Tag Archives: amp

Linux Install & configure Squid in three easy steps

  1. Squid configuration so that it will act as a transparent proxy


  2. Iptables configuration

    • Configure system as router
    • Forward all http requests to 3128 (DNAT)
  3. Run scripts and start squid service

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:

acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid



  • acl all src  : Access control list, only allow LAN computers to use squid
  • http_access allow localhost: Squid access to LAN and localhost ACL only
  • http_access allow all: — same as above —

Here is the complete listing of squid.conf for your reference grep will remove all comments and sed will remove all empty lines:

# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'


Iptables configuration


Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Linux: iSCSI Initiator installation & configration

Installation Instructions:

Red Hat Supplied iSCSI Initiator:

Find the RPM on the Red Hat Media, then install it using the rpm –ivh command as follows:

# rpm –ivh iscsi-initiator-utils-

NOTE: This is the version for Enterprise Linux AS 5. Your version may be different.

An alternative to installing this package manually in Red Hat Enterprise Linux (ES or AS) 5 or greater is to use the “Add/Remove Applications” menu item in the “System Settings” menu. In the details for the “Network Servers” package list, the iscsi-initiator-utils is one of the packages listed. This same choice is available in the same location during the initial install of Red Hat, so this can also be done at that time.

Once installed, there will be a file in the /etc directory named iscsi.conf. If this file does not exist this may indicate a problem with the installation. This file can be created with the following minimal entries:



This needs to be set to the Group IP Address of your UIT Array.


For the initiator to receive Vendor Specific async events from the target.


To globally specify that all discovery sessions be kept open.

Within the iscsi.conf file itself there are many more options available that can be set. You can look through the iscsi.conf file for information on what these variables are and what they are used for.

Once these values are either placed in a newly created /etc/iscsi.conf file, or the respective lines are uncommented and edited where necessary, the iscsi service can be started:

# service iscsi start

To verify that the iscsi service will be started at boot time, the chkconfig command can be used as follows:

# chkconfig –list iscsi

iscsi 0:off 1:off 2:off 3:off 4:off 5:off 6:off

By default, the newly added iscsi initiator is not enabled at boot which is the reason for each of the run levels listed to have the service set to off. To enable this at boot, again use the chkconfig command as follows:

# chkconfig –add iscsi

# chkconfig iscsi on

The above two commands first checks to be sure there are the necessary scripts to start and stop the service, then it sets this service to be on for the appropriate runlevels.

Then check to be sure the changes took effect:

# chkconfig –list iscsi

iscsi 0:off 1:off 2:on 3:on 4:on 5:on 6:off

To verify that you can see your iscsi devices, you can run the following command:

# iscsi-ls


SFNet iSCSI Driver Version … 6.2 (27-July-2009 )


TARGET NAME : iqn.2001-05.com.UIT:6-8a0900-148270001-987006efd6c43836-pat-rhel5-vol2

TARGET ALIAS : pat-rhel5-vol2


BUS NO : 0






SESSION ID : ISID 00023d000001 TSIH 06


To see greater details of the devices, you can run the above command with the –l option:

# iscsi-ls –s


SFNet iSCSI Driver Version … 6.2 (27-Jun-2009 )


TARGET NAME : iqn.2001-05.com.UIT:6-8a0900-148270001-987006efd6c43836-pat-rhel5-vol2

TARGET ALIAS : pat-rhel5-vol2


BUS NO : 0






SESSION ID : ISID 00023d000001 TSIH 06



LUN ID : 0

Vendor: EQLOGIC Model: 100E-00 Rev: 2.1

Type: Direct-Access ANSI SCSI revision: 05

page83 type3: 0690a018007082143638c4d6ef067098

page80: 3036393041303138303037303832313433363338433444364546303637303938

Device: /dev/sdc


As can be seen in the example iscsi-ls –l output above, the device in question is mapped to the /dev/sdc device.

