Pejman Moghadam / Slackware

Slackware 13.1 64bit - Installing TPROXY Squid in bridge mode (with epkg)

Public domain


encap epkg

original download link

cd /usr/src/
wget -c http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/epkg-2.3.9.tar.gz
tar zxf epkg-2.3.9.tar.gz
cd epkg-2.3.9
./configure --with-encap-target=/
make && make install
groupadd install
useradd -g install -m -s /bin/bash install
passwd -l install
chown install:install /usr/src  /usr/local/encap
chown -R install:install /usr/local/encap

ebtables

original download link

cd /usr/src
wget -c http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/ebtables-v2.0.9-2.tar.gz 
su - install
cd /usr/src
tar xf ebtables-v2.0.9-2.tar.gz
cd ebtables-v2.0.9-2
make
sed -ie 's,-o root -g root,,' Makefile
mkdir -p /usr/local/encap/ebtables-v2.0.9-2/etc/rc.d/init.d/
mkdir -p /usr/local/encap/ebtables-v2.0.9-2/etc/sysconfig/ 
make install DESTDIR=/usr/local/encap/ebtables-v2.0.9-2
cd /usr/local/encap/ebtables-v2.0.9-2/
mv usr/local/man/ usr/
cd /usr/local/encap/
mkencap ebtables-v2.0.9-2/
logout
cd /usr/local/encap/
epkg ebtables-v2.0.9-2

Prepare kernel source (2.6.33.4)

cd /usr/src
wget -c "http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.33.4.tar.bz2"
rm -rf linux-2.6.33.4
tar xf linux-2.6.33.4.tar.bz2
ln -sfn linux-2.6.33.4 linux
cd linux-2.6.33.4
make mrproper
cp /boot/config .
make oldconfig
make all
make modules_install

ipset installation

original download link

cd /usr/src
wget -c http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/ipset-4.5.tar.bz2
tar xf ipset-4.5.tar.bz2
cd ipset-4.5
make KERNEL_DIR=/usr/src/linux-2.6.33.4
make KERNEL_DIR=/usr/src/linux-2.6.33.4 install
make KERNEL_DIR=/usr/src/linux-2.6.33.4 clean

libecap

cd /usr/src
wget -c "http://www.measurement-factory.com/tmp/ecap/libecap-0.0.3.tar.gz"
su - install
cd /usr/src
tar xf libecap-0.0.3.tar.gz
cd libecap-0.0.3
./configure && make
make install DESTDIR=/usr/local/encap/libecap-0.0.3
cd /usr/local/encap/
mkencap libecap-0.0.3/
logout
cd /usr/local/encap/
epkg libecap-0.0.3
ldconfig

squid-ecap-gzip

cd /usr/src
wget -c "http://squid-ecap-gzip.googlecode.com/files/squid-ecap-gzip-1.2.0.tar.gz"
su - install
cd /usr/src
tar xf squid-ecap-gzip-1.2.0.tar.gz
cd squid-ecap-gzip
./configure && make
make install DESTDIR=/usr/local/encap/squid-ecap-gzip-1.2.0
cd /usr/local/encap/
mkencap squid-ecap-gzip-1.2.0/
logout
cd /usr/local/encap/
epkg squid-ecap-gzip-1.2.0
ldconfig
libtool --finish /usr/local/lib

squid-3.1.10

cd /usr/src
wget -c "http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.10.tar.gz" 
tar xf squid-3.1.10.tar.gz
cd squid-3.1.10
ulimit -HSn 16384
ulimit -HSd unlimited
./configure \
  --prefix=/usr/local/squid \
  --enable-forward-log \
  --enable-follow-x-forwarded-for \
  --enable-snmp \
  --enable-linux-netfilter \
  --enable-http-violations \
  --enable-delay-pools \
  --enable-storeio=diskd,aufs,ufs \
  --with-large-files \
  --enable-large-cache-files \
  --with-filedescriptors=16384 \
  --enable-async-io=128 \
  --enable-removal-policies=lru,heap \
  --enable-useragent-log \
  --enable-referer-log \
  --enable-err-languages=English \
  --enable-default-err-language=English \
  --enable-zph-qos \
  --enable-ecap \
&& make && make install
cp /usr/local/squid/etc/squid.conf{,.bak}

/usr/local/squid/etc/squid.conf

# Minimum ACL configuration
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port  443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Protect innocent web applications running on the
# proxy server who think the only one who can access
# services on "localhost" is a local user
http_access deny to_localhost

