Linux 论坛 » 其他服务器 » 留个备份-iptables+squid 做透明代理

查看完整版本: 留个备份-iptables+squid 做透明代理

hew 2005-5-14 23:45

留个备份-iptables+squid 做透明代理

ifconfig

eth0    Link encap:Ethernet  HWaddr 00:08:C7:D9:2F:4E
      inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
      inet6 addr: fe80::208:c7ff:fed9:2f4e/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:7724007 errors:0 dropped:0 overruns:0 frame:0
      TX packets:13000890 errors:32 dropped:0 overruns:0 carrier:32
      collisions:1175809 txqueuelen:1000
      RX bytes:928119489 (885.1 MiB)  TX bytes:761269284 (726.0 MiB)

eth1    Link encap:Ethernet  HWaddr 00:60:08:A6:94:27
      inet addr:218.108.x.x  Bcast:218.108.x.x  Mask:255.255.255.252
      inet6 addr: fe80::260:8ff:fea6:9427/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:12957770 errors:0 dropped:0 overruns:0 frame:0
      TX packets:7801788 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:653796061 (623.5 MiB)  TX bytes:935988921 (892.6 MiB)
      Interrupt:11 Base address:0xdc00

squid.conf

http_port 3128
cache_mgr haibo.d#gmail.com
cache_mem 64 MB
cache_dir ufs /var/spool/squid 500 12 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
visible_hostname No1.proxy
cache_effective_user squid
cache_effective_group squid
cache_swap_low 75
cache_swap_high 85
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access deny all
acl QUERY urlpath_regex -i cgi-bin \? \.rar$ \.zip$ \.mp3$ \.mp2$ \.rm$ \.avi$ \.asf$
no_cache deny QUERY

/etc/sysconfig/iptables

# Manual customization of this file is not recommended.
# nat
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#-A PREROUTING -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j SNAT --to 218.108.x.x
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -d 192.168.0.0/24 -i eth1 -j DROP
-A INPUT -s 192.168.0.0/24 -i eth1 -j DROP
-A INPUT -s 255.255.255.255 -i eth0 -j DROP
-A INPUT -s 224.0.0.0/224.0.0.0 -i eth0 -j DROP
-A INPUT -d 0.0.0.0 -i eth0 -j DROP
-A OUTPUT -d 192.168.0.0/24 -o eth1 -j DROP
-A OUTPUT -s 192.168.0.0/24 -o eth1 -j DROP
COMMIT

linuxsky 2006-1-14 17:53

echo 1 > /proc/sys/net/ipv4/ip_forward

ivan.yi 2006-4-1 08:05

回复 #1 hew 的帖子

RX bytes:928119489 (885.1 MiB) TX bytes:761269284 (726.0 MiB)

用的是什么线~~光纤？？885.1 MiB

hew 2006-4-3 10:52

嘿嘿！
爽吧

hew 2006-11-17 17:13

acl all src 0.0.0.0/0
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access deny all
acl QUERY urlpath_regex -i cgi-bin \? \.rar$ \.zip$ \.mp3$ \.mp2$ \.rm$ \.avi$ \.asf$
no_cache deny QUERY

修正一下这里位置要换一下.

acl QUERY urlpath_regex -i cgi-bin \? \.rar$ \.zip$ \.mp3$ \.mp2$ \.rm$ \.avi$ \.asf$
no_cache deny QUERY

acl all src 0.0.0.0/0
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access deny all

页: [1]