My recent activities!

The technology in next 50 years

2005-12-29T15:50:00.000+03:30

We all know that the technology is strongly tightened with our lives; if we look around we can easily find technology footprints. We are surrounded by technology, we are borne with technology and live with technology. It's been long time that this phenomenon is penetrated to any aspect of our life.

As a proof we can refer to UNESCO reports and announcements that define literate individuals as people who are able to program computers. This implies the fact that we need to employ technology in order to find ourselves as a member of a modern society.

This is the beginning, technology growth will never stop, and hence living in modern societies enforces us to employ this phenomenon more than ever. No one could believe that those big, heavy and low quality music players would be replaced by small, light and high quality digital music players? This particular example shows the tremendous increase of mass storages density, at the century of information, mass storage devices became abundant and everybody holds a huge amount of information in hand and move them as he walks.

Next 50 years is the scene of battle of technology owners to consume more resources and bring us more technological facilities to ease our life. Having integrated communication devices makes the world smaller than ever, every body can communicate with his/her family within a fraction of time, yet another question, does this small world make people closer when you can sit far away from your family and speak to them remotely? What does it mean when we say to our friend "see you soon" or "be in touch"? In my point of view technology can be a strong wall with a small window between individuals. Today is the time of thinking about what we have lost and what we are losing, we achieved a lot, still there is a long way but if we forget ourselves we might consume human being existence to produce technological innovations.

From a positive point of view, we can expect upcoming innovations helping us to think and see our surroundings better than before, exploring further areas in space, recovering our consumed resources by out sourcing from other planets.

Today, technology is the most important part of our life; we can not eliminate it as it's growing as human being grows, it continues and we expect more and more innovations as result of technology progress. To believe or not, we will use this phenomenon in all aspects of our life.

Author: Mohammad Ali Sarbanha
Editor: Mrs. F. Nezami

Using NetMeeting to share your Desktop

2005-09-15T13:16:00.000+04:30

NetMeeting, like any other Client-Server technologies, need two different types of configuration to share your home desktop to be accessed from remote.
At Server side you need to configure NetMeeting to host your connection session, after configuring the server side you will have a service running on your system waiting for remote connections, for the client side you don’t need to do very specific settings.

Read full story.

Loading Cisco IOS from ROMMON...

2005-07-02T18:26:00.000+04:30

Few days ago when I reloaded my Cisco 3725, it didn't come up, I tried many times, I found that it can not be the IOS problem, though it could't be found by the router, I finally recovered that problem, my Cisco Instructor, Charles, gave me useful hints to fix my problem.
Here I want to tell you about useful commands in ROMMON mode which help you to run your IOS from flash: memory, dir and boot , see the examples below:

rommon2> dir flash:
File size Checksum File name
5358032 bytes (0x51c1d0) 0x7b16 c2600-i-mz.122-10b.bin
rommon3> boot flash:c2600-i-mz.122-10b.bin

You can find more information about those commands in here.
http://www.cisco.com/warp/public/130/recovery_c2600.html

Free Sony-Ericsson Theme for T68i

2005-07-02T17:51:00.000+04:30

Today I made a theme for my T68i cell phone, I decided to put it on my website as a gift to my website visitors, below you can see theme sample, if you like it you can download it to your cell phone.

NOTE: I tested this theme on my cell phone but I do not take responsibility of any kind of malfunctioning or damages on your cell phone regarding to use of this theme.

>>>Click here to download Theme<<<

Loading Cisco IOS using TFTPDNLD !

2005-05-14T14:18:00.000+04:30

Suppose you lost your Cisco flash memory and you need to download a new IOS using ROMmon mode, my Friend Ahmed Magdy who is my Cisco instructor as well, gave me the following instructions.

Step 1:
Put your TFTP Server and Cisco router on a LAN segment. You should know TFTP Server IP address, IOS image name, Subnet mask of the network which your TFTP Server is connected to, and if your router is not connected to the same LAN of your TFTP Server you should use the gateway address as well.

Step 2:
Follow these commands,

rommon 1> IP_ADDRESS=10.1.1.110
rommon 2> IP_SUBNET_MASK=255.255.255.0
rommon 3> DEFAULT_GATEWAY=10.1.1.111
rommon 4> TFTP_SERVER=10.1.1.111
rommon 5> TFTP_FILE=c2600-jsx-mz.122-10a.bin
rommon 6> TFTP_VERBOSE=2
rommon 7> TFTP_CHECKSUM=0
rommon 7> tftpdnld

IP_ADDRESS: 10.1.1.3
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 10.1.1.3
TFTP_SERVER: 10.1.1.3
TFTP_FILE: c2600-js-mz.120-8.bin

Try to memorize, this is a useful comment for a network expert....
You can check following links as well,
http://www.cisco.com/warp/public/471/76.html
http://www.cisco.com/warp/public/471/76.pdf

BSCI means Building Scalable Cisco Internetworks

2005-04-03T15:15:00.000+04:30

One of my favourite things that I really like by heart is to learn and learn and learn..... last month I attended in BSCI course and learned lots of new things and experienced a lot. Of course my instructor Charles helped me too much and I really appreciate him because of all of his efforts that put to help me learn whatever I didn't know.

Thanks Charles....

3Com Switch Password Recovery

2005-03-16T09:12:00.000+03:30

Today I tried to find how I can recover a lost password of 3Com Manageable Switch for my further reference, we use 3Com Manageable SuperStack3 Model:3250, you can try this procedure with the other models it might work.

Follow these steps to recover the password:
1. Connect your PC serial port to console port of your device, use Hyper Terminal as a dumb terminal with these communication settings, 8-N-1, Flow Control = Hardware, baud rate = 19200.
2. To force device to go to password recovery mode enter recover for both login and password.
3. Device goes to the recovery mode and it shows counting down for 30 seconds, during this period you should turn of your device and turn it on.

Note: GIVE AT LEAST 15 SECONDS TO THE DEVICE BEFORE TURNING IT ON

4. After starting up, the device asks you for a new admin password.

Enjoy it!

Google Search Language Setting

2005-01-30T08:15:00.000+03:30

Since I use Google search in my website, I had a small problem with its results. Google normally checks your IP address, regional settings and cookies then return results in your language if its possible. In my case I got different languages in different browsers, when you create search profile in Google control panel, it does not provide any feature to set the search result language.
To solve this, when you search normally through Google website, look through the query string showing in your address bar, a parameter named hl holds language name of the result, if you change its value like this hl=fa you will receive search result in Persian, and en is for English.
For your website you need to add this inside Google search form for English language:

<input type="hidden" value="en" name="hl">

For other languages, at this time, Goggle supports these languages:

Persian=fa, Arabic=ar, English=en, Indonesian=id, Romanian=ro, Bulgarian=bg, Estonian=es, Italian=it, Russian=ru, Catalan=ca, Finnish=fi, Japanese=ja, Serbian=sr, Chinese (Simplified)=zh-CH, French=fr, Korean=ko, Slovak=sk, Chinese (Traditional)=zh-TW, German=de, Latvian=lv, Slovenian=sl, Croatian=hr, Greek=el, Lithuanian=lt, Spanish=es, Czech=cs, Hebrew=iw, Norwegian=no, Swedish=sv, Danish=da, Hungarian=hu, Polish=pl, Turkish=tr, Icelandic=is, Portuguese (Brazil)=pt-BR, Portuguese (Portugal)=pt-PT

Other Languages may be supported, if your language is not listed above you should check at Google website.

Picas2 Category Password Recovery....

2005-01-25T11:58:00.000+03:30

When I was trying Picasa2 features I found that it can protect specific categories by password, I set a password, after a while I forgot it!!!! I tried google to find password recovery for Picasa2, but there was nothing on the web, to be honest, I didn't search too much because I was almost sure that I can solve it ;-)
Anyway, This might help you to recover your Picasa2 category password.

