squid透明代理
squid透明代理
环境 :
Linux : CentOS release 6.3 (Final)
外网卡:
192.168.1.190
内网卡:
10.10.10.1
(安装编释环境
)
yum install gcc gcc-c++ gcc-g77 flex autoconfig automake bison zlib-devel bzip2-devel ncurses-devel libtool libtool-ltdl openssl openssl-devel pam-devel libtermcap-devel curl-devel libxml2-devel libevent libevent-devel gettext-devel
tar -zxvf squid-3.0.STABLE25.tar.gz
cd squid-3.0.STABLE25
./configure --prefix=/usr/local/squid --enable-dlmalloc --enable-removal-policies=heap,lru --enable-default-err-language=Simplify_Chinese --enable-cpu-profiling --enable-storeio=ufs,aufs,null --enable-snmp --enable-stacktrace --disable-ident-lookups --with-large-files --enable-linux-netfilter --enable-linux-tproxy --disable-epoll --with-pthreads --enable-delay-pools --enable-icmp --enable-htcp --enable-forw-via-db --enable-cache-digests --disable-optimizations --disable-select --enable-auth-basic --disable-wccp --with-filedescriptors=65536 --enable-arp-acl --enable-icap-client
cd squid-3.0.STABLE25
./configure --prefix=/usr/local/squid --enable-dlmalloc --enable-removal-policies=heap,lru --enable-default-err-language=Simplify_Chinese --enable-cpu-profiling --enable-storeio=ufs,aufs,null --enable-snmp --enable-stacktrace --disable-ident-lookups --with-large-files --enable-linux-netfilter --enable-linux-tproxy --disable-epoll --with-pthreads --enable-delay-pools --enable-icmp --enable-htcp --enable-forw-via-db --enable-cache-digests --disable-optimizations --disable-select --enable-auth-basic --disable-wccp --with-filedescriptors=65536 --enable-arp-acl --enable-icap-client
说明: --enable-linux-tproxy 和--enable-linux-netfilter是实现透明代理的关键
./configure --prefix=/usr/local/squid --enable-linux-tproxy --enable-linux-netfilter(没报错)
yum -y install make
make && make install
usr/local/squid/sbin/squid –z
[root@localhost etc]#yum –y install squid
[root@localhost etc]# vim /etc/squid/squid.conf(2.6版本以上的
)
cache_mem 64MB
maximum_object_size 4096KB
reply_body_max_size 1024000 allow all
http_port 10.10.10.1:3128 transparent(添加
transparent 是透明代理,可以多个)
acl worktime time MTWHF 8:00-20:00
acl xiao src 10.10.10.12/32
acl xiazai urlpath_regex \.mp3$ \.exe$ (禁止下载
.mp3 .exe文件)
acl yumin dstdomain .sohu.com (禁止访问以
sohu.com结尾的网站)
acl badadd dst 220.181.112.143 (禁止访问目标地址为
220.181.112.143)
acl game url_regex game
(禁止有关键字
”game”的网站)
http_access deny badadd
http_access deny game
http_access deny yumin
http_access deny xiazai
http_access allow worktime
http_access allow xiao
http_access deny all (规则从上往下比对,比对到了,不再往下,所以要在尾部加上这条)
[root@localhost etc]# service squid restart
[root@localhost etc]# squid -k parse (语法检查)
[root@localhost etc]# squid -k reconfigure(重新栽配置文件)
[root@localhost etc]# squid –z (初始化缓存)
[root@localhost etc]# iptables -t nat -A PREROUTING -s 10.10.10.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128