# Clients access rules
acl localnet src 172.16.20.0/24
http_access allow localnet
http_access allow localhost

# Finally deny all other access to this proxy
http_access deny all

# Deny all ICP requests to this proxy
icp_access deny all

# Deny all HTCP requests to this proxy
htcp_access deny all

# Squid normall listener
#http_port 3128 tcpkeepalive=60,10,6
http_port 3128

# TPROXY spoof listener
#http_port 3129 tproxy tcpkeepalive=60,10,6
http_port 3129 tproxy

# Override /etc/resolv.conf
dns_nameservers 8.8.8.8

# Protect dynamic content
hierarchy_stoplist cgi-bin ? dll aspx

# Cache memory should be at most half of RAM size in MB
cache_mem 10000 MB

# These objects should be kept in memory
maximum_object_size_in_memory 20 KB

# Which objects are replaced when memory space is needed
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA

# Disk swap directories
cache_dir aufs /cache/1 153600 512 2048
cache_dir aufs /cache/2 153600 512 2048
cache_dir aufs /cache/3 153600 512 2048
cache_dir aufs /cache/4 153600 512 2048
cache_dir aufs /cache/5 153600 512 2048
cache_dir aufs /cache/6 153600 512 2048
cache_dir aufs /cache/7 153600 512 2048
cache_dir aufs /cache/8 153600 512 2048

# These objects should be kept on hard disk
maximum_object_size 65536 KB

# Water marks for cache object replacement
cache_swap_high 95
cache_swap_low 93

# Logfile format
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt

# Access log address
access_log /usr/local/squid/var/logs/access.log squid

# Number of old logfiles
logfile_rotate 0

# Watchdog configs
acl watchdog src 80.191.194.17
log_access deny watchdog

# Leave coredumps in the first cache dir
coredump_dir /cache/1

# Continues downloading abort
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 98

# Time-to-Live for failed requests
negative_ttl 3 minutes

# How log shuold cache positive DNS responses
positive_dns_ttl 1 hours

# Maximum size for HTTP headers
request_header_max_size 100 KB

# Shutdown pending time
shutdown_lifetime 15 seconds

# Administrator
cache_mgr Pejman_Moghadam@yahoo.com

# Hostname
visible_hostname CacheServer

# Don't show version in error pages
httpd_suppress_version_string on

# Costume error pages
#error_directory /usr/local/squid/share/errors/mine/

# SNMP settings for MRTG access
acl mrtg src 172.16.20.1 127.0.0.1
acl snmppublic snmp_community public
snmp_access allow snmppublic mrtg
snmp_access deny all
snmp_port 3401

# Inter Cache Communication Protocol
icp_port 0

# Hyper Text Caching Protocol discovery
htcp_port 0

# Water marks for the IP cache
ipcache_size 40960
ipcache_high 95
ipcache_low 90

# Parallel requests from a pipeline.
pipeline_prefetch on

# Close immediately half-closed connections
half_closed_clients off

# Transparent Headers
forwarded_for transparent
via off

# Mark HIT packets
qos_flows local-hit=0x30

# Purge: squidclient -m PURGE http://www.google.com
acl purge method PURGE
http_access allow purge localhost
http_access deny purge

# Web Services workaround
ignore_expect_100 on

# Maximum connection limit of single client IP
#client_ip_max_connections -1

# eCAP Gzip (UNSTABLE)
#ecap_enable on
#ecap_service gzip_service respmod_precache 0 ecap://www.vigos.com/ecap_gzip
#loadable_modules /usr/local/lib/ecap_adapter_gzip.so
#acl GZIP_HTTP_STATUS http_status 200
#adaptation_access gzip_service allow GZIP_HTTP_STATUS

# Refresh patterns (refresh-ims)
# Image files
refresh_pattern -i \.png$                10080   90%     43200
refresh_pattern -i \.gif$                10080   90%     43200
refresh_pattern -i \.jpg$                10080   90%     43200
refresh_pattern -i \.jpeg$               10080   90%     43200
refresh_pattern -i \.bmp$                10080   90%     43200
refresh_pattern -i \.tif$                10080   90%     43200
refresh_pattern -i \.tiff$               10080   90%     43200

