Sunday, September 15, 2013

Raspberry Pi Personal Hotspot - Squid with Adzapper Config (part 2)

-- Link to Part 1 --

Here are the steps I used to finish my personal wifi hotspot. I was able to find lots of tutorials that show how to make a simple wifi to ethernet bridge, but I wanted to save the max bandwidth possible. I'll be using adzapper and a squid3 cache for bandwidth saving. I don't usually block ads, but since this is a metered internet connection I don't like the thought of paying for ads. Squid can be configured for very aggressive caching, but I have left it on the default configuration. 

Inside view of the "PiSpot". The video and audio port have been removed to save space.
Battery, 4 port USB hub, 4G dongle, and a shortened USB Cable.

Here we see the fully operational battle station -- err, PiSpot.
You can see the various components in the pictures above. I removed the plastic casings to save space. I haven't done any testing on the battery life, but it should last at least a few hours with light traffic. Here are the parts I used:

  • Raspberry Pi Model B 1st generation (256MB RAM) --Model A would work as well
  • 4 port USB 2.0 Hub - Iogear Model GUH285 -- I chose this because of its size and it was <$10 at Fry's.
  • EasyACC BP8400 Power Bank 5600mAh Battery - Amazon Link
  • Belkin F9L1005 Wifi Adapter (rtl8192cu)
  • FreedomPop 4G Adapter - Amazon Link
TODO:
Charge battery without opening case.
Power button so the the unit can be turned on or off without opening the case.

This post will assume that you are already able to connect to the Raspberry Pi WiFi network that was created in part 1.

Install Software

Make sure squid and adzapper are installed

apt-get install squid3 adzapper

Configure Squid

First make sure that the pi is configured for ip forwarding at /etc/systcl.conf. Uncomment or add:

net.ipv4.ip_forward=1

Edit /etc/squid3/squid.conf and to something similar to the config below. This config includes lines to enable adzapper and transparent proxy. Max storage size is 1.5GB. Make sure to change the IP address to your network.  **I'm sure this can be fine tuned for better bandwidth savings, let me know if you have any suggestions!

cache_mgr dustin
cachemgr_passwd dustin all
redirect_program /usr/bin/adzapper.wrapper
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.254.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 transparent
 cache_mem 128 MB
cache_dir ufs /var/spool/squid3 1500 16 256
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Configure Adzapper

/etc/adzapper.conf should look something like this:

ZAP_MODE=""
ZAP_BASE=http://adzapper.sourceforge.net/zaps
ZAP_BASE_SSL=https://adzapper.sourceforge.net/zaps # this can probably be ignored
ZAP_PREMATCH=
ZAP_POSTMATCH=
STUBURL_AD=$ZAP_BASE/ad.gif
STUBURL_ADSSL=$ZAP_BASE_SSL/ad.gif
STUBURL_ADBG=$ZAP_BASE/adbg.gif
STUBURL_ADJS=$ZAP_BASE/no-op.js
STUBURL_ADHTML=$ZAP_BASE/no-op.html
STUBURL_ADMP3=$ZAP_BASE/ad.mp3
STUBURL_ADPOPUP=$ZAP_BASE/closepopup.html
STUBURL_ADSWF=$ZAP_BASE/ad.swf
STUBURL_COUNTER=$ZAP_BASE/counter.gif
STUBURL_COUNTERJS=$ZAP_BASE/no-op-counter.js
STUBURL_WEBBUG=$ZAP_BASE/webbug.gif
STUBURL_WEBBUGJS=$ZAP_BASE/webbug.js

Now iptables needs to be configured to route traffic through squid. Create a new file:

nano iptables.sh

Add the the rules below. Careful with line breaks when cut/pasting, there should only be 5 lines total.

#nat for wifi
iptables -t nat -A POSTROUTING -j MASQUERADE
#squid transparent cache
iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.254.1:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Hit ctrl+o to save the file, then ctrl-x to exit. Now the file needs to be made executable and copied to an appropriate location.

chmod +x iptables.sh
sudo cp iptables.sh /etc/init.d/

Apply the configuration at boot.

sudo update-rc.d iptables.sh start 99

That should wrap it up. At this point I suggest doing a power cycle on the Pi to make sure everything comes up automatically. 

1 comment: