What is Squid?

Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite – we’re getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.

Where did Squid come from?

Squid is based on the Harvest Cache Daemon developed in the early 1990’s. It was one of two forks from the codebase after the Harvest project ran to completion. (The other fork being what became Netapp’s Netcache.)

The Squid project was funded by an NSF grant (NCR-9796082) which covered research into caching technologies. The ircache funding ran out a few years later and the Squid project continued through volunteer donations and the occasional commercial investment.

Squid is currently being developed by a handful of individuals donating their time and effort to building current and next generation content caching and delivery technologies. An ever-growing number of companies use Squid to save on their internet web traffic, improve performance, deliver faster browsing to their end-clients and provide static, dynamic and streaming content to millions of internet users worldwide.

Who uses Squid today?

A good question! Many of you are using Squid without even knowing it! Some companies have embedded Squid in their home or office firewall devices, others use Squid in large-scale web proxy installations to speed up broadband and dialup internet access. Squid is being increasingly used in content delivery architectures to deliver static and streaming video/audio to internet users worldwide.

 

Why should I deploy Squid?

(Or.. “Why should I bother with web caching? Can’t I just buy more bandwidth?”)

The developers of the HTTP protocol identified early on that there was going to be exponential growth in content and, concerned with distribution mechanisms, added powerful caching primitives.

These primitives allow content developers and distributors to hint to servers and end-user applications how content should be validated, revalidated and cached. This had the effect of dramatically reducing the amount of bandwidth required to serve content and improved user response times.

Squid is one of the projects which grew out of the initial content distribution and caching work in the mid-90s. It has grown to include extra features such as powerful access control, authorization, logging, content distribution/replication, traffic management and shaping and more. It has many, many work-arounds, new and old, to deal with incomplete and incorrect HTTP implementations.

For ISPs: Save on bandwidth, improve user experience

Squid allows Internet Providers to save on their bandwidth through content caching. Cached content means data is served locally and users will see this through faster download speeds with frequently-used content.

A well-tuned proxy server (even without caching!) can improve user speeds purely by optimising TCP flows. Its easy to tune servers to deal with the wide variety of latencies found on the internet – something that desktop environments just aren’t tuned for.

Squid allows ISPs to avoid needing to spend large amounts of money on upgrading core equipment and transit links to cope with ever-demanding content growth. It also allows ISPs to prioritise and control certain web content types where dictacted by technical or economic reasons.

For Websites: Scale your application without massive investment in hardware and development time

Squid is one of the oldest content accelerators, used by thousands of websites around the world to ease the load on their servers. Frequently-seen content is cached by Squid and served to the end-client with only a fraction of the application server load needed normally. Setting up an accelerator in front of an existing website is almost always a quick and simple task with immediate benefits.

For Content Delivery Providers: distribute your content worldwide

Squid makes it easy for content distributors and streaming media developers to distribute content worldwide. CDN providers can buy cheap PC hardware running Squid and deploy in strategic locations around the internet to serve enormous amounts of data cheaply and efficiently.

A large number of companies have deployed servers running Squid in the past in exactly this manner.

Reference

http://www.squid-cache.org/

1- Wifi Explorer  “$14.99” I use

wifi-explorer

 

Scan, monitor, and troubleshoot wireless networks with WiFi Explorer.

Quickly identify channel conflicts, signal overlapping or configuration problems that may be affecting the connectivity and performance of your home, office or enterprise wireless network.

Get an insight into the network details: name (SSID), MAC address (BSSID), device manufacturer, signal strength (RSSI), noise, channel, band, security configuration, supported data rates, 802.11 information elements (IE), and much more.

• Suitable for home, small office, or enterprise networks
• Easy-to-use, intuitive user interface
• Graphical visualization of the Wi-Fi environment
• Supports 2.4 GHz and 5 GHz frequency bands as well as 20, 40, 80 and 160 MHz channels
• Works with 802.11a/b/g/n/ac networks

Also:

• Comprehensive app’s help
• Signal quality ratings based on signal-to-noise ratio (SNR)
• Accurate conversion from dBm to percentage (%) for easier analysis and optimization
• Detailed description of information elements (IE) advertised by the access point for advanced troubleshooting
• Export metrics and network details to CSV file format
• Save results for later review and analysis
• Access point name discovery (if supported)
• Editable column for labels or annotations
• Selectable and sortable columns
• Adjustable graph timescales
• Quick filtering
• Customizable colors for easily tracking particular networks
• Full screen mode and split view support

Requires a Mac with built-in Wi-Fi. External Wi-Fi adapters are not supported.