# Compressed files
refresh_pattern -i \.zip$                10080   90%     43200
refresh_pattern -i \.rar$                10080   90%     43200
refresh_pattern -i \.tar$                10080   90%     43200
refresh_pattern -i \.gz$                 10080   90%     43200
refresh_pattern -i \.tgz$                10080   90%     43200
refresh_pattern -i \.z$                  10080   90%     43200
refresh_pattern -i \.arj$                10080   90%     43200
refresh_pattern -i \.lha$                10080   90%     43200
refresh_pattern -i \.lzh$                10080   90%     43200

# Binary files
refresh_pattern -i \.exe$                10080   90%     43200
refresh_pattern -i \.msi$                10080   90%     43200

# Multimedia files
refresh_pattern -i \.mp3$                10080   90%     43200
refresh_pattern -i \.wav$                10080   90%     43200
refresh_pattern -i \.mid$                10080   90%     43200
refresh_pattern -i \.midi$               10080   90%     43200
refresh_pattern -i \.ram$                10080   90%     43200
refresh_pattern -i \.ra$                 10080   90%     43200
refresh_pattern -i \.mov$                10080   90%     43200
refresh_pattern -i \.avi$                10080   90%     43200
refresh_pattern -i \.wmv$                10080   90%     43200
refresh_pattern -i \.mpg$                10080   90%     43200
refresh_pattern -i \.mpeg$               10080   90%     43200
refresh_pattern -i \.swf$                10080   90%     43200

# Document files
refresh_pattern -i \.pdf$                10080   90%     43200
refresh_pattern -i \.ps$                 10080   90%     43200
refresh_pattern -i \.doc$                10080   90%     43200
refresh_pattern -i \.ppt$                10080   90%     43200
refresh_pattern -i \.pps$                10080   90%     43200

# Default patterns
refresh_pattern ^ftp:                    1440    20%     10080
refresh_pattern ^gopher:                 1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?)        0       0%      0
refresh_pattern .                        0       20%     4320

/etc/rc.d/rc.squid

#!/bin/bash
#
# /etc/rc.d/rc.squid
#
PIDFILE="/usr/local/squid/var/run/squid.pid"
TIMEOUT=60

start()
{
  echo -n 'Starting TPROXY Squid . . . '

  PROCESS=$(ps -A | egrep ' squid$')
  if [ "$PROCESS" == "" ]; then
    if [ -f ${PIDFILE} ] ; then
      rm ${PIDFILE}
    fi
  fi
  ulimit -HSn 16384
  ulimit -HSd unlimited
  /usr/local/squid/sbin/squid

  echo "Ok"
}

stop()
{
  echo 'Stoping TPROXY Squid'

  /usr/local/squid/sbin/squid -k shutdown
  TIME=0
  while [ "$TIME" != "$TIMEOUT" ] ; do
    TIME=$(( $TIME + 1 ))
    echo -n $TIME
    if [ "$(pgrep '^squid$')" == "" ]; then
      if [ -f ${PIDFILE} ] ; then
        rm ${PIDFILE}
      fi
      break
    else
      echo -n "."
    fi
    sleep 1
  done
  echo ".Ok"
}

case "$1" in
  'start')
    start
    ;;

  'stop')
    stop
    ;;

  'restart')
    stop
    start
    ;;

  'rotate')
    echo -n 'Rotating TPROXY Squid log files . . . '
    /usr/local/squid/sbin/squid -k rotate
    echo "Ok"
    ;;

  *)
    echo "usage $0 start|stop|restart|rotate"
    ;;

esac

/root/scripts/bridge.sh

#!/bin/bash
PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin"
ifconfig eth0 0.0.0.0 txqueuelen 5000
ifconfig eth1 0.0.0.0 txqueuelen 5000
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 172.16.20.2 netmask 255.255.255.240 txqueuelen 5000
route add default gw 172.16.20.1
for F in /proc/sys/net/bridge/* ;do echo 1 > $F;echo $F;cat $F; done
ip route flush cache

/root/scripts/cache-redirect.sh

#!/bin/bash
PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin"
INTIF="eth1"
EXTIF="eth0"

# Network1
CLIENTS="$CLIENTS 172.16.20.0/24"

# Network2
CLIENTS="$CLIENTS 10.20.10.0/24"

# User1
EXCLUDES="$EXCLUDES 172.16.20.100"

# User2
EXCLUDES="$EXCLUDES 10.20.10.50"

# Static routes
route add -net    172.16.20.0/28      gw 192.168.10.10
route add -net    10.20.10.0/24       gw 192.168.10.100

