Squid on OpenBSD

Contents

  1. Squid on OpenBSD
    1. Pre-Built Binary Packages
        1. Squid-3.2/3.3
        2. Squid-2.7
    2. Compiling
    3. Troubleshooting
      1. NAT lookup failures

Pre-Built Binary Packages

Squid is available in OpenBSD ports and the packages collection.

Install Procedure: 

pkg_add squid

For 5.3, on most machine architectures you will be offered a choice of 3.2 or 2.7STABLE9. For -current, 3.3 replaces 3.2.

Squid-3.2/3.3

On OpenBSD 5.3, the following will build Squid 3.2 from ports, create a package and install it: 

cd /usr/ports/www/squid
make install

On older versions of OpenBSD, the above commands will build squid 2.7STABLE9. On -current (or 5.4+ when released), the above commands will build squid 3.3.

Squid-2.7

On OpenBSD 5.3+, the following will build squid 2.7STABLE9 for ports, create a package and install it: 

cd /usr/ports/www/squid27
make install

Compiling

To build squid for standard use, no particular method should be needed. See SquidFaq/CompilingSquid for detailed instructions. If you plan to do development on squid, some caution is needed: apparently something in the mix of sources and libraries trips a bug in gcc when building parts of the test-suite with optimizations. Building with optimizations explicitly turned off will allow to compile fine. In other words you'll need to: 

CFLAGS='-O0 -Wall -g' CXXFLAGS="$CFLAGS" ./test-builds.sh

If using squid as a transparent proxy on OpenBSD, there are two methods of looking up the original destination address. --enable-pf-transparent is the traditional method, which uses an ioctl() against /dev/pf to request the information from PF (requiring privileged access to the device node). For this method, use "rdr-to" (formerly "rdr") PF rules to pass the traffic to squid. As of OpenBSD 4.4 it is also possible to use --enable-ipfw-transparent which uses the simpler getsockname() interface. This method uses "divert-to" rules in PF. More information is available in the package's README file.

Troubleshooting

NAT lookup failures

If using --enable-pf-transparent, ensure that the userid running squid has write access to /dev/pf, and that squid was built against correct kernel headers; some changes to PF will require that squid is recompiled.

CategoryKnowledgeBase SquidFaq/BinaryPackages

KnowledgeBase/OpenBsd (last edited 2013-06-03 11:04:39 by StuartHenderson)