Screen Shot 2016-07-31 at 00_Fotor

 

 

2 – Wifi Signal “$4.99” I use

wifi-signal

Monitor and troubleshoot the quality of your Wi-Fi connection.

WiFi Signal is a system menu bar application that provides easy access to your Wi-Fi connection details (name, channel, transmit rate, signal strength, noise, etc.), monitors the signal quality of your wireless network, and can find and recommend alternative channels for your network thus avoiding signal overlapping and channel conflicts that can result in connectivity issues and performance degradation.

FEATURES

• Simple, straightforward user interface
• Fully customizable status icon display options
• Dark mode support
• Accurate dBm to percentage (%) conversion
• Real-time graphs for signal strength and noise level, Signal-to-Noise Ratio (SNR), transmit rate, or MCS index (if supported)
• Signal quality ratings based on SNR measurements
• Automatic channel recommendations*
• Notifications and event logging for common events, such as when the computer joins to or disconnects from a network, roams to a different access point, or when data rate or channel configuration changes are detected
• Comprehensive app’s help describes how to use the tool the most effective way

Requires a Mac with built-in Wi-Fi. External Wi-Fi adapters are not supported.

For a more comprehensive analysis of the Wi-Fi environment consider WiFi Explorer, also available in the Mac App Store.

* Due to limitations of the Wi-Fi scanning framework, channel recommendations are based solely on the detection of other Wi-Fi signals, and do not consider external sources of interference or hidden networks (i.e. networks that do not broadcast their SSIDs).

Screen Shot 2016-07-31 at 00.57.22

 

 

 

 

 

 

 

 

 

 

 

3 – PingPlotter Standart (Free or Paid) I use

pingplotter free

Screen Shot 2016-07-31 at 00.34.28

Selam Arkadaşlar,

Aruba versioyunu olan AOS 6.4.3.2 versiyonunda diğer versiyonlarda başınıza gelmeyecek bir olay ile karşılaştım.

Bazı durumlarda kurmuş olduğumuz Controller cihazlarının kalıcı lisansları gelene kadar, geçici olarak lisans yüklüyoruz. Lisansların temin edilme sürecinde bu şekilde Controller üzerindeki FW yetenekleri ve role base özelliklerden faydalanıyoruz. Bir müşterimizde bu süreç aşamasında kalıcı lisansları eklemek için Controller’a girdiğim zaman geçici lisansların bitmiş olduğunu gördüm. Fakat diğer versiyonlar da olmayan bir durum söz konusuydu. Süresi bitmiş olan lisanslar license sekmesi altın da gözükmüyordu (!). Daha sonrasında Controller üzerinde yapmış olduğum role tanımlarının da olmadığını gördüm. İşi özetlersek, Koymuş olduğumuz geçici lisanslar ile gelen özellikler, bu geçici lisans bittiği zaman otomatik olarak arka planda siliniyor. Release Note ‘ları kontrol ettiğim zamanda bu konu ile ilgili bir değişiklik ile alakalı bir yazı göremedim. Böyle bir durum ile karşılaşınca tekrar tüm role tanımlarını yeniden yapmak zorunda kaldım. Özellikle Controller – Radius entegrasyonu yaptıysanız ve farklı roller var ise bu sizin için sorun yaratabilir.

Kolay Gelsin.

Centos / Fedora

 

Ubuntu

 

Yönetmiş olduğumuz sistemlerde kullanmış olduğumuz bazı iptables komutlarını sizlerle paylaşıyorum.

