Squid_ The Definitive Guide - Duane Wessels [16]
tcp4 0 0 192.43.244.42.19597 202.158.66.190.80 TIME_WAIT
tcp4 0 0 192.43.244.42.19600 207.99.19.230.80 TIME_WAIT
tcp4 0 0 192.43.244.42.19601 216.131.72.121.80 TIME_WAIT
tcp4 0 0 192.43.244.42.19602 209.61.183.115.80 TIME_WAIT
tcp4 0 0 192.43.244.42.3128 128.109.131.47.25666 TIME_WAIT
tcp4 0 0 192.43.244.42.3128 128.109.131.47.25795 TIME_WAIT
tcp4 0 0 192.43.244.42.3128 128.182.72.190.1488 TIME_WAIT
tcp4 0 0 192.43.244.42.3128 128.182.72.190.2194 TIME_WAIT
Note that this example has both client- and server-side connections. Client-side connections have 3128 as the local port number; server-side connections have 80 as the remote (foreign) port number. The ephemeral port numbers appear under the Local Address heading. In this example, they are in the 19,000s.
Unless you see thousands of ephemeral ports in the TIME_WAIT state, you probably don't need to increase the range. On FreeBSD, you can increase the range with this command:
# sysctl -w net.inet.ip.portrange.last=30000
On OpenBSD, the command is almost the same, but the sysctl variable has a different name:
# sysctl -w net.inet.ip.portlast=49151
On NetBSD, things work a little differently. The default range is 49,152-65,535. To increase the range, change the lower limit:
# sysctl -w net.inet.ip.anonportmin=10000
On Linux, simply write a pair of numbers to the following special file:
# echo "1024 40000" > /proc/sys/net/ipv4/ip_local_port_range
Don't forget to add these commands to your system startup scripts so that they take effect each time your machine reboots.
* * *
[1] Not all operating systems require building a new kernel. Some may be tunable at runtime.
The configure Script
Like many other Unix software packages, Squid uses a ./configure script to learn about an operating system before compiling. The ./configure script is generated by the popular GNU autoconf program. When the script runs, it probes the system in various ways to find out about libraries, functions, types, parameters, and features that may or may not be present. One of the first things that ./configure does is look for a working C compiler. If the compiler can't be found or fails to compile a simple test program, the ./configure script can't proceed.
The ./configure script has a number of different options. The most important is the installation prefix. Before running ./configure, you need to decide where Squid should live. The installation prefix determines the default locations for the Squid logs, binaries, and configuration files. You can change the location for those files after installing, but it's easier if you decide now.
The default installation prefix is /usr/local/squid. Squid puts files in seven different subdirectories under the prefix:
% ls -l /usr/local/squid
total 5
drwxr-x--- 2 wessels wheel 512 Apr 28 20:42 bin
drwxr-x--- 2 wessels wheel 512 Apr 28 20:42 etc
drwxr-x--- 2 wessels wheel 512 Apr 28 20:42 libexec
drwxr-x--- 3 wessels wheel 512 Apr 28 20:43 man
drwxr-x--- 2 wessels wheel 512 Apr 28 20:42 sbin
drwxr-x--- 4 wessels wheel 512 Apr 28 20:42 share
drwxr-x--- 4 wessels wheel 512 Apr 28 20:43 var
Squid uses the bin, etc, libexec, man, sbin, and share directories for a few, relatively small files (or other directories) that don't change very often. The files under the var directory, however, are a different story. This is where you'll find Squid's log files, which may grow quite large (tens or hundreds of megabytes). var is also the default location for the actual disk cache. You may want to put var on a different partition with plenty of space. One easy way to do this is with the —localstatedir option:
% ./configure --localstatedir=/bigdisk/var
You don't need to worry too much about pathnames when configuring Squid. You can always change the pathnames later, in the squid.conf file.
configure Options
The ./configure script has a number of different options that all start with —. You can see the full list of options by typing ./configure --help. Some of these options are common to all configure scripts,