当前位置: 技术问答>linux和unix
[200请问版主]在squid和iptables配置的透明代理为什么不起作用????
来源: 互联网 发布时间:2015-06-17
本文导语: adsl拨号 1、配置squid.conf如下: http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex -i .mp3$ .rmvb$ .rm$ .avi$ .mpg$ .asf$ .mpeg$ .wav$ acl worktime time MTWHF 8:30-18:30 no_cache deny QUERY http_access deny QUERY worktime...
adsl拨号
1、配置squid.conf如下:
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex -i .mp3$ .rmvb$ .rm$ .avi$ .mpg$ .asf$ .mpeg$ .wav$
acl worktime time MTWHF 8:30-18:30
no_cache deny QUERY
http_access deny QUERY worktime
cache_mem 170 MB
cache_swap_low 90%
cache_swap_high 95%
maximum_object_size 500000 KB
cache_dir ufs /var/spool/squid 23000 16 256
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
emulate_httpd_log on
pid_filename /var/run/squid.pid
unlinkd_program /usr/lib/squid/unlinkd
redirect_children 15
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
request_body_max_size 200 MB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl newtouch src 192.168.0.0/24
#acl localnet src 192.168.0.0/24
acl CONNECT method CONNECT
http_access allow newtouch
http_access deny all
http_reply_access allow all
icp_access allow all
acl all2 src 0.0.0.0/0.0.0.0
reply_body_max_size 10000000000 allow all2
#cache_mgr Admin@newtouch.com.cn
cache_effective_user squid
cache_effective_group squid
visible_hostname 192.168.0.66
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
error_directory /etc/squid/errors
coredump_dir /var/spool/squid
2、配置iptables如下:
echo "starting ip forward"
echo 1 >/proc/sys/net/ipv4/ip_forward
echo "starting iptables rules"
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/iptables -F
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F -t nat
#将所有80端口的包转发到3128端口
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -s 192.168.0.0/24 --dport 80 -j REDIRECT --to-ports 3128
#对eth0端口进
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE
其中eth0(192.168.0.66)是连的内网,eth1(192.168.1.1)是连的外网,用于拨号!
在客户电脑的浏览器代理设置中设置:192.168.0.66:3128 ,IE可以上网,表明squid运行正常,但只在网络属性中设置网关为:192.168.0.66,DNS后,上不了网,也ping不通外面的ip,更不用说域名。
我局域网的ip地址在:192.168.0.1-------192.168.0.255之间,子网掩码是:255.255.255.0
请版主帮我一下,谢谢了!
1、配置squid.conf如下:
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex -i .mp3$ .rmvb$ .rm$ .avi$ .mpg$ .asf$ .mpeg$ .wav$
acl worktime time MTWHF 8:30-18:30
no_cache deny QUERY
http_access deny QUERY worktime
cache_mem 170 MB
cache_swap_low 90%
cache_swap_high 95%
maximum_object_size 500000 KB
cache_dir ufs /var/spool/squid 23000 16 256
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
emulate_httpd_log on
pid_filename /var/run/squid.pid
unlinkd_program /usr/lib/squid/unlinkd
redirect_children 15
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
request_body_max_size 200 MB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl newtouch src 192.168.0.0/24
#acl localnet src 192.168.0.0/24
acl CONNECT method CONNECT
http_access allow newtouch
http_access deny all
http_reply_access allow all
icp_access allow all
acl all2 src 0.0.0.0/0.0.0.0
reply_body_max_size 10000000000 allow all2
#cache_mgr Admin@newtouch.com.cn
cache_effective_user squid
cache_effective_group squid
visible_hostname 192.168.0.66
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
error_directory /etc/squid/errors
coredump_dir /var/spool/squid
2、配置iptables如下:
echo "starting ip forward"
echo 1 >/proc/sys/net/ipv4/ip_forward
echo "starting iptables rules"
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/iptables -F
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F -t nat
#将所有80端口的包转发到3128端口
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -s 192.168.0.0/24 --dport 80 -j REDIRECT --to-ports 3128
#对eth0端口进
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE
其中eth0(192.168.0.66)是连的内网,eth1(192.168.1.1)是连的外网,用于拨号!
在客户电脑的浏览器代理设置中设置:192.168.0.66:3128 ,IE可以上网,表明squid运行正常,但只在网络属性中设置网关为:192.168.0.66,DNS后,上不了网,也ping不通外面的ip,更不用说域名。
我局域网的ip地址在:192.168.0.1-------192.168.0.255之间,子网掩码是:255.255.255.0
请版主帮我一下,谢谢了!
|
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE
如果你是adsl拨号的话,那-o应当是类似ppp0的设备啊.!
如果你是adsl拨号的话,那-o应当是类似ppp0的设备啊.!
|
同意ayiiq180
|
如果你的机器数量不是很多的话直接用iptables做NAT就行了,不必要用squid
|
同意 coolrit(迷失的鱼儿)
详细请看
http://www.fengnet.com/showart.asp?art_id=509&cat_id=10
详细请看
http://www.fengnet.com/showart.asp?art_id=509&cat_id=10