1. Open this folder on your computer:
[localUsernameProfile]\Local Settings\Application Data\Google\Picasa2\db
2. Remove (Or Rename) this file: catdata_info.pmp
3. Open Picasa2
4. Change the password of that category
5. Exit from Picasa2

After that you will find another catdata_info.pmp in that folder

Have Fun!!

Hello and Picasa2 are good softwares!

2005-01-25T11:45:00.000+03:30

Today I found these two softwares very useful to manage my pictures and share them with my friends, I installed both of them, at first glance they look very strange but easy to understand, after you start working with them you will find that their dictionary is completely different from other common softwares, I think they will add some new words to our Computer/Internet vocabulary, these two softwares are other inventions of Google and I think they can be more common for home users.
Picasa manages your pictures and Hello lets you communicate with other Hello users and share your pictures, when you chat with your friends try some smilies, they are funny I tried ':)' ':(' 'XO' 'LOL' , you may find more!
Picasa and Hello work together, it means when you receive a picture from your friends on Hello you can have it in you Picasa as well, even you can have chatting archive.

You can find them from here:

Picasa: http://www.picasa.com/
Hello: http://www.hello.com/

GAG! The Graphical Boot Manager.

2005-01-12T11:53:00.000+03:30

I was looking for a simple and easy to user/install software to use it as multiboot manager on my laptop. I googled and found a very simple boot manager, it's just a free software which you can download it from http://gag.sourceforge.net/download.html , then you just need to make a floppy and ...... Okay.. When you download the zip file, read install.txt to find out how to deploy this small software.
About the features I just copied following information:

Allows boot of up to 9 different operating systems.

It can boot operating systems installed in primary and extended partitions on any available hard disk.

Can be installed from nearly all operating systems.

GAG doesn't need its own partition. It installs itself in the first track of the hard disk, which is reserved for these kinds of programs. It can also be installed on a floppy disk, without using the hard disk.

It has a timer to boot a default operating system (selectable by the user).

The configuration menu can be protected with a password.

The program works in graphic mode (needs a VGA or better graphic card), and has a lot of icons.

Hides the primary partitions which allows the user to have installed more than one DOS and/or Windows in the same hard disk.

Allows a password to be put on each operating system, denying access to non-authorized people.

Allows the boot manager text to be translated to all languages.

Can exchange disk drives, allowing to boot from the second, third... Hard disk operating systems such as MS-DOS.

Has the SafeBoot system, that allows to boot your hard disk even if GAG is accidentally overwrited.

Supports a great variety of keyboards (QWERTY, AZERTY, QWERTZ and DVORAK keyboards).

Fully support for hard disks up to 4 terabytes (4096 gigabytes).

Full version and free software (distributed under GPL license, with source code)

..... Enjoy it!

Mozilla Firefox is amazing!

2005-01-09T16:32:00.000+03:30

I'm really excited since I ran Mozilla Firefox 1.0 on my PC for the first time, I found Internet Explorer features and Mozilla security in Firefox. Specially I found it very quick and tiny!
One of the most important features that other well known softwares does not support in a good manner is Site Feed Handling. With Firefox you will be informed if the website you are visiting has Site Feed.
Firefox sister is Thunderbird, which is a powerful mail client, I like it. It handles Site Feeds like e-mails so you can be more comfortable with this part of it.
The most important part of an e-mail client is to be able to work with large files, I didn't check this software with lots of e-mails, if Mozilla programmers haven't check this before, your huge amount of e-mails might overwhelm the software's normal activity!
My suggestion is to backup your e-mails occasionally and don't let your mail directory become too big.
Two things are useful to be added when Mozilla programmers revise the software. Ability of dragging and dropping e-mails from mailbox list in Thunderbird and copy them to a real folder on the hard drive with .eml extension, like outlook. This will help user to be able to make a clean back up of his/her e-mail.
Another thing, its good idea to add Tray Icon in software, so the user can hide Thunderbird's window and its button from Task bar and have the software running when user are doing other tasks.
I suggest you to use this software and enjoy browsing the net, if you are not windows users or you use different language you can use it either. Check Mozilla website to find more information.

http://www.mozilla.org/

Okay, my friend joined to the game!

2005-01-09T14:57:00.001+03:30

For people who knows farsi language they can use his blog to improve their knowledge about compiling FreeBSD Kernel.
http://j2ee-saleh.blogspot.com/2005/01/kernel-freebsd-freebsd-source-mount.html

I recoomend you to follow his blog...

How to use .htaccess files for APACHE HTTP Server

2005-01-07T19:57:00.000+03:30

If you have important information which you don't like to make them public, you can use .htaccess files to customize your directory. But you have to ask from your provider if they can provide you .htaccess file.
I post this memo because lots of people use shared hosting services because of their cheap prices, so if you are going to put important information on those type of hosts, asking about this feature will help you for your further website developments.

First of all you should have your passwd file to be uploaded on the server, or the hosting service provider should give you some tools to handle this file. After you create your passwd file you should put in a secure place that nobody can access it. of course you should be able to access it through FTP or webtools to handle users and passwords.

If your provider doesn't have these tools you can create password file yourself.
You need Apache Webserver to be installed on your computer you can find htpasswd.exe in [apache home]\bin directory. Using this command is so easy. If you run it without any parameter it will show you usage and parameters.
For instance you can use this command as follows:

c:\ApacheHome\bin> htpasswd -c users.pwd sarbanha
Automatically using MD5 format.
New password: ***********
Re-type new password: ***********
Adding password for user test

C:\ApacheHome\bin>

Now you have a file named users.pwd, later if you want to change the password you don't need to use -c parameter.
Okay, You already have a simple password file. Two other files are needed, one to secure a directory on webserver and the other one is to force HTTP Authentication for directory visitors.

Now make a directory on your host to store your password file, before uploading
your password you should be sure about its security.
Create a text file named .htaccess with the following content:

Deny from all

Then upload it to the directory which you created to put your password files. Try the directory it shouldn't allow you to view its content otherwise there are two possibilities, first you put your file in a wrong place or your provider does not let you use Limit tags like Deny or Allow in your .htaccess file, So you have to cunsult with your provider to provide you a secure directory and give you its full path so you can upload your password files there.

Okay, when you make sure that you have a secure place for password file you need to upload it there, you have to know its correct full path name otherwise your directory visitors can not be successfully authenticated.

Time to creare another .htaccess file which is our goal. Just to remind the subject we are doing this to secure a portion of a website, let say a sub directory of our website.
So, create a new .htpasswd file with the following content:

AuthType Basic
AuthName "Password Required"
#Chenge the the path to your password file in the next line
AuthUserFile /hosts/mywebsite/www/passwords/users.pwd
Require valid-user

Note that AuthName tag is only a prompt, you can change it to whatever you want.

Now if you upload this file into any directory, it needs HTTP Authentication and the visitor should enter a correct password to be able to visit that part of your site.

Thats it, if you have done this procedure correctly it should work.

Another small tip is, if your service provider does not let directory visitors to be able to read your password files or it has a special format or extention for password files you will need only one .htaccess file. I mean you don't need to creat a directory and secure it yourself. So you can omit the first .htaccess creation.

Is it Microsoft bug or SQUID cache server bug?!

2004-12-27T16:15:00.000+03:30

These days I received lots of complains from my network users about logging into HOTMAIL, I installed an squid cache server in the transparent mode and it was working fine.
I found out that when a user use IE6 and after logging into HOTMAIL.COM, instead of mailbox a blank page was appeared! But with Netscape 7.2 which I normally use, there is no problem!
After some work around the issue I found out that its because of header encoding which IE uses to place its requests.
Getting rid of this problem is very easy but the concept from SQUID Cache server point of view is, we have to anonymize headers to not to use encodings.

for SQUID version 2.5.STABLE7, use the following configuration in squid.conf:

header_access Accept-Encoding deny all

for SQUID Version 2.4.STABLE6

anonymize_headers deny Accept-Encoding

the second configuration may work for HOTMAIL, but check with GMAIL this might not working! its better to upgrade your SQUID if you have old version.

PF Firewalling small tip

2004-11-20T19:25:00.000+03:30

I was trying to block HTTP access of one of my users, I have a SQUID Cache server/Gateway in my network bottleneck and I just use one of Ethernet ports of that server just for catching HTTP connections and cache contents, I also installed a PF as Firewall. As you may know with PF is very easy to block any kind of access inbound or outbound, I used following command to not to let my user be able to initiate HTTP requests by editting /etc/pf.conf:

block in on bge0 proto tcp from 10.0.0.1 to any port 80

But I experienced a strange thing, the client was able to use HTTP, I also checked my SQIUID, all user queries were passing through SQUID proxy, the reason was because PF redirects packets before any kind of filtering!

IMPORTANT: PF redirects packets before any kind of filtering

So then, I edited /etc/pf.conf like this:

table { 10.0.0.0/8, !10.0.0.1 }
.
.
.
rdr on bge0 proto tcp from to any port 80 -> 127.0.0.1 port 3128
.
.
.
block in on bge0 proto tcp from 10.0.0.1 to any port 80

after configuration following commands reload the new configuration:

$pfctl -d -k localhost
$pfctl -e -f /etc/pf.conf

Now my user with a static 10.0.0.1 is not able to use HTTP, that was only a test! nobody want to limit HTTP access for a user!

Multiple Websites on a single Host

2004-10-05T18:08:00.000+03:30

Have you ever stopped how shared Hosting service providers put multiple websites with different domain names on a single host and single IP? They usually call it shared webhosting in contrast with dedicated servers, if you are curious to find out how it works read this PDF.

Multiple Websites on a sigle Host

Later, I will add some documents about Tomcat and Apache Webserver, though the concept is the same.

Web Hosting and Domain Registration

2004-10-05T16:54:00.000+03:30

Today I started my new business, now I am representative and reseller of a WebHosting company, I can offer you best prices, so send me an e-mail for details, be sure that you will find it cheaper than the other companies! Try it!
The Datacenter is based in Canada and Domains will be registered on tucows!

Here is my website

2004-09-21T09:08:00.000+03:30

These days I was busy with my website, I prepaired it using JSP/Java/Servlets and Net beans, but my provider still didn't send me information about the J2EE facilities of their hosting, I had to launch my website so I moved to PHP for first time.
PHP is like JSP but it doesn't compile to a servlet or any other binaries, PHP translates pages as they are requested then it generates an out put. I found that its very useful to make reports.
In PHP you just need to make your file as a text document then insert some PHP tags for your specific purposes then pass that file to PHP interpreter:

$ vi myfile.php
$ php myfile.php

Then it will show your text containing result of PHP processed data. I enjoyed using PHP, its fast and powerfull, you can find more information about PHP in its official website, documentation is very good and prepared in different formats.

PHP Website: http://www.php.net

BLOCKING SPAM GENERATORS IP ADDRESSES ON QMAIL MTA

2004-09-15T19:18:00.000+04:30

Well, today I studied some new points about blocking spams, lots of ways, I chosed one, I don't know how effecient is it. I added some spice to my mail server. Let's see how....
There are lots of websites providing different types of databases to let your spam blockers how to distinguish between spams and good e-mails,

Some ways are like DNS Lookups for bogus IP addresses, using dummy SMTP servers, using deferral SMTP daemons, firewalling and blocking bogus spam senders, They way I have chosen today was blocking IP addresses from TCPSERVER which handles my mail server services, the TCPSERVER provide TCP connectivity for any TCP based service, I should tell you that my mail server is installed on FreeBSD, so all given information is based on that OS.