# Flush table
ebtables -t broute -F

# ExCLUDES
for NET in $EXCLUDES; do
  ebtables -t broute -I BROUTING -p ipv4 --ip-src $NET -j ACCEPT
  ebtables -t broute -I BROUTING -p ipv4 --ip-dst $NET -j ACCEPT
done

# Cache redirect
for IP in $CLIENTS; do
  ebtables -t broute -A BROUTING -i ${INTIF} -p ipv4 --ip-src ${IP} --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP
  ebtables -t broute -A BROUTING -i ${EXTIF} -p ipv4 --ip-dst ${IP} --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP
done

/root/scripts/stop-cache-redirect.sh

#!/bin/bash
ebtables -t broute -F
ebtables -t broute -L --Lc --Ln

/root/scripts/filedescriptors.sh

#!/bin/bash
MAX="2000"
WEBREDIR="172.16.20.1:8000"
PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin"

# Delete previous mangle rules
while :; do
  NUM=$(iptables -t mangle -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
  if [ "${NUM}" == "" ]; then break; fi
  iptables -t mangle -D PREROUTING ${NUM}
done

# Delete previous nat rules
while :; do
  NUM=$(iptables -t nat    -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
  if [ "${NUM}" == "" ]; then break; fi
  iptables -t nat -D PREROUTING ${NUM}
done

# Delete previous ipset rules
ipset -F
ipset -X

# Add new rules
ipset -N virus-redirect iptree --timeout 60
iptables -t mangle -I PREROUTING -m set --match-set virus-redirect src -j ACCEPT
iptables -t nat -I PREROUTING -m set --match-set virus-redirect src -p tcp --dport 80 --j DNAT --to ${WEBREDIR} 

# Searching for bad users forever
sleep 5
while :; do
  /usr/local/squid/bin/squidclient mgr:filedescriptors > filedescriptors.squid
  tail -n +14 filedescriptors.squid |\
    awk '{print$6}' |\
    sed -e 's,:.*,,' |\
    sort | uniq -c | sort | tail -100 > filedescriptors.tmp
  COUNT=$(cat filedescriptors.tmp | wc -l)
  for I in $(seq  1 $COUNT); do
    LINE=$(tail -$I filedescriptors.tmp | head -1)
    NUM=$(echo $LINE | awk '{print$1}')
    IP=$(echo $LINE | awk '{print$2}')
    if [ "$NUM" -ge "$MAX" ]; then
      NOW=$(date +"%F %T")
      printf "%s : %5d %s\n" "$NOW" "$NUM" "$IP"
      ipset -q -A virus-redirect $IP
    fi
  done
  rm -f filedescriptors.squid filedescriptors.tmp
  sleep 1
done

/etc/rc.d/rc.local

# Bridge
/root/scripts/bridge.sh

# use less swap memory
echo 50 > /proc/sys/vm/swappiness
# tcp keep alive tuning
#echo 60 >  /proc/sys/net/ipv4/tcp_keepalive_time
#echo 10 > /proc/sys/net/ipv4/tcp_keepalive_intvl
#echo 6 >  /proc/sys/net/ipv4/tcp_keepalive_probes
echo 65000 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1024 65000 > /proc/sys/net/ipv4/ip_local_port_range
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
echo 33554432 > /proc/sys/net/core/rmem_max
echo 33554432 > /proc/sys/net/core/wmem_max
echo 4096 87380 33554432 > /proc/sys/net/ipv4/tcp_rmem
echo 4096 87380 33554432 > /proc/sys/net/ipv4/tcp_wmem
echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save
echo 3000 > /proc/sys/net/core/netdev_max_backlog
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 256960 > /proc/sys/net/core/rmem_default
echo 256960 > /proc/sys/net/core/wmem_default
echo 524288 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle

# Start TPROXY Squid Cache Server:
if [ -x /etc/rc.d/rc.squid ]; then
  /etc/rc.d/rc.squid start
fi

# TPROXY Divert
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129

# TPROXY Route
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

# Divert
/root/scripts/cache-redirect.sh

# File descriptor check
/usr/bin/env SCREENDIR="/root/.screen" /usr/bin/screen -dmS descriptors \
  /root/scripts/filedescriptors.sh

