₦airaland Forum

childish desktops! Mamba what do u think?

wow! for yahoo chat room lovers , download gyach. A linux IM that can connect to yahoo chat servers. I tried it on my fedora core 4 and i was impressed. I could connect any chat room easily. Don't expect much from the interface, but it works real good and smooth. Thanks to jogego.

Also, to all opera lover, you can google for opera linux version and download. it works splendidly with no fuss.

Again, music match juke box is now supporting linux. They ve not released any official version but test version can be download at some sites. i just downloaded the binary but haven't tried it.

To all amarok lover, amarok 1.3.2 is the bomb! The equalizer now works excellently- producing tight and clean, distinguishable bass and treble blast. I was overwhelmed. my whole room was turned into a blazing studio when i test the power of amarok 1.3.2 . The gstream engine have been rewriten. You can also download audioformat converter script for amarok at www.kde-look.org. The sound is too clean , i mean it! i m blasting P-Square 'Say Your Love'

Thanks jogego, i feel your yans!
It's high time people ,that knew little or nothing about linux, kept shut. i work on linux server configuration and i know the extent linux has taken system security to. Go read about iptables and feel the power of firewall. Norton or any windows antivirus is nothing compared to the power of iptables. Damn linux is good!
Let me say this, there were once viruses for linux at it's early development. Take it or leave it. But these viruses find it difficult to exhibit any malicious threat to linux files because of many reasons like the file permission, file system hierrachy, users permit, chroot, su, and lots. It was reported that even if a virus should get in and perform it act, it only affect the current user. As of today no virus has been announced. Moreover linux development is open, not money oriented- so even the so-called virus programmers are the ones securing linux since they help in it development(open source).

i love fedora core 4

for mail, we ll be using sendmail and dovecot:
sendmail handles your SMTP while dovecot takes care of POP.

i wll just talk about the reverse lookup for for 80.88.137.88 and leave you to do the 192.168.0.1

vi 80-88-137.zone

copy my script

;

; Filename: 80-88-137.zone

;

; Zone file for 80.88.137.x
;

$TTL 3D

@ IN SOA ns1.nairaland.com. root@nairaland.com. (

200509201 ; serial number

8H ; refresh, seconds

2H ; retry, seconds

4W ; expire, seconds

1D ) ; minimum, seconds

;

NS 80.88.137.88 ; Nameserver Address

;



88 PTR ns1.nairaland.com.

89 PTR myfriend.nairaland.com.



joftech, pls note that if i add another entry like this

88 PTR mail.nairaland.com.

i ll have two server listed for my reverse host or nslookup. Is this what you meant by replication?


that's all for BIND (DNS) configuration. do the other 192-168-0.zone file pls to avoid geting error, since it was indicated in your named.conf

now do

/etc/init.d/named start


root@anything# host mail.nairaland.com
gives the ipaddress

root@anything#host 80.88.137.88
gives you the fully qualified domain name.

Lets go to MAil server Configuration now.

@joftech, if your replication means you are having two servers listed for a nslookup, then you have to remove one entry from your A [/b]or [b]PTR

line in your zone files that point to same ip address.

the lines that follow are self-explanatory enough

for your mail server, the line

nairaland.com. MX 10 mail ; primary mail exchanger

is important, MX -Mail eXchanger, 10 - means this is the primary mail server. it recieves mails for your domain first incase you have two mail servers. another mail server will have 20 mail.

THen comes to your forward lookups

A means forward name to ipaddress lookup


when you type

host mail.nairaland.com

you ll get 80.88.137.88 reply

host seun.nairaland.com

gives you 192.168.0.1

let me explain the contents of this nairaland.zone file

TTL means Time To Live, here 3D means 3 days, you can change it too W- week, H- hours etc (find out the rest)

the explanation of @, SOA is beyond this tutorial, permit me. (To save me the stress and you the confussion). but not that i have root.nairaland.com. means root@nairaland.com please note the ending dot too. This indicate your hostmasters email address for your domain. the person that receive error mails or reports sent by programs to indicate their activity. some programs sends report to hostmasters in form of mail to indicate their activity or error . on my system i recieve mails from dhcp , init , squid , samba etc to indicate people connection and activities going on, got it?

