📄 成功使用squid+iptables配置透明代理 - chinaunix博客馆.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0065)http://blog.chinaunix.net/article.php?articleId=14783&blogId=2496 -->
<HTML><HEAD><TITLE>成功使用squid+iptables配置透明代理 - ChinaUnix博客馆</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<STYLE>BODY {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: 1px 0px; FONT: 9px arial, times new roman, lucida sans unicode, sans-serif; COLOR: #333; PADDING-TOP: 0px; BACKGROUND-COLOR: #f2fcf3; TEXT-ALIGN: center
}
A {
FONT-SIZE: 12px; TEXT-DECORATION: none
}
A:link {
COLOR: #336699
}
A:visited {
COLOR: #336699
}
A:active {
COLOR: #336699
}
A:hover {
COLOR: #ff6600; TEXT-DECORATION: underline
}
A IMG {
BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none
}
H1 {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px
}
H2 {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px
}
H3 {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px
}
TD {
FONT-SIZE: 9pt
}
DIV {
FONT-SIZE: 9pt
}
FORM {
FONT-SIZE: 9pt
}
OPTION {
FONT-SIZE: 9pt
}
P {
FONT-SIZE: 9pt
}
TD {
FONT-SIZE: 9pt
}
BR {
FONT-SIZE: 9pt
}
.header {
BACKGROUND-IMAGE: none
}
.wn {
FONT-SIZE: 25pt; COLOR: #000000
}
.wi {
FONT-SIZE: 10pt; COLOR: #000000
}
</STYLE>
<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY>
<CENTER><!---Part A 开始------------->
<TABLE cellSpacing=1 cellPadding=0 width=750>
<TBODY>
<TR>
<TD><A href="http://blog.chinaunix.net/index.php?blogId=2496"><<
返回首页</A></TD>
<TD align=right>| <A href="http://www.chinaunix.net/"
target=_blank>ChinaUnix.net</A> | <A href="http://blog.chinaunix.net/"
target=_blank>博客馆首页</A> | <A
href="http://bbs.chinaunix.net/forum/viewforum.php?f=51"
target=_blank>博客问题交流</A> | <A href="http://blog.chinaunix.net/admin.php"
target=_blank>博客管理</A> | </TD></TR></TBODY></TABLE>
<TABLE cellSpacing=1 cellPadding=0 width=750>
<TBODY>
<TR>
<TD
style="BORDER-RIGHT: #dddddd 1px solid; BORDER-TOP: #dddddd 1px solid; BORDER-LEFT: #dddddd 1px solid; BORDER-BOTTOM: #dddddd 1px solid"
vAlign=top width="100%">
<TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
<TBODY>
<TR class=header>
<TD width="100%" bgColor=#ffffff><A
href="http://blog.chinaunix.net/index.php?blogId=2496"><FONT
class=wn>可爱的地方</FONT></A> <BR><BR><FONT
class=wi>我的地盘我做主--http://www.591cool.net</FONT></TD>
<TD bgColor=#ffffff><IMG
src="成功使用squid+iptables配置透明代理 - ChinaUnix博客馆.files/topnews.gif"
onload="javascript:if(this.width>530)this.width=530;"></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><!---Part A 结束------------->
<TABLE cellSpacing=0 cellPadding=0 width=750>
<TBODY>
<TR>
<TD height=2>
<TD></TD></TR></TBODY></TABLE><!---正文 开始------------->
<TABLE cellSpacing=1 cellPadding=0 width=750>
<TBODY>
<TR>
<TD
style="BORDER-RIGHT: #dddddd 1px solid; BORDER-TOP: #dddddd 1px solid; BORDER-LEFT: #dddddd 1px solid; BORDER-BOTTOM: #dddddd 1px solid"
vAlign=top>
<TABLE cellSpacing=0 cellPadding=3 width="100%" align=center border=0>
<TBODY>
<TR>
<TD vAlign=top align=middle bgColor=#ffffff>
<TABLE cellSpacing=0 cellPadding=0 width="95%" border=0><!-- BEGIN alcyc -->
<TBODY>
<TR>
<TD align=middle width="100%">
<H2><B>成功使用squid+iptables配置透明代理</B></H2></TD></TR>
<TR>
<TD width="100%"><FONT size=2>成功使用squid+iptables配置透明代理</FONT>
<P><SPAN class=postbody><FONT size=2>硬件HP
DL145:Opteron×2,AMD8111/8131芯片组,1GB内存,Redhat EL Advanced
Server 4 for i386。 <BR><BR>首先根据从网上找到的资料配置:
<BR><BR><BR>squid和iptable的具体安装我在此不做太多说明,一般看看它们的说明即可。我公司用一台机器作为代理上网。eth0连接外部网,eth1连接内部网。下面把我的配置写下来。
