Linux透明代理使用设置

出于某些原因,需要记录用户的web访问日志,所以采用Squid来记入80端口的访问日志,另外Squid还有cache功能。
首先编译Squid的一些注意事项,比如设置ulimit等设置省略
修改启动脚本,启动前设置ulimit参数。
squid.conf文件的修改:
===========================================
--- squid.conf.default  2006-03-28 08:43:48.000000000 +0800
+++ squid.conf  2006-03-28 18:09:49.000000000 +0800
@@ -51,6 +51,7 @@
# 这里不能只监听127.0.0.1:3128
#Default:
# http_port 3128
+http_port 3128
#  TAG: https_port
#        Usage:  [ip:]port cert=certificate.pem [key=key.pem] [options...]
@@ -107,6 +108,7 @@
#
#Default:
# icp_port 3130
+icp_port 0
#  TAG: htcp_port
# Note: This option is only available if Squid is rebuilt with the
@@ -479,6 +481,7 @@
#
#Default:
# cache_mem 8 MB
+cache_mem 128 MB
#  TAG: cache_swap_low (percent, 0-100)
#  TAG: cache_swap_high        (percent, 0-100)
@@ -529,6 +532,7 @@
#
#Default:
# maximum_object_size_in_memory 8 KB
+maximum_object_size_in_memory 20 KB
#  TAG: ipcache_size   (number of entries)
#  TAG: ipcache_low    (percent)
@@ -693,7 +697,7 @@
#      (hard coded at 1 MB).
#
#Default:
-# cache_dir ufs /var/spool/squid 100 16 256
+cache_dir ufs /var/spool/squid 256 16 256
#  TAG: cache_access_log
#      Logs the client request activity.  Contains an entry for
@@ -709,6 +713,7 @@
#
#Default:
# cache_log /var/log/squid/cache.log
+cache_log /dev/null
#  TAG: cache_store_log
#      Logs the activities of the storage manager.  Shows which
@@ -719,6 +724,7 @@
#
#Default:
# cache_store_log /var/log/squid/store.log
+cache_store_log none
#  TAG: cache_swap_log
#      Location for the cache "swap.state" file. This log file holds
@@ -856,6 +862,7 @@
#
#Default:
# ftp_user Squid@
+ftp_user user@test.com
#  TAG: ftp_list_width
#      Sets the width of ftp listings. This should be set to fit in
@@ -1942,8 +1949,8 @@
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
-#acl our_networks src 192.168.1.0/24 192.168.2.0/24
-#http_access allow our_networks
+acl our_networks src 10.0.0.0/8
+http_access allow our_networks
# And finally deny all other access to this proxy
http_access allow localhost
@@ -2290,6 +2297,8 @@
# 看看注释,这个是必须打开的
#Default:
# httpd_accel_port 80
+httpd_accel_host virtual
+httpd_accel_port 80
#  TAG: httpd_accel_single_host        on|off
#      If you are running Squid as an accelerator and have a single backend
@@ -2308,6 +2317,7 @@
#
#Default:
# httpd_accel_single_host off
+httpd_accel_single_host off
#  TAG: httpd_accel_with_proxy on|off
#      If you want to use Squid as both a local httpd accelerator
@@ -2319,6 +2329,7 @@
#
#Default:
# httpd_accel_with_proxy off
+httpd_accel_with_proxy off
#  TAG: httpd_accel_uses_host_header   on|off
#      HTTP/1.1 requests include a Host: header which is basically the
@@ -2339,6 +2350,7 @@
# 这个也是必须打开的
#Default:
# httpd_accel_uses_host_header off
+httpd_accel_uses_host_header on
#  TAG: httpd_accel_no_pmtu_disc       on|off
#      In many setups of transparently intercepting proxies Path-MTU
@@ -2491,6 +2503,7 @@
# 为了不让某些网站知道某些用户使用代理访问,所以关闭
#Default:
# forwarded_for on
+forwarded_for off
#  TAG: log_icp_queries        on|off
#      If set, ICP queries are logged to access.log. You may wish
==================================================================
Iptables的配置:
iptables -t nat -A PREROUTING -s 10.0.0.0/8 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -A INPUT -s 10.0.0.0/8 -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT
注意INPUT里头的设置

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wwwxwg.html