the serial part is very important
this is what other DNS server connected to your uses to update themselves. so immediately after making any changes to your zone script, change this serial number to other DNS servers can update from yours. the serial number format is YYYYMMDDN
Y - year M - month D -day N -any single digit number

200509191 mean year 2005 month 09(sept) day 19 and number 1. if i make change again on day 19, i ll change N to 2, so easy.

now to the zone files

they are stored in
/var/named/chroot/var/named/

so you have to create two three zone files
1. nairaland.zone
2. 192-168-0.zone and
3.80-88-137.zone

i like the vi editor

so do

CD /var/named/chroot/var/named/
vi nairaland.zone

oops! less i forget

your /etc/hosts file has to be configured
192.168.0.1 seun.nairaland.com seun

80.88.137.88 www.nairaland.com www ns1 mail


127.0.0.1 localhost.localdomain localhost


okay


back to our zone files



vi nairaland.zone

this create a new nairaland.zone text file

copy my script and make necessary changes, okay?
;

; Zone file for nairaland.com

;

; The full zone file

;

$TTL 3D

@ IN SOA ns1.nairaland.com. root.nairaland.com. (

200509191 ; serial#

3600 ; refresh, seconds

3600 ; retry, seconds

3600 ; expire, seconds

3600 ) ; minimum, seconds

;

NS 80.88.137.88 ; Inet Address of nameserver



nairaland.com. MX 10 mail ; Primary Mail Exchanger



;

localhost A 127.0.0.1

seun A 192.168.0.1

mail A 80.88.137.88

ns1 A 80.88.137.88

www A 80.88.137.88

Note that i'm using a single system for my Firewall, Mail and DNS server here. incase u are not doing this u have to create a DMZ (de-militarized zone) for your servers and do some iptables forwarding and DNAT. i wll cover this later too.
but for now, firewall, mail and DNS server runs on one system, ok?

my WAN -eth0 is 80.88.137.88/29 (assumed ipaddress please i will cover subnetting too later.

my LAN -eth1 is 192.168.0.1/24

now i have to point to my reverse data base in this named.conf for my ip addresses like this

zone "0.168.192.in-addr.arpa" {

type master;
notify no;
file "192-168-0.zone";

};

can y see that the file is 192-168-0.zone
this is where i ll store my reverse lookup of systems under my 192.168.0.0/24 network

for my WAN also, note the (-) in 80-88-137.zone name please

zone "137.88.80.in-addr.arpa" {

type master;
notify no;
file "80-88-137.zone";

};

now straight to editing your named.conf

don't touch the first parts that's for caching name server!
just go down to the end of the script to add yours, ok?

remember our domain is nairaland.com, so we need to create a zone called nairaland.com and point to where you ll store its data like this


zone "nairaland.com" {
type master
notify no
allow-query {any;};
file "nairaland.zone";
};


notice the allow-query part: this means any network is allowed to use your dns server

this can also be edited as allow-query {192.168.0.0/24; };

Again i've indicated my zone file as nairaland.zone
the zone file configuration will be done later. This is where u store forward look ups.

I m working from slax live-cd,
my dns lookup to www.nairaland.com gives this

root@slax:~# host www.nairaland.com
www.nairaland.com has address 65.254.46.189
root@slax:~#

root@slax:~# host 65.254.46.189
189.46.254.65.in-addr.arpa domain name pointer www.nairaland.com.
root@slax:~#

Yu can notice the forward and reverse lookup replies differencies.

I ll try to make everything brief and explicit as possible.
i work with fedora core 4 so i ll be working in the chroot directory /var/named/chroot

other distro users should know where to find their named.conf file. it's mainly stored in /etc/named.conf and ur records are stored in /var/named/ , okay?

The major config file for BIND is named.conf located in
/var/named/chroot/etc/named.conf fedora distro pls

/etc/named.conf other distros

the /etc/named.conf in fedora is only a symbolic link

forward lookup is when u query a DNS for the ipaddress. eg
in linux u ll do

root@niggy# host www.nairaland.com

it returns u with the ipaddress of www.nairaland.com

in windows
do

c:/> nslookup www.nairaland.com

reverse lookup is when u query a DNS for the hostname or fully qualified name of an ip address

linux do
host 83.254.131.57

windows do

nslookup 83.254.131.57

pls i've not read this anywhere. it's what i think so if you have a better explanation, post it.
The question is now, why can't .com give the ipaddress straight off. No it won't , cause i call it division of labor. .com cannot keep all the ipaddress of all the systems in the world. so they have to allow other DNS to do it . The same apply to ur phone book directory.
you can't find lagos phone number under a phone directory meant for USA. U ve to look for Nigeria phone directory. Got it?

