Using FreeBSD cant be easier than that! Using this guide you can:

• Install and condifure FreeBSD machine.
• Install your own custom Kernel as per your requirement.
• Install and configure Squid with cache replacement policies.
• Make your system more secure than ever

Note:    if you are upgrading the system,

1. shift all the load to any other proxy
2. Note IPs of all the interfaces           ifconfig > ip
3. Take copy of running crontab

Insert bootable cd disc into cdrom and boot system from cdrom and follow these steps.

• Skip Kernel config and continue with installation.
• Standard
• Ok
• Disk Partitioning           ‘A’ Use entire Disc
  •  
    •  
      •  
        • ‘C’ Create Slice.
• For all the remaining blocks press ‘Ok’.
• Type of Partition 165.
• Select the slice
• ‘S’ set bootable.
• ‘Q’ finish.
• Boot manager               (*) Standard.
• Same for Disk 2.
• Don’t set bootable (*) leave the boot message.
• After creating the slices we need to create partitions.
• ‘C’                               Create Partition.
• After creation of Partitions  Select /cache 1,2,3 & /var and press “S” for soft updates.(note: In version FreeBSD 4.7 soft updates automatically applied when we create partitions)
• Choose Distribution > Kernel-Developer > User

• Installation media          CD ROM
• Network Interface        Give appropriate addresses.
• Configure as A Gateway
• Security Profile Medium (Moderate security settings (Default))

Note : (Moderate security settings have been selected Sendmail and SSHd jave been enabled, securelevels are disabled, and NFS server setting have been left intact.PLEASE NOTE that this still does not save you from having to properly secure your system in other ways or exercise due diligence in your administration, this simply picks a standard set of out-of-box defaults to start with.To change any of these settings later, edit /etc/rc.conf )

• Setting Time Zone (PKT)
• Linux Compatiability
• Select Ports/Packages to Install

• Free BSD Configuration menu-Distribution.
• Src > Sys                     (Source for everything)

Custom Kernel Compilation

cd /usr/src/sys/i386/conf

Mkdir /root/kernels

cp GENERIC /root/kernels/ALI

ln –s /root/kernels/ALI

Edit MYKERNEL file and customize

• Machine                       i386
• Max users                    254
• Options                                    MSGMNB = 8192
• Options                                    MSGMNI  = 80
• Options                                    MSGSEG = 512
• Options                                    MSGSSZ = 64
• Options                                    MSGTQL = 3075
• Options                                    SMP (For multi processor machines only.)
• Options                                    APIC _IO
• Options                                    IPFIREWALL
• Options                                    IPFIREWALL_Forward
• Options                                    IPFILTER

Scsi Controller

• Device ahc

Scsi Peripheral

• Device                          scbus

Build the kernel

/usr/sbin/config                          ALI

cd ../../compile/ALI

make depend

make

make install

now do ipfw –f flush.

Squid Installation

Note :For FreeBSD 4.7 ver (cd /usr/src/sys/contrib/ipfilter/netinet/)

And copy these three files “ip_compat.h” , “ip_fil.h” and “ip_nat.h” into /usr/include/) and then must restart system. These files needed to squid work as a transparent proxy.

Setenv cflags =’-g –wall’ (Note no space between = and ‘-g –wall’)

Untar the Squid stable tarball

Tar –zxvf squid-xx.stable.tar.gz

Cd squid-xx.stable

And configure as

./configure –enable–removal-policies = “lru,heap” — enable-async-io \                                                                   –enablestoreio=”diskd,ufs” –enable–snmp — enable–underscores \

– enable–ipf-transparent

make

make install

Squid configuration file

Now edit squid.conf

Vi /usr/local/squid/etc/squid.conf

And set the parameters as per your requirement & create cache dir which you defined in cache_dir  and set the permission nobody:nobody to cache_dir and do

/usr/local/squid/bin/squid -z

If we want to use LFUDA then in squid .conf  will be as below

cache_replacement_policy heap LFUDA

memory_replacement_policy heap LUFDA

otherwise  

cache_replacement_policy heap

memory_replacement_policy heap

Other packages to be install and configure

SNMP

Apache

Ntpdate

Cron Jobs

System Security

Lesser Packages

Stop Inet Daemon & all Unnecessary Daemons

Unnecessary Users Delete (user toor = root)

Edit etc / services and block Unnecessary ports

Secure Squid

Secure snmp

Secure Named

Secure Firewall (copy etc/trproxy from backup server)

Secure Apache (Run of different port and ip restricted access)

ssh enable (telnet should b disabled)

Optimization

IP assignments on Ethernet Interfaces

Copy      tcp and udp configurations in /etc/rc.conf

Log rotation (squid,dansguardian)      Messages is automatically being rotated

/etc/fstab (noatime,async,rw) for cache & /var partitions

Static routes for internal ips in /etc/static-routes

Static routes for  bandwidth /software/scripts/bwmanager-scripts

Configuration of soft updates on partitions

(Note : first check is already soft updates applied or not use command

tunefs –p partition name

eg tunefs –p /var

if soft updates not set could be set by giving following no. of commands

(note: on which partition we going to apply soft updates should’nt be in use first unmount that partition in single user mode. Like following

1. umount  /var
2. tunefs –n enable  /var)

now verify is it applied or not by giving above mentioned command tunefs –p /var and then restart machine.)