those guys who installed qmail with Life With Qmail direction they remember that if they want to give access of connecting to SMTP server to specific network they should do this:

echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb

Okay, http://www.spews.org provides you a prepaired cdb that you can download it from http://spfilter.openrbl.org/data/output/DEFAULT.qmail_uce.bz2 , now you are ready to set it , just add your network specific settings and make new cdb, then reload int into your server.
When you download DEFAULT.qmail_uce.bz2 use bunzip command to unzip it and add it to current tcp.smtp follow these steps:

bunzip DEFAULT.qmail_uce.bz2
use vi DEFAULT.qmail_uce and replace all allow keywords to deny
cat DEFAULT.qmail_uce >> /etc/tcp.smtp
qmailctl cdb

I kept my eyes on the server to see changes. it blocks more than 2/3 of spams on my network.
Remember that its not the end, you should check http://www.spews.org/ occasionally for new updates.

Custom Printer Paper size!

2004-09-11T13:53:00.000+04:30

Have you ever tried to add a new paper size for your printer? Today I tried to define my fanfold paper size in windows, I thought that would be useful to share it with others,

Follow these steps to add new paper size:

Go to Start->Settings->Printers
Select one of your printers ( Just Select Single Click)
From menu bar select File->Server Properties
Now you can add a new Customized Form size in Forms tab

If you spent more time you can fine usefulthings in that window

New day! New problem!

2004-09-09T11:27:00.000+04:30

Actually there was no problem today; I just finalized my other plan in order to provide a better service for the company customers. In our network we provide two major services, first, dial-up internet access, second, POP3 e-mail.

Currently, users from outside can connect to our dial-up lines which are low quality analogue PSTN lines; we already have internet access on new digital E1 lines but e-mail users still using the old service. It's been long time that I have this idea in my mind to move them all using new digital lines instead of those old lines. I had a design, today I made it.

Yesterday, I installed my last Firewall/Webcache which prepared with FreeBSD, pf Firewall and SQUID web cache and I decided to use them to let our e-mail users to login to the same network access server without having access to internet, I needed a private IP range to assign it to mail users so first of all I added a new IP pool to their group in range 10.0.0.0/8 then enable NATting on my firewall on one interface, its a little bit strange to do NAT on one interface having routing and firewalling, looks like a messy job, I add an alias on that interface and made an internal network with no route to outside.

Well, this internal network was between my web server, name server and mail server. They were supposed to be on that network as well as the public network, because users were going to access them through 10.0.0.0/8 network. You may ask why I had to do NATting when all users and our network are at the same IP range and physical network. I was thinking like this, I mean I didn't add IP alias to any of my servers; I just tried to use only NATting.

As you can see users are supposed to access the other servers through Proxy/Firewall, because DNS server resolves names with public IPs so I had to use NATting to give them access to Intranet servers, I tested the setting from LAN, I set my computer IP in B.0.0.0/8 network and the gateway was B.0.0.1/8. I worked, I thought that its possible for Dial-up users which connect to the access server to be able to do same, So I tried it with dial-up, it didn’t work! After an hour of investigating TCP/IP packets and traffic, I found a strange thing, I found my packets go through Firewall and NATted correctly but when they come back from servers they look for B.0.0.0/8 network to reach originating address, I couldn’t find the reason and I just tried different ways to see the differences, the only way that I found was to add an alias IP address for servers interfaces in B.0.0.0/8 range. Now, servers are accessible from their public addresses, through LAN and Dial-up. But still I’m thinking how its possible!

SQUID CACHE INSTALLATION

2004-09-07T09:19:00.000+04:30

Nowadays, you can see too much of internet resources are consumed by useless garbage like spams, virus traffics, circular forwarded useless e-mails and many other stuff....

Its administrator’s job to decrease internet traffic with using power of accelerators, caches, antispams and software’s like that....

Today I installed new web-cache server, the most famous one SQUID. About a year ago I installed one on OpenBSD with a Compaq proliat, but the server was not so powerful to handle all demands as fast as you can feel it. The company bought Two Compaq G3 servers, I installed one as corporate mail server using Qmail on FreeBSD, the last one that I was working on today, I used it as Network Gateway and Firewall, I'm sure it can handle all demands, so I'm not worry about that.

