Upgrade Squid Proxy Server, 3.1.22 to 3.3.3

A few days ago, suddenly, my squid proxy server (squid version 3.1.22 as transparent proxy) does not work or hangs. Weird... I've checked everything, but no luck. These are I have done,

1. check with command, ps ax | grep squid, ... ok.
2. check in /var/log/error.log,...no error, running well.
3. check on the firewall, shorewall, normal.
4. check router mikrotik, good.

5. check directly to the browser by entering the IP address of squid proxy server in option browser, error
6. check in /var/log/squid/access.log,…no activity or no request.
7. weird ...

Then finally, I decided to upgrade the squid to version 3.3.3.

And this is the ways.

service squid stop.

cd /usr/local/squid 3.1.22

make uninstall

make clean.

cd /usr/local

wget… http://www1.it.squid-cache.org/Versions/v3/3.3/squid-3.3.3.tar.gz

tar zxvf squid-3.3.3.tar.gz

/configure --prefix=/usr   --exec-prefix=/usr   --bindir=/usr/sbin   --sbindir=/usr/sbin   --sysconfdir=/etc/squid   --datadir=/usr/share/squid   --includedir=/usr/include   --libdir=/usr/lib   --libexecdir=/usr/lib/squid   --localstatedir=/var   --sharedstatedir=/usr/com   --mandir=/usr/share/man   --infodir=/usr/share/info   --x-includes=/usr/include   --x-libraries=/usr/lib   --enable-shared=yes   --enable-static=no   --enable-carp    --enable-storeio=aufs,ufs   --enable-removal-policies=heap,lru   --disable-icmp   --disable-delay-pools   --disable-esi   --enable-icap-client   --enable-useragent-log   --enable-referer-log   --disable-wccp   --enable-wccpv2   --disable-kill-parent-hack   --enable-snmp   --enable-cachemgr-hostname=localhost   --enable-arp-acl   --disable-htcp  --disable-forw-via-db   --disable-follow-x-forwarded-for   --enable-cache-digests    --disable-poll   --enable-epoll   --enable-linux-netfilter   --disable-ident-lookups   --enable-default-hostsfile=/etc/hosts    --with-default-user=squid   --with-large-files  --enable-mit=/usr   --with-logdir=/var/log/squid   --enable-http-violations   --enable-zph-qos   --with-filedescriptors=65536   --enable-gnuregex --enable-async-io=64 --with-aufs-threads=64  --with-pthreads --with-aio  --enable-default-err-languages=English --enable-err-languages=English --disable-hostname-checks --enable-underscores
make; make install

I don’t need to create again ‘/cache’ or startup squid, or squid.conf, etc, because, command make uninstall didn’t delete or remove configuration that I have made. But if you are missing the configuration, look at http://myconfigure.blogspot.com/2013/03/transparent-squid-332-328-on-ubuntu.html, to get how to install squid  from the beginning.

Edit /etc/squid squid.conf. See my initial configuration for example, before the change, in http://myconfigure.blogspot.com/2013/01/squid-3122-example-squidconf-squid.html. I will just explain some of the changes...

Several variables that must be removed.

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl bamboe src 192.168.3.0/24

emulate_httpd_log off

log_fqdn off

Some variables that must be added.

acl bamboe src 192.168.10.0/24

http_port 3128

You can see the complete squid configuration after change. http://myconfigure.blogspot.com/2013/03/squid-332-328-example-squidconf.html. Next, check firewall. I use shorewall for make iptables easily. See some file in /etc/shorewall/, and make sure some variable is correct.

$ vim zones

          fw      firewall

          loc     ipv4

$ vim interfaces

          loc     eth0    -

$ vim policy

          loc     fw      ACCEPT

          fw      loc     ACCEPT

          loc     all     DROP

          all     all     REJECT

$ vim rules

          SECTION NEW

          # and this is rules for transparent proxy

          REDIRECT        loc     3127    tcp     80     -        !192.168.3.1

$ vim shorewall.conf

          STARTUP_ENABLED=Yes

See my full initial configuration mikrotik in http://myconfigure.blogspot.com/2013/01/backup-konfigurasi-mikrotik.html,  and of course, I just explain some of the changes, ... and then I assume you know much about mikrotik,

Disable or delete some rules about  ‘redirect’. Remember, because I upgrade squid to 3.3.3 version, so I dont need "redirect' more.

/ ip firewall nat

chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=3127 protocol=tcp src-address-list=compbawah   dst-port=80,8080,3128

chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=3127 protocol=tcp src-address-list=compatas  dst-port=80,8080,3128

chain=dstnat action=dst-nat to-addresses=192.168.3.1 to-ports=3127 protocol=tcp dst-address=!192.168.1.1 src-address-list=op dst-port=80,8080,3128

And these are some rules, which must be added as a replacement the mikrotik ‘redirect’. Create routing of client mark heading into port 80, and 8080, marked by the a name, such name is ‘mark80’.

/Ip firewall mangle

chain=prerouting action=mark-routing new-routing-mark=80 passthrough=yes protocol=tcp src-address-list=compatas dst-port=80,8080

chain=prerouting action=mark-routing new-routing-mark=80 passthrough=yes protocol=tcp src-address-list=compbawah dst-port=80,8080

chain=prerouting action=mark-routing new-routing-mark=80 passthrough=yes protocol=tcp dst-address=!192.168.1.1 src-address-list=op dst-port=80,8080

And the last, mark80 routing to gateway 192.168.3.1. add, this rules,

/ip route add routing-mark=mark80 gateway=192.168.3.1

It's mean, Mikrotik has 2 gateway. First, gateway 192.168.3.1. Request or packet to the destination port  80 or 8080, will be through gateway 192.168.3.1. And the second, default gateway 192.168.1.1, all requests ( other than destination port 80 / 8080), will be through the gateway default. Done. At last, I have squid 3.3.3 version as transparent proxy.