/etc/rc.d/rc.local_shutdown

#!/bin/bash
# Stop TPROXY Squid Cache server:
if [ -x /etc/rc.d/rc.squid ]; then
  /etc/rc.d/rc.squid stop
fi

/etc/logrotate.d/squid

/usr/local/squid/var/logs/access.log {
  daily
  rotate 186
  start 1
  copytruncate
  compress
  compresscmd /usr/bin/bzip2
  compressext .bz2
  compressoptions -sq9
  dateext
  notifempty
  missingok
}

/usr/local/squid/var/logs/cache.log /usr/local/squid/var/logs/store.log {
  daily
  rotate 31
  start 1
  copytruncate
  compress
  compresscmd /usr/bin/bzip2
  compressext .bz2
  compressoptions -sq9
  dateext
  notifempty
  missingok
  sharedscripts
  postrotate
    /usr/local/squid/sbin/squid -k rotate
  endscript
}

Partitions & memory

# cat /etc/fstab

/dev/cciss/c0d0p1 swap             swap        defaults         0   0
/dev/cciss/c0d0p5 /                reiserfs    defaults         1   1
/dev/cdrom        /mnt/cdrom       auto        noauto,owner,ro  0   0
/dev/fd0          /mnt/floppy      auto        noauto,owner     0   0
devpts            /dev/pts         devpts      gid=5,mode=620   0   0
proc              /proc            proc        defaults         0   0
tmpfs             /dev/shm         tmpfs       defaults         0   0
/dev/cciss/c0d0p6 /usr/local/squid/var/logs reiserfs noatime,notail 1   2
/dev/cciss/c0d0p7 /cache/1         reiserfs    noatime,notail       1   2
/dev/cciss/c0d1p1 /cache/2         reiserfs    noatime,notail       1   2
/dev/cciss/c0d2p1 /cache/3         reiserfs    noatime,notail       1   2
/dev/cciss/c0d3p1 /cache/4         reiserfs    noatime,notail       1   2
/dev/cciss/c0d4p1 /cache/5         reiserfs    noatime,notail       1   2
/dev/cciss/c0d5p1 /cache/6         reiserfs    noatime,notail       1   2
/dev/cciss/c0d6p1 /cache/7         reiserfs    noatime,notail       1   2
/dev/cciss/c0d7p1 /cache/8         reiserfs    noatime,notail       1   2

# df -h

Filesystem            Size  Used Avail Use% Mounted on
/dev/root              31G  7.8G   23G  26% /
tmpfs                  18G     0   18G   0% /dev/shm
/dev/cciss/c0d0p6      41G  1.8G   39G   5% /usr/local/squid/var/logs
/dev/cciss/c0d0p7     205G   55G  150G  27% /cache/1
/dev/cciss/c0d1p1     280G   55G  225G  20% /cache/2
/dev/cciss/c0d2p1     280G   55G  225G  20% /cache/3
/dev/cciss/c0d3p1     280G   55G  225G  20% /cache/4
/dev/cciss/c0d4p1     280G   55G  225G  20% /cache/5
/dev/cciss/c0d5p1     280G   55G  225G  20% /cache/6
/dev/cciss/c0d6p1     280G   55G  225G  20% /cache/7
/dev/cciss/c0d7p1     280G   55G  225G  20% /cache/8

# free -m

             total       used       free     shared    buffers     cached
Mem:         36168      19907      16260          0       1688        402
-/+ buffers/cache:      17817      18351
Swap:         5123         10       5113

First time lunch

mkdir /usr/local/squid/var/cache
mkdir -p /cache/{1,2,3,4}
chown -R nobody:nobody /cache
chown -R nobody:nobody /usr/local/squid/var/logs
chmod +x /etc/rc.d/rc.local_shutdown
chmod +x /etc/rc.d/rc.squid
chmod +x /root/scripts/bridge.sh
chmod +x /root/scripts/cache-redirect.sh
chmod +x /root/scripts/stop-cache-redirect.sh
chmod +x /root/scripts/filedescriptors.sh 
/usr/local/squid/sbin/squid -z
/etc/rc.d/rc.squid start

MRTG installation

cd /usr/src
wget -c "http://oss.oetiker.ch/mrtg/pub/mrtg-2.17.0.tar.gz"
tar xf mrtg-2.17.0.tar.gz
cd mrtg-2.17.0
./configure && make && make install
mkdir /usr/local/mrtg-2/etc

