The Guru College
Home Network – Web Proxy Server (squid)
Often, my home network projects come from things I’m currently involved with at work, or plan to be involved with soon. It’s been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I’m also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block about.com
and a host of banner ad servers.
I’m using squid as a proxy server – and it’s just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you’ll need – it’s a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I’ll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the DHCPOFFER packets, and clean up my failover code, so if squid isn’t running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named tank
:
`Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block
about.com` and a host of banner ad servers.
I’m using squid as a proxy server – and it’s just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you’ll need – it’s a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I’ll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the DHCPOFFER packets, and clean up my failover code, so if squid isn’t running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named tank
:
``
This creates the filesystems you need, with compression enabled where it counts. I’m getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the squid.conf
file, find the cache_dir
, access_log
, cache_log
and cache_store_log
directives, and modify them as follows:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block
about.com` and a host of banner ad servers.
I’m using squid as a proxy server – and it’s just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you’ll need – it’s a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I’ll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the DHCPOFFER packets, and clean up my failover code, so if squid isn’t running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named tank
:
`Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block
about.com` and a host of banner ad servers.
I’m using squid as a proxy server – and it’s just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you’ll need – it’s a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I’ll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the DHCPOFFER packets, and clean up my failover code, so if squid isn’t running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named tank
:
``
This creates the filesystems you need, with compression enabled where it counts. I’m getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the squid.conf
file, find the cache_dir
, access_log
, cache_log
and cache_store_log
directives, and modify them as follows:
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from <a href="http://mkeadle.org/?p=14" target="_blank">this post</a> on <a href="http://mkeadle.org/" target="_blank">mkeadle.org</a> for the following ACL information. First, create the text files `/tank/squid/conf/banner-ads.acl` and `/tank/squid/conf/denied-domains.acl`. For my setup, `denied-domains.acl` only has the single entry:
````Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from this post on mkeadle.org for the following ACL information. First, create the text files /tank/squid/conf/banner-ads.acl
and /tank/squid/conf/denied-domains.acl
. For my setup, denied-domains.acl
only has the single entry:
The file `banner-ads.acl` has the contents of [this file][1], excerpted below:
`````Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from <a href="http://mkeadle.org/?p=14" target="_blank">this post</a> on <a href="http://mkeadle.org/" target="_blank">mkeadle.org</a> for the following ACL information. First, create the text files `/tank/squid/conf/banner-ads.acl` and `/tank/squid/conf/denied-domains.acl`. For my setup, `denied-domains.acl` only has the single entry:
````Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from <a href="http://mkeadle.org/?p=14" target="_blank">this post</a> on <a href="http://mkeadle.org/" target="_blank">mkeadle.org</a> for the following ACL information. First, create the text files `/tank/squid/conf/banner-ads.acl` and `/tank/squid/conf/denied-domains.acl`. For my setup, `denied-domains.acl` only has the single entry:
The file banner-ads.acl
has the contents of this file, excerpted below:
The last bit of config is to apply the contents of these files to acl rules, and generate an error for the user:
``````Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from <a href="http://mkeadle.org/?p=14" target="_blank">this post</a> on <a href="http://mkeadle.org/" target="_blank">mkeadle.org</a> for the following ACL information. First, create the text files `/tank/squid/conf/banner-ads.acl` and `/tank/squid/conf/denied-domains.acl`. For my setup, `denied-domains.acl` only has the single entry:
````Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from <a href="http://mkeadle.org/?p=14" target="_blank">this post</a> on <a href="http://mkeadle.org/" target="_blank">mkeadle.org</a> for the following ACL information. First, create the text files `/tank/squid/conf/banner-ads.acl` and `/tank/squid/conf/denied-domains.acl`. For my setup, `denied-domains.acl` only has the single entry:
````
The file `banner-ads.acl` has the contents of [this file][1], excerpted below:
`````Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from <a href="http://mkeadle.org/?p=14" target="_blank">this post</a> on <a href="http://mkeadle.org/" target="_blank">mkeadle.org</a> for the following ACL information. First, create the text files `/tank/squid/conf/banner-ads.acl` and `/tank/squid/conf/denied-domains.acl`. For my setup, `denied-domains.acl` only has the single entry:
````Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``Often, my home network projects come from things I'm currently involved with at work, or plan to be involved with soon. It's been suggested to me that once I finish the first round of the new monitoring platform I will be tasked with setting up some internal web proxy servers. I took an afternoon and figured out how to do this, and how to make it transparent on the network – even when the service is for some reason not responding properly. I'm also going to look at basic ACLs in squid, to allow and prevent specific networks and hosts from being services by the cache daemon. This will allow me to do things like block `about.com` and a host of banner ad servers.
