Use squid to implement proxy Internet access and Billing

Redhat9 is installed with squid2.5 by default. If it is not installed beforehand, you can download tar to install it.
1. Set squid
VI/etc/squid. conf
Http_port 3128 --------------- this is the port on which squid listens. The default value is
Cache_mem 16 MB ----------- according to Squid's official website, 16 Mb is the best, and I have never tried
Cache_swap_low 75
Cache_swap_high 85 ------- this function is better, meaning that if your cache directory reaches 85% of the total capacity, it will delete the old file and reduce the capacity to 75%.
Maximum_object_size 4096 kb ----- This is the maximum capacity for saving the File Cache, which can be set by yourself
Maximum_object_size_in_memory 8 KB ----- This is the maximum capacity of the File Cache stored in the memory, which is generally good by default.
Ipcache_size 1024
Ipcache_low 90
Ipcache_high 95
Fqdncache_size 1024 ------ these are about IP address and domain name cache, default
Cache_dir ufs/var/spool/squid 1000 16 256 ------ create a cache directory under/var/spool/squid. The default size is 1 GB and 16 subdirectories are created under this directory, create up to 256 subdirectories under each subdirectory
Cache_access_log/var/log/squid/access. Log
Cache_log/var/log/squid/cache. Log -------- these are log file paths
Pid_filename/var/run/squid. PID
Client_netmask 255.255.255.0
Auth_param basic children 5
Auth_param basic realm Squid proxy-caching Web Server
Auth_param basic credentialsttl 2 hours ------ comment out the above three lines about authentication. Because we use transparent proxy, these authentication does not work anymore.
ACL our_networks SRC 192.168.1.0/24
Http_access allow our_networks
Http_access allow localhost
Http_access deny all ------------ these lines are used together to control the proxy client. Only the IP address range 192.168.1.0 can be used as the proxy.
Cache_mgr your_email
Cache_inclutive_user squid
Cache_effective_group squid ------ this is about squid users and groups. I use the default one, so squid users and groups exist. If it is installed with tar, it can be set to nobody. nobody, but do not forget to set the permission of the cache directory to nobody. nobody
Httpd_accel_host yourhost. yourdomain
Httpd_accel_port 80 ---------- if you do not have a domain name, you can set virtual and port 0.
Httpd_accel_with_proxy on
Httpd_accel_uses_host_header on ------- these rows are the key to transparent proxy.
After saving, start squid:/etc/INIIT. d/squid start
2. Set iptables rules
/Sbin/iptables-T Nat-A prerouting-I eth1-P TCP-s 192.168.1.0/24 -- dport 80-J redirect -- to-ports 3128
/Sbin/iptables-T Nat-A postrouting-O eth0-s 192.168.1.0/24-J Masquerade
--------- My external network card is eth0 and the internal network card is eth1. Note that the order of the two lines cannot be wrong. Otherwise, your squid will not work.
Now, your intranet client can access www through proxy, and other services can access www through NAT
3. install and configure pwebstats to analyze the squid log file and provide the analysis report.
Download pwebstats-1.3.8.tar
Download fly before configuring pwebstats, compile it to generate a binary file, and copy it to/usr/local/bin. I have compiled one here, if anyone wants to send me a mail, I'll send it to you, this is my mailbox: lichin@eyou.com, but don't forget gzip-D fly.gz, chmod 755 fly, MV fly/usr/local/bin
Run the following command:
CD/usr/local
Tar-xvf/tmp/pwebstats-1.3.8.tar
Music pwebstats-1.3.8 pwebstats
CD pwebstats
VI pwebstats
#! /Usr/local/bin/perl
Change #! /Usr/bin/perl --------------- because my Perl execution file is in this path
Save and exit
Mkdir/var/www/html/pwebstats
Vi conf/squid-proxy.conf
Server_header: my_proxy_server ----- This is the title of the Analysis Report page.
Logfile:/var/log/squid/access. Log ------- path of your squid log file
Outdir:/var/www/html/pwebstats ----- report output directory. Let's see why we created this directory in HTML.
Interval: daily ---------- the output is a daily analysis report.
Fly_prog:/usr/local/bin/fly ---------- path of the Fly File
Save and exit. Rotate the log/usr/sbin/squid-K rotate
/Usr/local/pwebstats-C/
>/Usr/local/pwebstats/CONF/squid-proxy.conf
Now you can enter http: // yourdomain/pwebstats to view the analysis report.
You can also create a scripts and set daily statistics in crontab.
VI/root/squid. logrotate
#! /Bin/bash
/Usr/sbin/squid-K rotate
Sync; sleep 5S
/Usr/local/pwebstats/
& Gt;-C/usr/local/pwebstats/CONF/squid-proxy.conf
Save and exit
Chmod 744/root/squid. logrotate
VI/etc/crontab
59 23 *** root/squid. logrotate
Save and exit. Restart crond:/etc/init. d/crond reload.
Now, you can use squid to access www. Other services are done by Nat. In addition, you can generate regular log analysis reports to show your proxy traffic status.
If you use tar to install squid, some commands may be different, such
Squid start <---------------->/Your/path/squid runcache
Squid stop <---------------->/Your/path/squid-K shutdown
Squid reload <---------------->/Your/path/squid-K reconfigure
For specific commands, refer to the instructions in Squid.
I don't know if there is any good squid optimization solution. I 'd like to discuss it with you, for example, limit speed-up proxy.