/usr/local/sbin/mrtg-reconfigure.sh

#!/bin/bash

##### localhost #####
CFG="/usr/local/mrtg-2/etc/mrtg.cfg"
WRK="/var/www/htdocs/mrtg"
SNMP="publicpublic@127.0.0.1"

/usr/local/mrtg-2/bin/cfgmaker  \
  --ifref=name --ifdesc=name    \
  --global "Options[_]: bits"   \
  --global "kilo[_]: 1024"      \
  --global "WorkDir: ${WRK}" \
  --output=${CFG}   \
  ${SNMP}
/usr/local/mrtg-2/bin/indexmaker ${CFG} > ${WRK}/index.html
/bin/sed -i -e 's,</td><td>,,' ${WRK}/index.html
/usr/local/mrtg-2/bin/mrtg ${CFG}

/usr/local/mrtg-2/etc/save.cfg

EnableIPv6: no
Options[_]: bits
kilo[_]: 1024
WorkDir: /var/www/htdocs/save

Target[save]: -#eth0:publicpublic@127.0.0.1 - #eth1:publicpublic@127.0.0.1
MaxBytes[save]: 1250000
Title[save]: Squid Bandwidth Save
PageTop[save]: <h1>Squid Bandwidth Save</h1>

/usr/local/mrtg-2/etc/squid.cfg

## http://wiki.squid-cache.org/Features/Snmp
#snmpwalk -m ALL -v 1 -c public 127.0.0.1:3401 cacheUptime
#LoadMIBs: /usr/share/snmp/mibs/squid-mib.txt
LoadMIBs: /usr/local/squid/share/mib.txt
workdir: /var/www/htdocs/squid

Target[cacheCpuUsage]: cacheCpuUsage&cacheCpuUsage:public@127.0.0.1:3401
Title[cacheCpuUsage]: CPU Usage
PageTop[cacheCpuUsage]: <H1>CPU Usage</H1>
MaxBytes[cacheCpuUsage]: 100
AbsMax[cacheCpuUsage]: 100
Colours[cacheCpuUsage]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheCpuUsage]:%
YLegend[cacheCpuUsage]: usage %
Legend1[cacheCpuUsage]: cacheCpuUsage
LegendI[cacheCpuUsage]: CPU Usage
Legend2[cacheCpuUsage]:
LegendO[cacheCpuUsage]:
Options[cacheCpuUsage]: absolute, gauge, noinfo, nopercent
Unscaled[cacheCpuUsage]: dwmy

Target[cacheSysPageFaults]: cacheSysPageFaults&cacheSysPageFaults:public@127.0.0.1:3401
Title[cacheSysPageFaults]: cacheSysPageFaults
PageTop[cacheSysPageFaults]: <H1>cacheSysPageFaults</H1>
MaxBytes[cacheSysPageFaults]: 1000000000
Colours[cacheSysPageFaults]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheSysPageFaults]: cacheSysPageFaults
YLegend[cacheSysPageFaults]: YLegend
Legend1[cacheSysPageFaults]: Legend1
LegendI[cacheSysPageFaults]: LegendI
Legend2[cacheSysPageFaults]: Legend2
LegendO[cacheSysPageFaults]: LegendO
Options[cacheSysPageFaults]: nopercent

Target[cacheHttpAllSvcTime]: cacheHttpAllSvcTime.5&cacheHttpAllSvcTime.60:public@127.0.0.1:3401
Title[cacheHttpAllSvcTime]: HTTP Service Time
PageTop[cacheHttpAllSvcTime]: <H1>HTTP Service Time</H1>
MaxBytes[cacheHttpAllSvcTime]: 1000000000
Colours[cacheHttpAllSvcTime]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheHttpAllSvcTime]: ms
YLegend[cacheHttpAllSvcTime]: svc time (ms)
Legend1[cacheHttpAllSvcTime]: cacheHttpAllSvcTime.5
LegendI[cacheHttpAllSvcTime]: Median Svc Time (5min)&nbsp;
Legend2[cacheHttpAllSvcTime]: cacheHttpAllSvcTime.60
LegendO[cacheHttpAllSvcTime]: Median Svc Time (60min)&nbsp;
Options[cacheHttpAllSvcTime]: gauge, nopercent