I'm using squid as a proxy server – and it's just a few lines to setup for basic caching, and just a few more to get advertisement blocking thrown in for just a little processing time. The default squid confg file covers all the basic options you'll need – it's a matter of setting up the ACLs, creating the ZFS filesystems, and setting up the IP forwarding rules to make this a transparent proxy. I'll be covering the transparent proxy settings once I get the posts finished about running your own DHCP server, which allow you to put your own router address and DHCP options into the **DHCPOFFER** packets, and clean up my failover code, so if squid isn't running, users of the network can still get out to the web.
First, the ZFS configuration, assuming a pool named `tank`:
``
This creates the filesystems you need, with compression enabled where it counts. I'm getting 5.1:1 on the logs, and 1.2:1 on the cache itself. No point wasting disk space, right? In the `squid.conf` file, find the `cache_dir`, `access_log`, `cache_log` and `cache_store_log` directives, and modify them as follows:
```
This sets up a cache of 16 GB, and puts all logs into the compressed filesystem. I borrowed heavily from <a href="http://mkeadle.org/?p=14" target="_blank">this post</a> on <a href="http://mkeadle.org/" target="_blank">mkeadle.org</a> for the following ACL information. First, create the text files `/tank/squid/conf/banner-ads.acl` and `/tank/squid/conf/denied-domains.acl`. For my setup, `denied-domains.acl` only has the single entry:
````
The file `banner-ads.acl` has the contents of [this file][1], excerpted below:
The last bit of config is to apply the contents of these files to acl rules, and generate an error for the user:
``````
You will need to repeat this process for the denied-domains.acl
acl file. It’s best to keep them separate, so it’s easier to modify and debug things later.
Create the following new file, called $SQUIDROOT/squid/errors/English/NOTE_ADS_FILTERED
, from one of the other error message files. The name NOTE_ADS_FILTERED must match the error given in the deny_info
block above. Modify it suitably to let the user know the ad has been filtered, and you’re in business.
That pretty much wraps it up. To test, fire up squid, and point your web browser’s proxy to the squid server, port 33128. Browse around – checking to make sure that the banner ads you would usually see are replaced with the text you put into the NOTE_ADS_FILTERED
file, and that you can’t get to about.com, or any other site you have decided to put into your denied-domains.acl
WordPress Not-So-Automatic Upgrades
I’ve been trying to keep up with the WordPress 2.8.x releases. There’s even a handy feature in the admin panel telling you that an update has been released, and you need to upgrade. The 2.8.4 upgrade fixes a large security hole in WordPress, so I figured I shouldn’t wait to apply the fix.
Sadly, the built in ‘Automatic Upgrade’ fails to do, well, anything. It tells me that it’s “Downloading the file: wordpress-2.8.x.zip
” but never makes any progress. The fix, from the developers? Use the manual process. It works, and it’s not too much trouble, but I really would like the feature (which has never failed me for a plugin upgrade, by the way) to work properly for major releases. I’ve had to do this 4 times now, and I’ve gotten to the point where I’ve written a backup script just to handle the tedious task of backing up the database and wordpress directories. It’s attached to this post. Comments or questions, please let me know. Open source, GPL, yadda yadda yadda.
Goodbye Solaris Nevada, We Hardly Knew Ya
Sun seems to be finally simplifying the Solaris distribution landscape. There was OpenSolaris (the regular, twice yearly edition, all ‘free’ code), Solaris Express Community Edition (aka “Solaris Nevada”, build on some non-free stuff), Open Solaris Developer Edition, etc. Nevada was running mostly in parallel to Solaris 10 – standard packages and build structures. Stuff was being back ported from Nevada to Solaris 10, or side-loaded into OpenSolaris. OpenSolaris, on the other hand, was built on a newer packing system (IPS) and was trying to be more Ubuntu like. Better designed for the end user to pick up and actually… use. Of course, the end user hasn’t really been a focus of Sun’s for awhile – they stopped selling desktop SPARC workstations some time ago, and my guess is when Oracle finished the purchase, they’ll kill off Sun’s X86 workstations that make Apple’s Mac Pro’s look like a bargin.