Linux-iscsi Sourceforge Initiator:

If you are not running the required update of Red Hat Linux to have their precompiled iSCSI Initiator, you can try to compile the iSCSI Initiator supplied by the Sourceforge linux-iscsi project.

Beyond the required kernel revision as noted above, all development packages need to be installed for the compiling of the initiator as well as the kernel sources. The easiest way to install these items is to us the “Add/Remove Applications” in the “System Settings Menu” from within the Desktop GUI. Depending on the version of Red Hat you are running will determine what you select to be installed:

Red Hat AS 3:

Development Tools (Default packages have all required packages)

Kernel Development (Again, default is fine)

Red Hat AS 4:

Development Tools (Default packages have all required packages)

NOTE: If there is no Kernel Development choice, the Kernel Source files need to be found and installed prior to compilation.

Once these OS packages are installed, it should be as easy as getting the source package from the Sourceforge linux-iscsi project, then making the initiator. Refer to the README file that comes with the source for detailed instructions on how to make the initiator. If there are problems compiling the initiator, check the linux-iscsi Sourceforge project for assistance. You are able to search and post to their mailing lists to get information and assistance with this product.

Persistent Device naming:

Devices using the Red Hat software initiators do not have a persistent naming scheme, but a few ways to setup Persistent Naming for the different versions of Red Hat are as follows:

Red Hat Enterprise Linux (ES or AS) 3:

Devlabel (see the devlabel man page):

This will only work on Red Hat kernel’s 2.4.x.

Use devlabel to setup symlinks from known names to the current device name.

A basic add command to setup a devlabel link is as follows:

# devlabel add –d -s

An example:

sdc –s /dev/iscsi/vollink

# ls –l /dev/iscsi/vollink

lrwxrwxrwx 1 root root 8 Dec 1 16:31 newvol -> /dev/sdc

Red Hat Enterprise Linux (ES or AS) 4:

Use the udev facility (man udev, man scsi_id):

This is only available on Red Hat EL 4/Kernel 2.6.*

This creates device links to the device files when the device nodes are created. Udev uses a rules file (see man udev) to determine what the link names or device names it should create for different devices.

This is the least elegant of the solutions to configure and there is no straightforward example to provide on how this needs to be setup.

Red Hat may be able to provide additional information on persistent device naming for iSCSI devices using their iSCSI initiator with udev.

Both Red Hat Enterprise Linux 3 and 4:

Use filesystem LABELs (see the e2label man page):

This will work on all ext2/3 filesystem partitions.

Place an ext2/3 filesystem label on your filesystem partition. Once the Label has been added, use the LABEL identifier to identify the filesystem you want to mount in the fstab (man fstab and/or man mount). Following is an example of using the e2label command and what a resulting line in the fstab file would look like:

# e2label /dev/sdc1 EMC

# mkdir /EMC

# echo “LABEL=EMC /EMC ext3 _netdev,defaults 0 0” >> /etc/fstab

NOTE: _netdev delays the mounting of this filesystem until after the Network has been started and ensures that the filesystem is unmounted before stopping the Network.

# mount –a

# df –k | grep EMC

/dev/sdc1 5166332 43072 4860816 1% /EMC

Red Hat Linux iSCSI Configuration

Supported iSCSI Initiators:

Enterprise Linux (ES or AS) 3 Update 6:

Disc 2 of 4:


linux-iscsi 3.4.x: Minimum kernel release: 2.4.21

linux-iscsi 3.6.x: Minimum kernel release: 2.4.21

NOTE: Versions of the linux-iscsi Initiator above 3.x are not compatible with the 2.4.x and below kernel release.

Enterprise Linux (ES or AS) 4 Update 2:

Disc 4 of 4:



4.0.2 – Mnimum kernel release: 2.6.10

4.0.1 – minimum kernel Release: 2.6.0

NOTE: Versions of the linux-iscsi Initiator below 4.x are not compatible with the 2.6.x and higher kernel release.