Target[cacheDnsSvcTime]: cacheDnsSvcTime.5&cacheDnsSvcTime.60:public@127.0.0.1:3401
Title[cacheDnsSvcTime]: DNS Service Time
PageTop[cacheDnsSvcTime]: <H1>DNS Service Time</H1>
MaxBytes[cacheDnsSvcTime]: 3000
Colours[cacheDnsSvcTime]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheDnsSvcTime]: ms
YLegend[cacheDnsSvcTime]: svc time (ms)
Legend1[cacheDnsSvcTime]: cacheDnsSvcTime.5
LegendI[cacheDnsSvcTime]: Median Svc Time (5min)&nbsp;
Legend2[cacheDnsSvcTime]: cacheDnsSvcTime.60
LegendO[cacheDnsSvcTime]: Median Svc Time (60min)&nbsp;
Options[cacheDnsSvcTime]: gauge, nopercent

Target[cacheServerRequests-cacheServerErrors]: cacheServerRequests&cacheServerErrors:public@127.0.0.1:3401 * 60
Title[cacheServerRequests-cacheServerErrors]: Server Requests/Errors
PageTop[cacheServerRequests-cacheServerErrors]: <H1>Server Requests / Server Errors</H1>
MaxBytes[cacheServerRequests-cacheServerErrors]: 1000000000
Colours[cacheServerRequests-cacheServerErrors]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheServerRequests-cacheServerErrors]: req/min
YLegend[cacheServerRequests-cacheServerErrors]: requests/min
Legend1[cacheServerRequests-cacheServerErrors]: cacheServerRequests
LegendI[cacheServerRequests-cacheServerErrors]: all
Legend2[cacheServerRequests-cacheServerErrors]: cacheServerErrors
LegendO[cacheServerRequests-cacheServerErrors]: err
Options[cacheServerRequests-cacheServerErrors]: nopercent

Target[cacheProtoClientHttpRequests-cacheHttpHits]: cacheProtoClientHttpRequests&cacheHttpHits:public@127.0.0.1:3401 * 60
Title[cacheProtoClientHttpRequests-cacheHttpHits]: Client Requests/Hits
PageTop[cacheProtoClientHttpRequests-cacheHttpHits]: <H1> Client Http Requests / Http Hits</H1>
MaxBytes[cacheProtoClientHttpRequests-cacheHttpHits]: 1000000000
Colours[cacheProtoClientHttpRequests-cacheHttpHits]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheProtoClientHttpRequests-cacheHttpHits]: req/min
YLegend[cacheProtoClientHttpRequests-cacheHttpHits]: requests/min
Legend1[cacheProtoClientHttpRequests-cacheHttpHits]: cacheProtoClientHttpRequests
LegendI[cacheProtoClientHttpRequests-cacheHttpHits]: all
Legend2[cacheProtoClientHttpRequests-cacheHttpHits]: cacheHttpHits
LegendO[cacheProtoClientHttpRequests-cacheHttpHits]: hit
Options[cacheProtoClientHttpRequests-cacheHttpHits]: nopercent

Target[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: cacheCurrentFileDescrCnt&cacheCurrentUnusedFDescrCnt:public@127.0.0.1:3401
Title[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: File descriptors used/available
PageTop[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: <H1>File descriptors used/available</H1>
MaxBytes[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: 1000000000
Colours[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: FDs
YLegend[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: # of FDs
Legend1[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: cacheCurrentFileDescrCnt
LegendI[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: Used
Legend2[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: cacheCurrentUnusedFDescrCnt
LegendO[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: Available
Options[cacheCurrentFileDescrCnt-cacheCurrentUnusedFDescrCnt]: gauge, nopercent

Target[cacheMemUsage]: ( cacheMemUsage&cacheMemUsage:public@127.0.0.1:3401 > 0 ? cacheMemUsage&cacheMemUsage:public@127.0.0.1:3401 * 1024 : cacheMemUsage&cacheMemUsage:public@127.0.0.1:3401 * 1024 + 4294967296 )
Title[cacheMemUsage]: Memory Usage
PageTop[cacheMemUsage]: <H1>Memory Usage</H1>
MaxBytes[cacheMemUsage]: 10000000000
Colours[cacheMemUsage]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheMemUsage]: Bytes
YLegend[cacheMemUsage]: Bytes
Legend1[cacheMemUsage]: cacheMemUsage
LegendI[cacheMemUsage]: Mem Usage
Legend2[cacheMemUsage]:
LegendO[cacheMemUsage]:
Options[cacheMemUsage]: gauge, nopercent