I’m rambling. The news is – Sun is getting rid of the Nevada style builds. They are moving all their development efforts into OpenSolaris builds, and will still release on a two week cycle, with major releases every 6 months. This means the best way to get your hands on the most recent COMSTAR, ZFS, DTrace or CIFS server bits will be to go the OpenSolaris route, and set your package manager to ‘development’.
The end result for me – I’m going to have to go in and upgrade my Solaris Nevada boxes (both running b101) to OpenSolaris. I’m reluctant to do this, mostly because I’m comfortable with what I’m running, but this is the future. Sun has told us that the next version of Solaris will look very much like OpenSolaris. That future seems bright to me.
Hosts File
I’m actually not using a hosts file, as implied by my last entry. I’m using squid as a web proxy server for my home network. One of the nice things that it does for me is allow me to setup a blacklist for unwanted domains. I don’t use this to block the usual ‘adult’ content or political speech like so many large organizations do – I use it as an advertisment blocker. I also block domains that consistently irritate me – mostly about.com
. I need to craft a web cgi tool to allow my wife to block and unblock things without editing configuration files.
Rupert Murdoch, Troll
Rupert Murdoch is quickly moving into the space usually reserved for Jack Thompson, Michael Arrington, and the Internet Tough Guy.
Murdoch has decided the Internet is broken, because it breaks part of his outdated business model. It breaks it so badly, that revenues are down considerably year on year, and he intends to put up a ‘paywall’ around all his news sites. This includes the Wall Street Journal and the Down Jones publications. No word if he will extend it to sites like IGN – which is a news site, but not in the traditional sense, but it is part of his media empire.
To add insult to injory, he wants subscriber information from Kindle users. It seems that he’s not really gotten clued into the fact that the users of the internet will just… go somewhere else. Part of me is excited to see him push for all these silly things, and then watch his revenue streams fall apart even faster.
My solution to these problems: add the sites to your hosts file as follows (just below your entry blocking about.com
):
``Rupert Murdoch is quickly moving into the space usually reserved for Jack Thompson, Michael Arrington, and the Internet Tough Guy.
Murdoch has decided the Internet is broken, because it breaks part of his outdated business model. It breaks it so badly, that revenues are down considerably year on year, and he intends to put up a ‘paywall’ around all his news sites. This includes the Wall Street Journal and the Down Jones publications. No word if he will extend it to sites like IGN – which is a news site, but not in the traditional sense, but it is part of his media empire.
To add insult to injory, he wants subscriber information from Kindle users. It seems that he’s not really gotten clued into the fact that the users of the internet will just… go somewhere else. Part of me is excited to see him push for all these silly things, and then watch his revenue streams fall apart even faster.
My solution to these problems: add the sites to your hosts file as follows (just below your entry blocking about.com
):
``
A Smashing Good Time
My uncle Peter was in town recently, and he suggested that we (the extended family and some friends) should visit Alamogordo, New Mexico on the first Saturday of either April or October. Those are the two days each year that the Trinity Test Site on the White Sands Proving Grounds opens to the public. There is something about being able to go to ground zero for the first successful nuclear test that piques my interest. That, and being able to see sand that has been fused into glass by a nuclear weapon.
Anyone interested?
Sometimes I’m Ashamed
My generation keeps whining about how the baby boomers are keeping all the good jobs by not retiring, how they aren’t able to succeed because they are paying for health care, etc etc etc… and then we have this. A student who sues the university she attended for not being able to find her a job in the three months after she graduated. Bear in mind that this is one of the worst job markets in 40 years. This appears to be an extension or logical extreme of ‘helicopter parent’ meme that has been circulating recently – the parent that calls a company after their son or daughter has an interview to try to ‘help’ their child gain employment, or argues with a college professor about the grade that was assigned for a project. The children get accustomed to this kind of behavior, and come to expect that when there’s a problem, the person who has been providing for them needs to take care of the problem. What happened to the idea of being self-reliant? Solving one’s own problems? Accepting responsibility for one’s actions?
Newer Posts | Home | Older Posts