuntu dhcpd:
Nov 21 11:14:54 ubuntu dhcpd:
Nov 21 11:14:54 ubuntu dhcpd: Not configured to listen on any interfaces!
Nov 21 11:17:01 ubuntu /USR/SBIN/CRON[4762]: (root) CMD ( cd / && run-parts
--report /etc/cron.hourly)
luzar@ubuntu:~$

So we haven't configure the dhcp configuration yet. Ok now let's configure the dhcp
configuration file. The dhcp configuration file is /etc/dhcp3/dhcpd.conf. Below is the default
ubuntu /etc/dhcp3/dhcpd.conf file:

#
# Sample configuration file for ISC dhcpd for Debian
#
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.
#
# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
#

# The ddns-updates-style parameter controls whether or not the server will

# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# option definitions common to all supported networks...

option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the

# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {

# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,

# This declaration allows BOOTP clients to get dynamic addresses,

# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {

# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.

#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in

# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.fugue.com";
#}

# Fixed IP addresses can also be specified for hosts. These addresses

# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.fugue.com;
#}

# You can declare a class of clients and then do address allocation

# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}

Don't do anything to file yet. We need to backup the file in case something wrong happened.
Use Linux cp command to duplicate the file like the example below:

luzar@ubuntu:~$ sudo cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.bak

[sudo] password for luzar:
luzar@ubuntu:~$

Now you can edit the file with your favorite text editor. Here is an example of a simple
dhcpd.conf configuration for a local network:

# /etc/dhcp3/dhcpd.conf
#
#
ddns-update-style none;

# Lease time is in seconds

# Default lease is 1 week (604800 seconds)
default-lease-time 604800;
# Max lease is 4 weeks (2419200 seconds)
max-lease-time 2419200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# All ip addresses and domain name are examples

subnet 192.168.0.0 netmask 255.255.255.0 {
option domain-name "example.com";
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.0.47, 192.168.1.5; # Comma between
domain
option routers 192.168.0.10;
range 192.168.0.20 192.168.0.50; # No comma, just whitespace
}

To make the dhcpd.conf configuration file above works for you, just change the domain name
and related ip addresses. When you are done, restart dhcp3 service again. Here is the
command:

luzar@ubuntu:~$ sudo /etc/init.d/dhcp3-server start

* Starting DHCP server dhcpd3 [ OK ]
luzar@ubuntu:~$

If you failed again, then there is something wrong with your dhcp.conf configuration.
Normally, there is an error prompt that include detail about the error such as error name and
error line. So, write that down, open dhcp configuration file again and fix the error. Also you
can find the error in /var/log/messages and /var/log/daemon.log files. Use tail command to
view latest error.
We give Networking Solutions from Simple Networking to Sophisticated Networking as
follows:

• Local Area Networking (LAN)

• Wide Area Networking using IPVPN, Frame Relay, Point to Point Leased Circuits
• Voice Over IP, Voice Over Frame Relay and IP Telephony Implementations
• Wireless HotSpots Implementation
• Virtual Private Networking with Encryption
• Router Configuration and Maintenance
• Implementing Security Solutions
• Network Management
• ADSL Configuration (Modem / Router)
• WAN Backup Technology Implementation

Following are some of the administration tasks which falls under this package.

• Server Maintenance

• Live Technical Support

• Log auditing

• Software Configuration

• Service Monitoring

• Security Audit

• Initial Security Audit

• Software Upgrades

• Date/Time/Time zone

• DNS Setup

• Control Panel Setup

• Application Installation

• Kernel upgrade/tuning

• Firewall installation

• Host, network IDS

• Securing /tmp directory

• SSH server hardening

• Logwatchers