Also DNS server has the advantage of hosting ur local network too. with a DNS server within your site, you can now refer to other system by any name you want to call them without having to enter aliases into ur /etc/hosts file. eg seun's system, with hostname of seun, can be referred to as admin.nairaland.com by other users in .nairaland.com domain.
mail server in nairaland.com can be referred to also as mail.nairaland.com instead of the ipaddress for the local users.

let me now talk about forward and reverse lookup

ok, don't know if i have to explain the meaning of host/domain name in your URL. Let me.

To access a site u type www.nairaland.com in your URL.
Now, let me explain this. www is hostname or an alias of a hostname in a domain nairaland.com which is a zone under whoever is hosting nairaland.com domain. Hope u are not lost?

www.nairaland.com is now a fully qualified domain name. The scenerio is that we want nairaland.com to have their own DNS server, to resolve names of their website and mail server.
when u type www.nairaland.com is your browser URL, your system analysed it as host/domain name. so it knows the top domain name is .com hence it sends a query to .com which is one of the 13 authoritative root servers eg .com, .net etc.
.com now query the domain register under it. let say register.com is hosting nairalan.com. .com DNS now queries register.com for nairaland.com. register.com now queries nairaland.com DNS (which we want to configure soon) for www.
since nairaland.com DNS has the record for www. which is an alias for the apache web server with hostname webserver1, it now return the ipaddress of www.nairaland.com to register.com .......down back to .com then back to your web browser.
all these happen within a flash. so imagine what your web-brower has to do to get a url resolved.

DNS is handled by BIND package in linux. and BIND runs under a daemon called named.
fedora core 4 uses bind-chroot.
Let me explain, bind-chroot works like BIND too, only dat the directories where bind stores it files are changed. Normally BIND stores it files in two locations
/etc/named.conf
and /var/named/

but bind-chroot stores it files in
/var/named/chroot/etc/named.conf
and /var/named/chroot/var/named/

The reason for the chroot directory is to put hackers, that might enter your system through bind exploit,in a jail called chroot jail. so they end up not having access to your real /etc/ directory under your root hierrachy. Do you get that? ok
so BIND is still bind-chroot.

oops! what do you mean by zone replication?

hmm, i ll like to talk about configuring ur linux box to be a DNS server and Mail server for your domain.
i ve found this part interesting after lots of labour to learn them and configure my fedora core 4 to be both a Mail server and DNS server( likewise my fedora is configured to do MASQUERADE, Transparent Proxy, dhcp, web-cache, dns cache, ftp, telnet, samba, ssh, apache, virtual web-hosting
All these in one box? Yeah! I just love linux so i end up using my system as a medium to experiment all i'm reading. Studying DNS and Mail server took me two weeks. Note: DNS is different from dns cache. DNS (BIND in linux) resolve your fully qualified domain name to ip addresses and vise verser, while dns cache just stores dns information of frequently visited sites in a cache. with DNS , you can host other sites and also resolve names for your domain.
so on my system, my DNS resolves names for my web site, mail server, dhcp server, etc
sound interesting?
Mail server and DNs server goes hand-in-hand, so you have to learn both. your mail server will not work without a DNS server, cause you have to enter MX record of your mail server into ur DNS configuration script.

contribution and responses are kindly welcomed.

I forgot to mention this.
Incase u don't understand how dhcp work, u ll need this.
Everytime your client system-with dhcp enabled, boots, it sends a dhcp broadcast packet request to DHCP server with ip address of 255.255.255.255.
If your DHCP server has more than one interface, you have to add a route for this 255.255.255.255 address so that it knows the interface on which to send the reply:if not, it sends it to the default gateway.
Note: You can't run your DHCP sever on multiple interfaces because you can only have one route to network 255.255.255.255. If you try to do it, you'll discover that DHCP serving working on only one interface.
You might escape this if the DHCP server is also the default gateway,.
you can solve this problem temporarily by doing

[root@niggy home]# route add -host 255.255.255.255 dev eth1
eth1 is where your dhcp request is coming from, ok?

You can confirm this by typing
route
This will not stand a reboot, so you have to add it to your startup script
/etc/rc.d/rc.local

Enjoy linux

one of the easiest things to configure on linux is dhcp (dynamic host configuration protocol)
The script is located in /etc/dhcp.conf

you might not find it there at first so you have to copy it from this location
/usr/share/doc/dhcp-3.X/dhcp.conf.sample

so do
cp -r /usr/share/doc/dhcp-3.X/dhcp.conf.sample /etc/dhcp.conf (replace X with your version number, please)

you must be root to do this , ok?
And mind you, dhcp daemon must be running:

chkconfig --list | grep dhcpd
or
service dhcpd status

if not on do:

chkconfig dhcpd on
or
chkconfig --level 2345 dhcpd on
/etc/init.d/dhcpd start

Incase it fails do

touch /var/lib/dhcp/dhcpd.leases
This creat the dhcpd.leases file needed by dhcpd to work


Here is the script


[b]
ddns-update-style interim

ignore client-updates


#Enter you network and subnet mask here
subnet 192.168.0.0 netmask 255.255.255.0 {



# The range of IP addresses the server

# will issue to DHCP enabled PC clients

# booting up on the network


#Here a range of 201 to 220 ipaddresses will be assigned to your client. you can change it to any range you want.
range 192.168.0.2 192.168.0.100;



# Set the amount of time in seconds that

# a client may keep the IP address

# 24hour lease time

default-lease-time 86400;
max-lease-time 86400;



# Set the default gateway to be used by

# the PC clients
# Your gateway ipaddress here


option routers 192.168.0.1;

# Don't forward DHCP requests from this

# NIC interface to any other NIC

# interfaces

# if u have more than 1 NIC card, don't forward please.


option ip-forwarding off;



# Set the broadcast address and subnet mask

# to be used by the DHCP clients


option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;



# Set the DNS server to be used by the

# DHCP clients


option domain-name-servers 192.168.0.50;



# Set the NTP server to be used by the

# DHCP clients



option nntp-server 192.168.0.50;



# If you specify a WINS server for your Windows clients,

# you need to include the following option in the dhcpd.conf file:

option netbios-name-servers 192.168.0.50;



# You can also assign specific IP addresses based on the clients'

# ethernet MAC address as follows (Host's name is "laser-printer":

host laser-printer {

hardware ethernet 06:00:5b:5c:59:83;
fixed-address 192.168.0.120;

}

}

#

# List an unused interface here

#
subnet 192.168.2.0 netmask 255.255.255.0 {
}

[/b]

Notice that you can map a specific ipaddress to a mac-address like i did, since my printer runs on 192.168.0.120 system.
I ve added some commit, but the script is self-explanatory. So change your client bootup protocol to dhcp and never have to manually configure ipaddresses again.

Enjoy!
In case of any prob let me know,please.
i love fedora core 4

I'm currently downloading Elx linux, and write ma review

need a bandwidth manager for linux?
Download clarkconnect 3.1 release. www.clarkconnect.org or www.clarkconnect.com
I ve been using this since kernel 2.4 release (clarkconnect 2.1)
The latest is clarkconnect 3.1 with kernel 2.6.
It is basically a gateway, so don't expect kde or gnome desktop manager. it only present you with a text interface or terminal login. i prefer the tty login:
It's very efficient and allows a web-configuration throught ur lan. i.e you can configure it via a browser(internet explorer or firefox) using https( secure http).very nice. i preach only fedora core 4 and clarkconnect home edition 3.1
you can configure the bandwidth manager via the web interface only. it allows u to peg the bandwidth of clients on ur lan by their ipaddresses. u can allocate bandwidth for upload and download for any client's ipaddress and also by specifying sites like kaaza, gnutella etc and by protocol ftp, http etc.
It's in-built firewall has proven to be very effective. can detect intruders, snoofing , block spams etc. It does NAT, MASQUERADE, Apache, Mail server, Squid, DNS cache, Webcache, DHCP, SAMBA , priint server, ftp, telnet etc. It's basically a Gateway Machine.
The size is just 350MB+
Mind u,it's free!!
It doesn't have it's own GUI: only a text interface,tty shell login and web-config(GUI via your lan client). So don't expect ur favorite KDE or GNOME or other fancy desktop managers, okay? Installs within 15minutes! i love it. And it's up and running, with default Gateway setting of NAT and dns cache.
It's redhat 9 based, so if u understand redhat command line scripting , u can work ur way thru clarkconnet command line.
i've always been a command line person so i ve never had any problem with any distro i lay ma hands on.
i started my journey of linux with redhat 9, and i'm still with fedora- the first born of redhat, mandrake came out from redhat too, but has undergone so many customization and automation as of today(mandriva).

