Squid透明代理安装与设置

环境如下:

操作系统:CentOS 6.4

eth0:192.168.100.1 (LAN口)

eth1:200.168.10.1   (WAN口)


一.iptables的配置

1.���ip_forward(IP�D�l)

修改/etc/sysctl.conf

��net.ipv4.ip_forward = 1

并�\行sysctl -p,使之生效

[root@nagios~]# vim /etc/sysctl.conf

[root@nagios ~]# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296


2.清空iptables所有表的��t并查看nat表

[root@nagios ~]# iptables -F

[root@nagios ~]# iptables -t nat -F

[root@nagios ~]# iptables -t mangle -F

[root@nagios ~]# iptables -t nat -L

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination


Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination


Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination


3.设置端口重定向

[root@nagios ~]# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128

#在NAT表的PREROUTING�加目��幼�REDIRECT,�⑷胝镜���包�M行重定向,��80端口重定向到3128端口

4.设置iptables路由DNS数据

[root@nagios~]#iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -p udp --dport 53 -d 202.96.128.86 -j SNAT --to-source 200.168.10.1

[root@nagios~]#iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -p tcp --dport 53 -d 202.96.128.86 -j SNAT --to-source 200.168.10.1

�f明:可以看出上面DNS是通�^服�掌鞯�NAT功能����F,202.96.128.86是外部DNS服�掌鞯刂罚�而200.168.10.1是我��WAN口的IP。如果外部DNS服�掌鹘�常�更的�,可以直接��DNS忽略掉:

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -p tcp --dport 53  -j SNAT --to-source 200.168.10.1

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -p udp --dport 53  -j SNAT --to-source 200.168.10.1

5.保存iptables设置及重启iptables服务

[root@Nagios ~]# service iptables save

[root@Nagios ~]# service iptables restart

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

[root@Nagios ~]# iptables -t nat -L

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

REDIRECT   tcp  --  192.168.10.0/24     anywhere            tcp dpt:http redir             ports 3128


Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination

SNAT       udp  --  192.168.10.0/24     202.96.128.86       udp dpt:domain to:200.168.10.1

SNAT       tcp  --  192.168.10.0/24      202.96.128.86        tcp dpt:domain to:200.168.10.1


Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination


二.Squid的安装与配置

我��使用yum�戆惭bSquid:

[root@nagios ~]# yum -y install squid

�浞�squid的配置文件,防止因�榕渲缅e�`

[root@nagios ~]# cp /etc/squid/squid.conf /etc/squid/squid.conf_bak

配置squid.conf

找到

http_port 3128修改成http_port 192.168.100.10:3128 transparent

并添加

visible_hostname squid

acl innet src 192.168.10.0/24

http_access allow innet

http_access deny all


下面就�\行squid -z�M行初始化

[root@nagios ~]# squid -z

2013/05/29 13:41:43| Creating Swap Directories

���squid代理服�掌�

[root@nagios ~]# service squid start

重新���iptables服��

[root@nagios ~]# service iptables restart

并��squid及iptables�O置成�_�C���

[root@nagios ~]# chkconfig --level 35 squid on

[root@nagios ~]# chkconfig --level 35 iptables on



客户端网络设置: DNS设置为转发的DNS IP

你可能感兴趣的:(iptables,squid, ,dns转发,透明代理)