The reason I'm writing this is to tell you some directions to make your own cache server, you can easily find more resources on the net which can help you to install SQUID and FreeBSD and I don't want to duplicate all of them. I just give you some useful directions.

FreeBSD or OpenBSD?
I prefer to use OpenBSD because its very fast and minimized, and I believe its very secure, though FreeBSD is good and secure, both are very stable, I am using both of them when I work with OpenBSD I feel better, that’s the feeling....I don’t want to argument ;-) ...
OpenBSD has its own pf firewall but on FreeBSD you have to use pf as a port and you may face with some difficulties but it works.
The most important advantage of FreeBSD is that it can be installed on Smart Array, if you want to install you OS on a new generation servers which use Smart Array, Mirroring/RAID systems you have to forget about OpenBSD at least for these available versions.

Try to get the latest STABLE version of your OS and check the MD5 checksum then install it once to and see if everything is normal then continue the procedure, the OS I recently used to install my SQUID was FreeBSD 5.2.1 Release version

http://www.freebsd.org/ is official FreeBSD website and http://www.openbsd.org/ is for OpenBSD.

What else you need?
You need to get the pf port from http://pf4freebsd.love2party.net/ but its easier to install it through ports, you can follow my steps if you have your OS installed and connected to Internet:

1. cd /usr/ports/security/pf
2. make

Then it will start downloading pf from http://pf4freebsd.love2party.net/

3. make install
4. cp /usr/local/etc/pf.conf.default /etc/pf.conf

Finished, now have pf downloaded and installed, but your kernel is not capable of using pf, you need to rebuild and install a new kernel capable of using pf firewall, see here to find more information about compiling FreeBSD kernel. If you are not going to install a transparent webcache/proxy server you can easily jump over pf installation.

You need to add these items in you kernel configuration file:

device bpf
options PFIL_HOOKS
options RANDOM_IP_ID

you don’t need to memorize these items because as soon as you install pf it will show you these items which must be enabled in your OS kernel, then it will ask you if you need to do all changes in you rc.conf files, I suggest you to have a copy of your rc.conf but I usually trust it, it doesn’t add too many lines to the rc.conf file, these items will be added to rc.conf:

pf_enable="YES"
pf_logd="YES"
pf_conf="/etc/pf.conf"

Installer might set pf_conf to different location, check rc.conf, and set the correct one, if you are following this document you should set it to "/etc/pf.conf"
Then save the followinf shell script as /etc/rc.d/pf and make it executable and read-only:

#!/bin/sh
# PROVIDE: pf
# REQUIRE: DAEMON
# KEYWORD: FreeBSD

/usr/local/etc/rc.d/pf start

IF YOU HAVE BETTER SUGGESTION YOU WILL BE WELCOMED, SEND IT TO ME AND I WILL REPLACE IT WITH THIS SIMPLE SCRIPT.

Installing SQUID
Before installing the SQUID you just need to download its latest STABLE version from http://www.squid-cache.org , you can find lots of useful documents at that website specially, Squid put its latest documentation in a well formatted RTF file you can get it from http://squid-docs.sourceforge.net/latest/zip-files/book-rtf.zip the version I used was squid-2.5.STABLE6 .

When you get the tarball zipped version of it open it under /usr/local/src directory, follow these steps:

1. mv squid-2.5.STABLE6.tar.gz /usr/local/src
2. cd /usr/local/src
3. tar xvfz squid-2.5.STABLE6.tar.gz
4. cd squid-2.5.STABLE6
5. Run ./configure --help to see configuration options, select options which suit your needs then use ./configure to make your squid source ready for compile and installation
6. make
7. make install

Now you have your squid installed in /usr/local/squid, but if you use another installation directory using --PREFIX=[...Directory...] option , you should find it in that directory.

OK! Installation is over, you just need some configuration to make you SQUID running.