i'm currently working on some bandwidth commands for iptables, when i'm thru i ll post them to nairaland for test.

i love fedora core 4

This is a short-cut to bring out the running processes (task manager in windows) in kde 3.4.1

ctl+Esc

To terminate a gui task , do
ctl+alt+Esc
This produce a skull icon in replace of ur mouse icon, move this to the window which is not responding and left-click on it. Be careful,if you click on the desktop is stops ur kde manager!. To reverse this, simply press Esc
It's good to know that with linux , you hardly face hanging-windows problems! or tasks not responding issues!. So you ll rarely use this short-cut,if not at all. i can't remember when i had to kill or stop a non-responding task in fedora core 4. Everything just run smoothly.

My linux firewall configuration tutorial continues shortly. Here i shall touch, DMZ and Virtual Web-hosting, all with the use of the iptables

Does anyone knows where ma squid script and ma transparent proxy config post has disappeared to?

i love fedora core 4

now to transparent proxy,
i had my squid script posted early, so it can be used.
since both squid and NAT are enabled now, client systems on ur network can browse the internet either via the squid(proxy) or NAT. Less i forget, with transparent proxy u don't need to configure each client on ur lan to use proxy again. why? we shall see later.

since the local clients can still browse via NAT we now have to issue a command dat redirects all http request to port 80 on our firewall to squid port 3128. do u get the logics now!
your local client browser will not even know it's using squid! That's TRANSPARENT PROXY!
The command is :

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Add the follow lines to my previous squid script

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

That's all! Let me know if there is any problem pls.
I love fedora core 4

There is a very good part of squid configuration i like to share.
It's transparent squid, like i would call it it's squid + NAT enabled on your firewall
I'm sure everyone knows what NAT is, Network Address Translation (Internet Sharing in windoz), ok?

Let me try and make this as simple as possible, we have types of NAT
1. Static NAT (which can be source NAT -SNAT[/i]or destination NAT - [i]DNAT)
2. MASQUERADE i like doin this

If u dont know what NAT (internet sharing) does it dat it allows ur private ip address eg(192.168.0.0/24 on eth1 ) to access the internet by using your public address eg (172.21.10.0/29 on eth0). This is called SNAT
the command is :

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 172.21.10.122

Note: for SNAT i had to specify a static ip address 172.21.10.122

if your eth0 uses dhcp to get its public ipaddress then what u do is MASQUERADE
like this:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

note: use MASQUERADE for dial-up modems. SNAT wont work cos ur ppp0 takes it ipaddress automatically by dhcp. like this

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Now DNAT is used to give access to public addresses from the internet to ur local area network. eg if u run apache(webserver) on the firewall eth1 , then do:

iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 192.168.0.1

pls note the -i for PREROUTING and -o for POSTROUTING, okay let me explain the rule

i issue an iptable command iptables and called a table -t nat which is the NAT table and instruct the iptables to append a rule at the end of the chain -A via the PREROUTING policy, i.e b4 routing the packet , coming in from eth0 -i eth0 and jump to target -j destination NAT DNAT to --to static ip 192.168.0.1.
easy

i promise to complete ma iptables tutorial soon.

i use the netfiltering and nat most for now
so make my everything short i ll coat my script and explain what each line means , right?

remember we've flushed out default table
so we have to set a default rule for every packet
For my network i like rejecting all packets and accepting only the packets i want to my network so i ll do

iptables -P INPUT DROP|
iptables -P OUTPUT REJECT
iptables -P FORWARD REJECT

let me explain what these do.
any packet coming from either your lan or the outside network is dropped and rejected by default
any packet goin out is reject and no forwarding is done. do you understand?
be careful with the use of drop , reject.
drop means the system trying to connect will not get any message that the packet is dropped
reject means the system connecting is prompted with an error message of denied connection, simple enough, huh?