<BR><BR>iptable的配置,在/etc/rc.d/目录下用touch命令建立firewall文件,执行chmod
u+x
firewll以更改文件属性,编辑/etc/rc.d/rc.local文件,在末尾加上/etc/rc.d/firewall以确保开机时能自动执行该脚本。
<BR><BR></FONT></SPAN>
<TABLE cellSpacing=1 cellPadding=3 width="90%" align=center
border=0>
<TBODY>
<TR>
<TD><SPAN class=genmed><B><FONT
size=2>引用:</FONT></B></SPAN></TD></TR>
<TR>
<TD class=quote>echo "starting ip forward" <BR>echo 1
>/proc/sys/net/ipv4/ip_forward <BR>echo "starting
iptables rules" <BR>modprobe ip_tables <BR>modprobe
ip_nat_ftp <BR>/sbin/iptables -F -t nat <BR>iptables -t
nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 3128 #将所有80端口的包转发到3128端口
<BR>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#对eth0端口进行欺骗</TD></TR></TBODY></TABLE><SPAN
class=postbody><BR><BR><FONT size=2>squid的配置:
<BR><BR></FONT></SPAN>
<TABLE cellSpacing=1 cellPadding=3 width="90%" align=center
border=0>
<TBODY>
<TR>
<TD><SPAN class=genmed><B><FONT
size=2>引用:</FONT></B></SPAN></TD></TR>
<TR>
<TD class=quote>http_port 3128 <BR>cache_mem 512 M
<BR>cache_swap_low 75 <BR>cache_swap_high 95
<BR>maximum_object_size 1024 KB <BR>cache_dir ufs
/usr/local/squid/cache 60000 16 256 <BR>cache_access_log
/var/squid/logs/access.log <BR>cache_log /dev/null
<BR>cache_store_log none <BR>debug_options ALL,1
<BR><BR>icp_access allow all <BR>icp_query_time out 2000
<BR><BR>cache_effective_user nobody
<BR>cache_effective_group nogroup
<BR><BR>httpd_accel_host virtual <BR>httpd_accel_port 80
<BR>httpd_accel_with_proxy on
<BR>httpd_accel_uses_host_header on <BR>acl all src
0.0.0.0/0 <BR>acl our_networks src 192.168.30.0/24
<BR>http_access allow our_networks <BR>http_access deny
all <BR><BR>acl QUERY urlpath_regex -i cgi-bin \? \.exe$
\.zip$ \.mp3$ \.mp2$ \.rm$ \.avi$ <BR>no_cache deny
QUERY <BR><BR>reference_age 3 days <BR>quick_abort_min
16 KB <BR>quick_abort_max 16 KB <BR>quick_abort_pct 95
<BR>connect_timeout 60 seconds <BR>read_timeout 3
minutes <BR>request_timeout 30 seconds
<BR>client_lifetime 30 seconds <BR>half_closed_clients
off <BR>pconn_timeout 60 seconds <BR>ident_timeout 10
seconds <BR>shutdown_lifetime 10 seconds
<BR><BR>memory_pools off <BR>memory_pools_limit
0</TD></TR></TBODY></TABLE><SPAN
class=postbody><BR><BR><BR><FONT size=2>其中reference_age 3
days,ident_timeout 10 seconds两行出错: <BR><BR><BR></FONT></SPAN>
<TABLE cellSpacing=1 cellPadding=3 width="90%" align=center
border=0>
<TBODY>
<TR>
<TD><SPAN class=genmed><B><FONT
size=2>引用:</FONT></B></SPAN></TD></TR>
<TR>
<TD class=quote>2005/03/03 15:09:34| parseConfigFile:
line 3379 unrecognized: 'reference_age 3 days'
<BR>2005/03/03 15:34:57| parseConfigFile: line 1645
unrecognized: 'ident_timeout 10
seconds'</TD></TR></TBODY></TABLE><SPAN
class=postbody><BR><BR><FONT size=2>后来就把reference_age 3
days这行删掉了。
<BR><BR>此时透明代理可以实现,把客户端的网关设置为此代理服务器的eth1的IP就可以上网了,客户端浏览器不需要再设置代理。但是客户端DNS有问题,在客户端浏览器输入IP可以访问外网,输入域名就不行,在客户端命令行模式下执行nslookup
</FONT><A href="http://www.chinaunix.net命令/"
target=_blank><FONT size=2>www.chinaunix.net命令</FONT></A><FONT
size=2>,提示 <BR><BR></FONT></SPAN>
<TABLE cellSpacing=1 cellPadding=3 width="90%" align=center
border=0>
<TBODY>
<TR>
<TD><SPAN class=genmed><B><FONT
size=2>引用:</FONT></B></SPAN></TD></TR>
<TR>
<TD class=quote>DNS request time
out</TD></TR></TBODY></TABLE><SPAN
class=postbody><BR><BR><FONT size=2>在squid.conf中加入
<BR></FONT></SPAN>
<TABLE cellSpacing=1 cellPadding=3 width="90%" align=center
border=0>
<TBODY>
<TR>
<TD><SPAN class=genmed><B><FONT
size=2>引用:</FONT></B></SPAN></TD></TR>
<TR>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -