LINUX SQUID SERVER IN TRANSPARENT MODE

What is Bandwidth throttling :

Consider we are having 512Kbps Internet connection line. And the system administrator wants to divide the whole bandwidth into two sections. Read More One for the normal users and the other for special users who need high speed internet connection. So that all the normal users can use 256 Kbps and the special users can use the remaining 256 Kbps. So in this case you have to make a bandwidth throttling to differentiate the whole single pipe line into two sections. This can be achieved using squid proxy server.

Squid main configuration file ----- /etc/squid/squid.conf
Squid log file ----- /var/log/squid/access.log
Cache log file ----- /var/log/squid/cache.log

Bandwidth throttling in squid is done using Delay Pools. Delay pools uses bucketing system.

Throttle Calculations
512Kbps(Kilo bits per second) -----> 64Kbytes -----> 64000bytes
256Kbps -----> 32Kbytes -----> 32000bytes
128Kbps -----> 16Kbytes -----> 16000bytes
64Kbps -----> 8Kbytes -----> 8000bytes

Points to remember in Delay Pools:
There are basically three things to note, they are - delay pools, delay class, delay parameters.

Delay pool --- Defines how many pools we want to use
Delay Class ---- Defines type of the pool you are going to use.
Delay Parameter � allots the restrictions and fill rate/maximum bucket size.

As I have said previously in this documentation delay pools uses bucketing system.
Now there are three types of buckets

Class 1 pool: A single aggregate bucket, shared by all users
Class 2 pool: One aggregate bucket, 256 individual buckets
Class 3 pool: One aggregate bucket, 256 network buckets, 65,536 individual buckets

If you still have any problem in the above syntax (ie) aggregate, network and individual buckets to understand, then here is a simple syntax/example for all these

For Class 1 delay pool
delay_parameters 1 32000/32000

For Class 2 delay pool
delay_parameters 1 48000/48000 48000/48000

For Class 3 delay pool
delay_parameters 2 32000/32000 8000/8000 16384/16384

Example Setup:
One 512Kbps pipe line. We want to distribute the whole pipe line into 2. One for normal users and other for special users as follows
Normal users --- 128 Kbps
Special Users --- 384 Kbps

Configuration Setup File /etc/squid/squid.conf:
Before getting into the delay pools setup first create the acl(Access Control List). Through acl you can define rules according to your requirements. Find the Access Control section in the squid.conf file.
Here is an example:

acl superusers src 192.168.1.1 192.168.1.2 192.168.1.3
acl mynetwork src 192.168.1.0/255.255.255.0

Here in the above example only three users are special users who need 256Kbps bandwidth which are listed in the specialusers label and the whole network including he special users are labeled as mynetwork.

After creating the users you have to allow them to access the internet. Below line specifies for allowing the mentioned labeled users.

http_access allow superusers
http_access allow mynetwork

Now comes the funny part Delay Pools. Here We will deal with a basic example for delay pools.

The example is as follows: We are having 512Kbps pipe line connection. We want to divide it into segments one for the special users, web servers and the other for the normal users in the organization. The special users and the web servers are given 384Kbps speed and the remaining 128Kbps for the normal users.

Delay Pools for super users:
Check for the delay pools section in the squid.conf file.
Start the configuration for delay pools as follows
==================================
########## Delay Pools############
==================================

delay_pools 2

As described above we have to create 2 delay pools, one for each delay class.
====================================================
######### Defining Delay pool 1 in class 2 #########
====================================================

delay_class 1 2
delay_parameters 1 48000/48000 48000/48000
delay_access 1 allow superusers

The first line specifies Delay Class which defines delay pool 1 for the delay class 2.

Why we are using delay class 2 here?

The first part on the second line ie �1� defines the pool One(1)

The second part on second line defines the aggregate 48000/48000(restore/max). where restore is the number of bytes (not bits - modem and network speeds are usually quoted in bits) per second placed into the bucket, and maximum is the maximum number of bytes which can be in the bucket at any time.

The third part on second line is individual buckets again 48000/48000(restore/max). All the special users and the web servers should obtain the same speed of 384 Kbps.

The third line allows the super users to fall in that bucket.

=====================================================
######### Defining Delay pool 2 in class 3 #########
=====================================================

Delay Pools for normal users:

delay_class 2 3
delay_parameters 2 32000/32000 8000/8000 16384/16384
delay_access 2 allow !superusers

The first line specifies Delay Class which defines delay pool 2 for the delay class 3.

The first part on the second line ie �2� defines the pool Two(2) of class three(3)

The second part on second line defines the aggregate 32000/32000(restore/max) as aggregate (ie for whole).
Note : - If you use -1/-1. �-1� indicates �unlimited�.

The third part on second line is network bucket. We have defined here 8000/8000 .

The fourth part on second line is for individual.

The third line specifies to throttle all the users except the super users.

How to check:
First set proxy settings in your browser as follows:
Go to any client machine and open an IE(Internet Explorer). Select "Tools" menu then select "Internet Options" then select "Connections" tab. After that select the "LAN Settings" button, you will get a new pop-up window there you select "Use proxy server for your LAN" check box and finally give your squid proxy servers ip address and the port on which the squid proxy server is configured. Now press "OK" and again press "OK". Cloase the window and now open a new window.
Second Check by downloading any large file

Start to download any lage file not less than 10MB size. Because when ever you download any small file it used to download it quickly. When you start downloading large file at first if you note some starting bytes of the file gets downloaded quickly and later it gets slowed down.

Keep a note on the download pop-up box which shows the speed limits in "kbps". When we start downloading note on the pop-up box the speed limits in kbps shows high value and then slowly gets decreased. This means when you start downloading the bucket gets filled and slowly it decreases and becomes stable to the specified limit in Kbps according to the configuration. Remember again as i told restore value is used to set the download speed, and the max value lets you set the size at which the files are to be slowed down from.

To configure squid proxy go to
/etc/squid/squid.conf file and then change its port no. from 3128 to 8080.
this is the http port that squid proxy listen for .

Then create your own access list
acl_access name_access_list src networkaddress


Then finally u have the power to allow or deny the particular network


http_access allow name_access_list


Just follow the above three steps to let squid work properly.

You must enable ip forwarding also.

for this go to

/etc/sysctl.conf

in it on the line
net_ipv4 forwarding=0
change it to 1
this will enable the ip forwarding

you can check ip forwarding by

sysctl -p