So we have to start specifying what packet we want on our network, isn't this nice?

...i'm hungry

i like flushing all my rules first so i can start a fresh config
(this means you are flushing the iptables)

iptables -F
iptables -t nat -F
iptables -t mangle -F

now do
iptables -L
to view your flushing, ok? ok.

You must understand the way iptables work before you can set rules
in iptables we have what we call
1. table
2. rules
3. policy


wait this is my own writing o o don't coat me! i beg . This is the way i understand iptables for now. i'm always updating myself too. any changes or contribution is allowed pls. Incase i have any update too contrary to anything i've assumed here,i would be quick enough to have it notified, okay?

ok, we have three tables
1. netfiltering
2 nat
3. mangle


...will continues shortly

A very good thing again is to be able to read or interpret iptable messages.
eg to save your config you'll do,
iptables-save > /etc/sysconfig/iptables

if you just issue the iptables-save command without forwarding it as i did, iptables will still save you config in the default directory with is /etc/sysconfig/iptables

but i like directing my iptables-save to a text file in my home directory like this
iptables-save > /home/niggy/ipsave

and i like viewing it like this

cat /home/niggy/ipsave | less

Then i can view and read the rules and policies writen by my iptables

mind you i've issued a pipe command here with less arguement

it is not advisible to do iptables-save unless you are sure you configuration is working fine

Now back to the beginning of iptables
i m assuming you ve iptables installed not ipchain which is no more in use.

so first start yur iptables bydoin
chkconfig iptables on
or chkconfig --levels 2345 iptables on

you can chek if iptables is running by doing
chkconfig --list iptables| grep iptables

your output is in a column and rows
the column is the run-levels and the rows are the services(daemons) running on your system
for iptables run-levels 2345 must be on.

now start iptables by doin
/etc/init.d/iptables start
other options are stop or restart

your iptables should start successfully with ok prompt

...brb

iptables here i come!
i love iptables cause i think it's the most important part of linux security. i love linux net filtering /firewall cause you can specifically tell it what to do exactly. i mean you can inspect packets based on their source , type and destination without any depreciation in your system performance. whao menn! l love linux.

so i will try to share my understanding of iptables.
There are two ways to start your policy for iptables
1. everything is denied.
2. everything is allowed

Everything is denied means - all packets are denied by default, so only packets specified are allowed. this is the best policy
Everything is allowed means - every packet is allow into yur network by default and only things you've specified are denied( not too good)

my g/f just worked in.... brb

@chxta, i use fedora core 4 which is .rpm base. ur ubuntu is .deb.
don't know any trick to get around dep prob in .deb, but for my fedora core 4, i will do

rpm -Uvh --nodeps <package_name.rpm>

This is no really advisible,but it worked for my gcc+ installation when i was complaining for deps.

if u study my script, the major thing to be done is

1. http_port 3128 (can use and port)
2. icp_port 3130
3. hierarchy_stoplist cgi-bin ?
4. acl QUERY urlpath_regex cgi-bin \?
5. no_cache deny QUERY
6. cache_mem 20 MB
7. cache_swap_low 90
8. cache_swap_high 95
9. maximum_object_size 4096 KB
10. maximum_object_size_in_memory 80 KB
11. ipcache_size 1024
12. ipcache_low 90
13. ipcache_high 95
14. cache_dir ufs /var/spool/squid 4000 16 256
15. cache_access_log /var/log/squid/access.log
16. cache_log /var/log/squid/cache.log
17. cache_store_log /var/log/squid/store.log
18. pid_filename /var/run/squid.pid
19. cache_dir ufs /var/spool/squid 4000 16 256
20. cache_access_log /var/log/squid/access.log
21. cache_log /var/log/squid/cache.log
22. cache_store_log /var/log/squid/store.log
23. pid_filename /var/run/squid.pid
.....................
You can check the list for other options pls, a very important part is the acl and http_access. you must define your network name and network address in the acl and allow the network at http_access.

Then from ur client machines,u configure their browers to use proxy (address of ur squid) and port 3128. that's all

and for ur script let me study it now