2008年1月2日 星期三

在 Linux 中, 如何設定 Squid, iptable 提供 transparent proxy

文章來源

In transparent squid, it is not necessary to configure browser to particular port like 8080 and 3128.

First, edit your squid.conf file by typing in terminal

# vim /etc/squid/squid.conf

edit line may be 89 in 2.6 version

http_port 192.168.0.1:3128 transparent

( where 192.168.0.1 is your local interface address )

and set visible_hostname to localhost

and insert below lines under tag
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl our_networks src 192.168.0.0/24 192.168.2.0/24
http_access allow our_networks

(use gedit if not familiar with vim )

now start squid by typing

# /usr/sbin/squid -z

now flush all rules of iptables for transparent mode

# iptables -F
# iptables -t nat -F
# iptables -t mangle -F

now delete this chains by

# iptables -X
# iptables -t nat -X
# iptables -t mangle -X

now time to save iptables, so type

# service iptables save
# service iptables restart

now all rules and chains will clear !

check it by /etc/sysconfig/iptables which has all defaults rules set to accept.

now /etc/rc.d/rc.local

and insert line

echo 1 > /proc/sys/net/ipv4/ip_forward

and then save and close.

now asuming that your internet interface is eth0 then type :

# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# service iptables save
# service iptables restart

note:- check your service of iptables is set to start during boot up .

or check status of your iptables service

# chkconfig –list iptables

if level 5 is on then its ok othewise start service at level 5 or level 2345.

沒有留言: