OS/2 eZine - http://www.os2ezine.com
Spacer
December 16, 2002
 
Bas Heijermans has been using computers for 24 years - since he was 12. Bas lives in Belgium and has used OS/2 since version 1.1. He ran The OS/2 BBS and was the Belgium OS/2 Fido moderator. IBM awarded him Official OS/2 Ambassidor in 1992 for his support efforts. Today he repairs computers for a living.

If you have a comment about the content of this article, please feel free to vent in the OS/2 eZine discussion forums.

There is also a Printer Friendly version of this page.

Spacer
Previous Article
Home
Next Article


Do you have an OS/2 product or service you'd like to advertise?


OS/2 is Boring Part 5

Many people have ADSL or Cable at this time (or some other real fast expensive connection. :-) This can also be useful for modem people, but the gain won't be that great. As most providers give you the option to use a proxy-server for faster surfing, these proxies aren't always that great. Some of them are just terribly configured, I won't give names as it's of no use - there are too many of them. Another nice part of using a proxy is that it saves bandwith for your ISP, but it doesn't save anything for you if you have a limited amount of traffic that you may generate.

In order to let you use your connection more effeciently, you should install your own proxy. I expect you would say, the one from ISP is working just fine, true, but you can do some stuff with your own proxy that you can't do with your ISP's proxy.

Some of the things you can manage with a good proxy like Squid is the following:

  • Using more then a few DNS servers, you can do with OS/2 too, but it's not cached.
  • Using more than one proxy at the same time.
  • Securing ports that should be used, and close others.
  • Save bandwith of course.
  • Sharing your internet connection, by using it as a firewall without NAT or a router.
  • Keeping an eye on your children or prevent them from accessing porn sites by setting filter rules.
  • Disable servers that should not be accessed in any case.
  • And much more.....

What you need:

  • OS/2 2.x or higher.
  • MPTS, any version will do.
  • A good network card, or 2 if you want to share your connection and you don't have a router.
  • Squid VAC (my favorite, others are good too, but not as fast and require EMX.)

Squid VAC can be found here. The website shows version 1.1C but the software tells you it's version 1.1D, anyone know the exact version?

How do we set this up and make it run?

Of course you download it and place it all into the directories needed, this shouldn't be too hard. I will explain most of the important things of the config file, after that, you should be able to get it running on your own.

http_port 8080

The port you want Squid to listen to for requests.

icp_port 3130

The port that you like to talk with other proxies.

udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
cache_peer wwwproxy.xs4all.be parent 8080 3130

Fill here the proxy of your own provider, as mine is XS4ALL Belgium.

cache_peer 194.109.195.192 sibling 3128 3130
cache_peer 212.68.193.130 sibling 3128 3130
cache_peer 212.210.42.130 sibling 8080 3130
cache_peer 63.163.68.115 sibling 3128 3130
cache_peer 203.106.19.130 sibling 3128 3130
cache_peer 203.130.134.131 sibling 8080 3130

The above proxies are free-public proxies, that will be used when your ISP doesn't have the requested information in time. So you will be using, 8 proxies at the same time, yours, your provider's and the sibling proxies.

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

Standard command that should be left in there, they make sure that scripts are not cached, as there is no use to do so.

cache_mem 8 MB
maximum_object_size_in_memory 64 KB
cache_replacement_policy heap LRU
memory_replacement_policy lru
cache_dir ufs d:/squid/cache 2000 16 256

Commands that determine the performance and size of your cache being hold.

The cache_dir command will set the cache size, 2GB in 16 directories with each having 256 sub-directories. This is great to save a lot of bandwith, but for just your own home proxy with limited resources and just a few light clients, you could set it at 500 8 128, it just depends on the amount you like to store. See the config file for exact details on this.

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 10.0.0.0/255.255.255.0
http_access deny all
http_reply_access allow all
icp_access deny all
miss_access allow our_networks
miss_access deny all
ident_lookup_access deny all

The above ACL rules are very important, IF YOU DON'T SET THEM RIGHT others can use your proxy for spamming and other nasty stuff. As the ACL's go from top-to-bottom, you must make sure you deny all things in the end that have no rule. If you don't, ports stay open and can be abused, this happened to me :-(, and with the help of my provider I managed to close the remaining ports.

It's the way spammers work, they try to find a proxy that can be used as virtual mail-server, squid WILL do this if you didn't close the unwanted ports properly. Maybe you understand now why you never can find the spammers' source and how they hide their identity.

I didn't list the entire config, as it's way too large to get into detail, and most other options are just minor tweaks. I just gave an example of the most important settings.

My proxy runs on a PIII-450 with 256MB ram, but the machine does a lot more at the same time, the impact on the speed of your OS/2 machine is limited, in fact you probably won't notice it's there, except your hard disk light flashes from time to time:-)

The only thing you need to do with your internet programs/clients is to inform them of your proxy. This is done by setting all proxy settings to e.g. 10.0.0.10 (proxy server) and port 8080, after that they will use the proxy and the fun can begin.

The sibling proxies can be dead from time to time, but if you watch the screen, you will see that Squid will report when they are revived as well. As these sibling proxies are all over the world, it has an impact on the routing of your packets, the fastest route will be taken by Squid.

Free public proxies can be found all over the net, do a search on Google and you will find plenty, ping them and see how fast they repond, this way you can find the best for your needs.

Why is OS/2 still boring? First of all, this article is way too long. :-) And it's so easy to setup a fast and good proxy if you take a little time to dig thru the Squid's config file.

This VAC version of Squid is optimized for OS/2. I find it a nice piece of work from the Russian programmer, even when he calls it Alpha, it's more stable then any other version I have seen so far, also faster too. :-)

That's it from me folks, happy surfing!

Previous Article
Home
Next Article

Copyright (C) 2002. All Rights Reserved.