Making a caching adblocking or tranparent local web proxy
Lars Sommer, [email protected]
Last updated: 2010-03-06
This will result in a chain like:
LAN – Junkbuster – Squid – pf – Internet
Installation:
Install this port:
www/squid
Enable transparent proxying with PF: SQUID_PF
Initialize Squid swap directories by running squid -z once.
Install this port:
www/junkbuster
Eventually these two for statistics:
Does not exist anymore 11-04-19 www/squidclients
www/calamaris
Add to rc.conf:
squid_enable=”YES”
junkbuster_enable=”YES”
/usr/local/etc/squid/squid.conf is a HUGE file.
If NOT using it in a transparent pf mode nothing needs to be changed.
If using it in a transparent pf mode, the following changes must be applied to squid.conf:
http_port 127.0.0.1:3128 transparent
Hmm: The following does not seem to be needed:
http_access deny to_localhost
acl our_networks src 10.6.6.0/24
http_access allow our_networks
visible_hostname hjem.lasg.dk
pf must be set up to use the transparent proxy, with the following lines:
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
And then the pf device must be read- and writeable for squid:
chgrp squid /dev/pf
chmod g+rw /dev/pf
Junkbuster configuration:
The configuration files should be copied into /usr/local/etc/junkbuster/
cd /usr/local/etc/junkbuster
cp aclfile.sample aclfile
cp blockfile.sample blockfile
cp configfile.sample configfile
cp cookiefile.sample cookiefile
cp forwardfile.sample forwardfile
cp trustfile.sample trustfile
The logfile and jarfile must be writeable by the user running junkbuster. By default by “nobody”
The default port for Squid is 3128, and for Junkbuster is 8000
If set up as transparent, Squid will work without setting any ports in the browser.
If Junkbuster is used, the browser must be set to use port 8000.