Target[cacheNumObjCount]: cacheNumObjCount&cacheNumObjCount:public@127.0.0.1:3401
Title[cacheNumObjCount]: Stored Objects
PageTop[cacheNumObjCount]: <H1>Stored Objects</H1>
MaxBytes[cacheNumObjCount]: 1000000000
Colours[cacheNumObjCount]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheNumObjCount]: Objects
YLegend[cacheNumObjCount]: Objects
Legend1[cacheNumObjCount]: cacheNumObjCount
LegendI[cacheNumObjCount]: Stored Objects
Legend2[cacheNumObjCount]:
LegendO[cacheNumObjCount]:
Options[cacheNumObjCount]: gauge, nopercent

Target[cacheClients]: cacheClients&cacheClients:public@127.0.0.1:3401
Title[cacheClients]: Number Of Clients
PageTop[cacheClients]: <H1>Number Of Clients</H1>
MaxBytes[cacheClients]: 1000000000
Colours[cacheClients]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheClients]: Clients
YLegend[cacheClients]: Clients
Legend1[cacheClients]: cacheClients
LegendI[cacheClients]: Number Of Clients
Legend2[cacheClients]:
LegendO[cacheClients]:
Options[cacheClients]: gauge, nopercent

Target[cacheIpEntries]: cacheIpEntries&cacheIpEntries:public@127.0.0.1:3401
Title[cacheIpEntries]: IP Cache Entries
PageTop[cacheIpEntries]: <H1>IP Cache Entries</H1>
MaxBytes[cacheIpEntries]: 1000000000
Colours[cacheIpEntries]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheIpEntries]: Entries
YLegend[cacheIpEntries]: Entries
Legend1[cacheIpEntries]: cacheIpEntries
LegendI[cacheIpEntries]: IP Cache Entries
Legend2[cacheIpEntries]:
LegendO[cacheIpEntries]:
Options[cacheIpEntries]: gauge, nopercent

Target[cacheRequestHitRatio]: cacheRequestHitRatio.5&cacheRequestHitRatio.60:public@127.0.0.1:3401
Title[cacheRequestHitRatio]: HIT Ratio
PageTop[cacheRequestHitRatio]: <H1>HIT Ratio</H1>
MaxBytes[cacheRequestHitRatio]: 1000000000
Colours[cacheRequestHitRatio]: YELLOW#F9C000,RED#F90000,DARKGREEN#006600,VIOLET#FF00FF
ShortLegend[cacheRequestHitRatio]: ms
YLegend[cacheRequestHitRatio]: svc time (ms)
Legend1[cacheRequestHitRatio]: cacheRequestHitRatio.5
LegendI[cacheRequestHitRatio]: Median Svc Time (5min)&nbsp;
Legend2[cacheRequestHitRatio]: cacheRequestHitRatio.60
LegendO[cacheRequestHitRatio]: Median Svc Time (60min)&nbsp;
Options[cacheRequestHitRatio]: gauge, nopercent

MRTG lunch

chmod +x /usr/local/sbin/mrtg-reconfigure.sh
mkdir -p /var/www/htdocs/mrtg
mkdir -p /var/www/htdocs/squid
mkdir -p /var/www/htdocs/save
/usr/local/mrtg-2/bin/indexmaker /usr/local/mrtg-2/etc/squid.cfg > /var/www/htdocs/squid/index.html
/usr/local/mrtg-2/bin/indexmaker /usr/local/mrtg-2/etc/save.cfg > /var/www/htdocs/save/index.html

crontab -e

*/5 * * * * /usr/local/sbin/mrtg-reconfigure.sh &> /dev/null
*/5 * * * * /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/etc/squid.cfg &> /dev/null
*/5 * * * * /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/etc/save.cfg &> /dev/null

Transparency Test Script

http://devel.squid-cache.org/cgi-bin/test


Bookmarks

http://onlamp.com/pub/a/onlamp/2005/11/17/tcp_tuning.html?page=2
http://fasterdata.es.net/TCP-tuning//linux.html
http://fasterdata.es.net/TCP-tuning//TCP-tuning.html


BY: Pejman Moghadam
TAG: squid, tproxy, bridge, epkg, ebtables, ipset, ecap, filedescriptor, mrtg, fstab
DATE: 2011-01-02 01:17:23


Pejman Moghadam / Slackware [ TXT ]