Decide! if you need to install transparent cache server or normal one, its easy to ask you users to use proxy by setting their browser but the beauty of your job is to make your users life easier installing SQUID as a transparent proxy needs more steps but your users get about 10% better internet speed.

Then select a directory to lay out your webcache file system in that, it must be big enough to fit your cache needs, I usually use a separate partition mounted as /cache, then give its ownership to nobody:nobody.
Same access must be gained by /usr/local/squid/var/ directory and its subdirectories.

Configuring SQUID
Five magic words are used to setup your SQUID as a transparent webcache

1. http_port=3128
2. http_accel_host=virtual
3. http_accel_port=80
4. http_accel_with_proxy=on
5. http_accel_uses_host_header=on

You should do these modifications in /usr/local/squid/etc/squid.conf.

NOTE: Remember that your new installed SQUID will never give any access to HTTP requests, you need to find line access deny all and add these lines before that:

# replace you network range below
acl myNetwork src 10.0.0.0/255.0.0.0
access allow myNetwork

IMPORTANT: If you allow all ranges to have access to your proxy after a very short time you will see too much traffic on your network, there are lots of people who are looking for free open proxies to gain access to porn sites or even websites which they normally cannot access.

Find cache_dir tag and set it like this:

cache_dir ufs [cache dir you prepared] [cache size] 16 256

You can change 16 and 256, you can find more useful information about these setting in squid.conf itself, these numbers are depended to you needs and server configuration.
SQUID Configuration is finished, unless if you want to do some additional modifications on that.

Now you need to create you cache file system structure use this:

/usr/local/squid/sbin/squid -z

Wait until it finishes the job, it may take several minutes keep you eyes on your hard drive if you don’t see any special activity on your HDD maybe you system is hung!
If your installation is clean and good you shouldn’t face with a strange problem, your problem in installation might be because of three things

1. Trying to install squid before making cache filesystem, squid -z
2. Mistyping a setting in squid.conf
3. Problem with cache or log directories, missing ownership/access assignment of these directories to user nobody:nobody

If you are sure about what you did, you might need to do some googleing to find more information.
To do final check run squid from command line

/usr/local/squid/sbin/squid

Then goto one of your clients on the network set its browser to use your cache server as proxy on port 3128, on the server you can use tail command to monitor access.log

tail -f /usr/local/squid/var/logs/access.log

If you followed steps from the begining, your server should work properlyIs everything OK?
If yes, now we are about to run it during system startup, save the following shell script as /etc/rc.d/squid :

#!/bin/sh
# PROVIDE: squid
# REQUIRE: DAEMON
# KEYWORD: FreeBSD

. /etc/rc.subr

name=squid
rcvar=`set_rcvar`
command="/usr/local/squid/sbin/${name}"
pidfile="/usr/local/squid/var/logs/${name}.pid"

load_rc_config $name
run_rc_command "$1"

Make it executable and read only!
Then add this line in rc.conf:

squid_enable="YES"

Okay! Have fun, restart your server and see what is happening!
Without login you client, the one you set it before, should be able to browse the net.

Make it transparent
Step one is to setup your server as a gateway, use sysinstall bring up Gateway feature during startup; see FreeBSD e-Book to find more.
Step two is to add this line in /etc/pf.conf :

rdr on bge0 proto tcp from any to any port 80 -> 127.0.0.1 port 3128

NOTE: You can substitute your functional LAN adaptor name instead of bge0 in this example
NOTE: If you have other settings in pf.conf it’s important to insert the line in its correct place.

Now, restart your server. Then go to your client and set its gateways address to your new server and remove those proxy settings from its browser. Use traceroute to make sure if it can route correctly, then browse the net. If you monitor /usr/local/squid/var/logs/access.log using tail command you can see logs rolling when you browse the net. Be sure that your browser is not using previous proxy setting.
If everything looks normal on your client, try to use all internet services to be sure about it, and then you can use your server as gateway.

This document does not cover all issues but at least you can experience installing your own webcache server. I hope this could be help for people who are looking for shortcuts.