Mevcut çalışan kuralları görmek için;

iptables -L

Yazmış olduğumuz kurallara gelen paketleri görmek için;

iptables -L -nvx

iptables “help” menüsünü görmek için;

iptables -h  (aşağıdaki çıktı ile karşımıza çıkar.)

merttest@merttest:~$ iptables -h
iptables v1.6.0

Usage: iptables -[ACD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)

Commands:
Either long or short options are allowed.
–append -A chain Append to chain
–check -C chain Check for the existence of a rule
–delete -D chain Delete matching rule from chain
–delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
–insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
–replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
–list -L [chain [rulenum]]
List the rules in a chain or all chains
–list-rules -S [chain [rulenum]]
Print the rules in a chain or all chains
–flush -F [chain] Delete all rules in chain or all chains
–zero -Z [chain [rulenum]]
Zero counters in chain or all chains
–new -N chain Create a new user-defined chain
–delete-chain
-X [chain] Delete a user-defined chain
–policy -P chain target
Change policy on chain to target
–rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
–ipv4 -4 Nothing (line is ignored by ip6tables-restore)
–ipv6 -6 Error (line is ignored by iptables-restore)
[!] –protocol -p proto protocol: by number or name, eg. tcp'
[!] --source -s address[/mask][...]
source specification
[!] --destination -d address[/mask][...]
destination specification
[!] --in-interface -i input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--goto -g chain
jump to chain with no return
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
[!] --out-interface -o output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default:
filter’)
–verbose -v verbose mode
–wait -w [seconds] wait for the xtables lock
–line-numbers print line numbers when listing
–exact -x expand numbers (display exact values)
[!] –fragment -f match second or further fragments only
–modprobe=<command> try to insert modules using this command
–set-counters PKTS BYTES set the counter during insert/append
[!] –version -V print package version.

iptables’a yeni bir kural eklemek için;

iptables -I INPUT -s x.x.x.x/32 -j ACCEPT (Bu komut satırı ile INPUT chain’i içine “-s” source olarak x.x.x.x/32 destination yönüne izin veriyoruz.)

iptables üzerinde belirli bir satıra kural eklemek için;

iptables -I INPUT  11 -s x.x.x.x/32 -j DROP (Bu komut satırı ile INPUT chain’i içinde 11. satıra bu kuralı eklemiş oluyoruz.)

iptables üzerinde girilmiş olan bir kuralı silmek için;

iptables -D INPUT -d x.x.x.x/24 -j ACCEPT (Bu komut yardımı ile başına koymuş olduğumuz “-D” ile girmiş olduğumuz bir kuralı kaldırabiliriz.)

 

Kolay Gelsin.

Mac üzerinde kurmuş olduğunuz Outlook üzerinden mail gönderirken “Kimlik doğrulama hatası” alıyorsanız, aşağıdaki tanımı yapmanız yeterli olacaktır.

İlk adım olarak aşağıdaki doğru bir şekilde girmemiz gerekiyor.

mac-outlook-outgoing

 

 

 

bu bilgileri doğru girdikten sonra “More Options” diyoruz. Karşımıza gelecek olan ekranda aşağıdaki gibi tanımları yapıyoruz.

outlook-outgoingserver-settings

 

 

 

 

 

 

 

tüm bu tanımları düzgün yaptıktan sonra tekrar mail gönderimini test edebilirsiniz.

Kolay Gelsin.

Huawei Access Point üzerinde 2. eth por’u farklı bir vlan’a yada havadaki bir vlan’a üye etmek için aşağıdaki adımları izlemeniz yeterli olacaktır.

Bu işleme genel olarak havada yayınlamış olduğunuz vlan 928 ‘ i kablolu taraftaki client’lar içinde aktif etme senaryolarında işimize yaramaktadır.

Özellikle hava farklı kablolu tarafta farklı vlan’a düşürmek için çok yararlı oluyor.

 

Adımlar – Configuration > AP Config – AP Config “Bu bölümde ilgili AP’yi seçiyoruz.” > AP > “Cihaz modeline göre portlar eth yada ge olabilir. Uygun interface’i seçiyoruz.”

Ekrandaki adımları yapıyoruz.

 

Aşağıdaki ekranda AP’nin GE1 port’u access olarak vlan 928’e üye durumdadır. Bu porta ister dummy switch ister client bağlayın. Otomatik olarak 928 üzerinden çalışacaktır.

 

huawei-eth2

Merhaba,

 

Aruba Controller üzerinde user debug açmak için aşağıdaki komutları kullanabilirsiniz.