Personal tools
You are here: Home Web Http Squid proxy/cache with IPv6 on CentOS v6.x
 

Squid proxy/cache with IPv6 on CentOS v6.x

This VM replaces the CentOS v5.x VM. This is in support of a later version of Squid that will fail-back to IPv4 when an IPv6 site is unavailable (as well as an upgrade of the OS). 

The VM is:

  • CentOS v6.5
  • 8G root
  • swap
  • squid cache device
  • single NIC with IPv4 and IPv6

Install

Install the EPEL and CentALT repositories: 
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://centos.alt.ru/repository/centos/6/x86_64/centalt-release-6-1.noarch.rpm

Edit the CentALT report file 'etc/yum.repo.d/centalt.repo' and set it to disabled (enable it explicitly on the command line when install and updading, as it has newer version of openssh, postfix and mariadb that we don't need for this VM). Install Squid:

# yum install --enablerepo CentALT squid

Add cache device

Create the squid cache device :

# mkfs.ext4 /dev/xvdc1 -L /var/spool/squid

Add the device to '/etc/fstab':

LABEL=/var/spool/squid  /var/spool/squid        ext4    defaults        0 0

Mount the device and give ownership to squid

# mount -a
# chown squid.squid /var/spool/squid

Configure Firewall

Configure the iptables and ip6tables firewalls to allow:

  • clients on the local network access to the cache
  • the squid cache access to all internet hosts
  • local processes access to the squid proxy

 

Add to '/etc/sysconfig/iptables':

 

# Squid
-A tcpIn  -p tcp -m tcp --source 10.20.0.0/16 --dport 3128 -m state --state NEW -j ACCEPT
-A tcpOut -m owner --uid-owner squid -m state --state NEW -j ACCEPT

# Local proxy access
-A tcpOut -p tcp -m tcp --dport 3128 -m state --state NEW -j ACCEPT

Add to '/etc/sysconfig/ip6tables':

# Squid
-A tcpIn  -p tcp -m tcp --source fd0c:898b:471c::/48 --dport 3128 -m state --state NEW -j ACCEPT
-A tcpIn  -p tcp -m tcp --source 2001:4428:225::/48  --dport 3128 -m state --state NEW -j ACCEPT
-A tcpIn  -p tcp -m tcp --source fe80::/10           --dport 3128 -m state --state NEW -j ACCEPT
-A tcpOut -m owner --uid-owner squid -m state --state NEW -j ACCEPT

# Local proxy access
-A tcpOut -p tcp -m tcp --dport 3128 -m state --state NEW -j ACCEPT

Configure squid

Edit the main squid configuration file '/etc/squid/squid.conf'.  The local networks configured are:

acl localnet src 10.20.0.0/16        # RFC1918 possible internal network
acl localnet src fe80::/10           # RFC 4291 link-local (directly plugged) machines
acl localnet src 2001:4428:225::/48
acl localnet src fd0c:898b:471c::/48 # RFC 4193 local private network range

Update the size of the cache directory directive to use approximately 80% of the 32Gbyte cache device:

cache_dir ufs /var/spool/squid 26000 64 256

Start squid

# chkconfig squid on
# service squid start
init_cache_dir /var/spool/squid... Starting squid: ....    [  OK  ]

 

Links

Appendices

yum install squid

# yum install --enablerepo CentALT squid

Dependencies Resolved

===========================================================================================
 Package                        Arch          Version                 Repository      Size
===========================================================================================
Installing:
 squid                          x86_64        9:3.4.4-1.el6           CentALT        2.6 M
Installing for dependencies:
 libtool-ltdl                   x86_64        2.2.6-15.5.el6          base            44 k
 perl-Crypt-OpenSSL-X509        x86_64        1.800.2-1.el6           epel            37 k
 perl-DBI                       x86_64        1.609-4.el6             base           705 k

Transaction Summary
===========================================================================================
Install       4 Package(s)

Total download size: 3.4 M
Installed size: 10 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm                       |  44 kB     00:00
(2/4): perl-Crypt-OpenSSL-X509-1.800.2-1.el6.x86_64.rpm             |  37 kB     00:00
(3/4): perl-DBI-1.609-4.el6.x86_64.rpm                              | 705 kB     00:01
(4/4): squid-3.4.4-1.el6.x86_64.rpm                                 | 2.6 MB     00:12
-------------------------------------------------------------------------------------------
Total                                                      229 kB/s | 3.4 MB     00:15
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : perl-DBI-1.609-4.el6.x86_64                                             1/4
  Installing : libtool-ltdl-2.2.6-15.5.el6.x86_64                                      2/4
  Installing : perl-Crypt-OpenSSL-X509-1.800.2-1.el6.x86_64                            3/4
  Installing : 9:squid-3.4.4-1.el6.x86_64                                              4/4
  Verifying  : 9:squid-3.4.4-1.el6.x86_64                                              1/4
  Verifying  : perl-Crypt-OpenSSL-X509-1.800.2-1.el6.x86_64                            2/4
  Verifying  : libtool-ltdl-2.2.6-15.5.el6.x86_64                                      3/4
  Verifying  : perl-DBI-1.609-4.el6.x86_64                                             4/4

Installed:
  squid.x86_64 9:3.4.4-1.el6

Dependency Installed:
  libtool-ltdl.x86_64 0:2.2.6-15.5.el6    perl-Crypt-OpenSSL-X509.x86_64 0:1.800.2-1.el6
  perl-DBI.x86_64 0:1.609-4.el6

Complete!

 

Related content
Document Actions