First we have configured a wireless hotspot, if not clear words can refer to my previous article, configured the effect is through the wireless card to the raspberry pie, and then flow through the Wlan0 network card to the eth0 and then exported, that is to say eth0 equivalent to our router's WAN port, And the wlan0 is equivalent to LAN LAN Kou, after clearing this relationship, we continue below.
The first thing to do is install SQUID3, which can be done directly through the following command:
The code is as follows |
Copy Code |
Apt-get Install SQUID3 |
Before everyone should remember I set up no lines by feature using the following iptables configuration:
The code is as follows |
Copy Code |
sudo iptables-t nat-a postrouting-o eth0-j Masquerade sudo iptables-a forward-i eth0-o wlan0-m State--state Related,established-j sudo iptables-a forward-i wlan0-o eth0-j ACCEPT
|
If we have already done the above configuration, then just run a iptables command to move the 80-port traffic to the SQUID3 3128 port:
The code is as follows |
Copy Code |
Iptables-t nat-a prerouting-i wlan0-p tcp--dport 80-j REDIRECT--to-ports 3128
|
Replace the Iptables.ipv4.nat we set before, of course, back up first:
The code is as follows |
Copy Code |
sudo mv/etc/iptables.ipv4.nat/etc/iptables.ipv4.nat.old sudo sh-c "Iptables-save >/etc/iptables.ipv4.nat"
|
After you have done the above command, you will find that all the Web page now has a squid default denied access to the screen, indicating that SQUID3 has begun to work, the following we need to configure it, refer to the following patch edit the configuration file/etc/squid3/squid.conf:
The code is as follows |
Copy Code |
--/etc/squid3/squid.conf.orig 2013-02-25 11:31:23.839560066 +1300 +++/etc/squid3/squid.conf 2013-02-26 09:07:15.388951441 +1300 @@ -702,6 +702,7 @@ #acl localnet src 192.168.0.0/16 # RFC1918 possible Internal network #acl localnet src FC00::/7 # RFC 4193 local private network range #acl localnet src FE80::/10 # RFC 4291 link-local (directly plugged) machines +acl localnet src 192.168.42.0/24
ACL ssl_ports port 443 ACL safe_ports Port # http @@ -828,7 +829,7 @@ # We strongly recommend the following is uncommented to protect innocent # Web applications running on the proxy server # One who can access services on ' localhost ' is ' a ' local user -#http_access Deny To_localhost +http_access Deny To_localhost
# # INSERT YOUR OWN rule (S) ALLOW ACCESS from YOUR CLIENTS @@ -837,7 +838,7 @@ # Example rule allowing access to your local networks. # Adapt LocalNet in the ACL section to list your (internal) IP networks # from where browsing should to be allowed -#http_access Allow LocalNet +http_access Allow LocalNet http_access allow localhost
# and finally deny all other access to this proxy @@ -1133,7 +1134,7 @@ #
# Squid normally listens to port 3128 -http_port 3128 +http_port 3128 Intercept
# Tag:https_port # note:this option is only available if Squid are rebuilt with the @@ -2073,7 +2074,7 @@ # accessed frequently in memory to improve performance whilst # enough to keep larger objects from hoarding cache_mem. #Default: -# maximum_object_size_in_memory MB +maximum_object_size 128000 KB
# Tag:memory_replacement_policy # The memory replacement policy parameter determines which @@ -2229,7 +2230,7 @@ #
# Uncomment and adjust the following to add a disk cache directory. -#cache_dir UFS/VAR/SPOOL/SQUID3 100 16 256 +cache_dir UFS/VAR/SPOOL/SQUID3 1000 16 256
# Tag:store_dir_select_algorithm # Set this to ' Round-robin ' as a alternative. @@ -2611,7 +2612,7 @@ # Note2, for Debian/linux the ' default of Logfile_rotate is # Zero, since it includes external logfile-rotation methods. #Default: -# Logfile_rotate 0 +logfile_rotate 10
# Tag:emulate_httpd_log On|off # The Cache can emulate the log file format which many ' httpd ' @@ -3673,7 +3674,7 @@ # during shutdown mode. Any active clients on this many # seconds'll receive a ' timeout ' message. #Default: -# shutdown_lifetime seconds +shutdown_lifetime 2 seconds
# Administrative PARAMETERS |
#-----------------------------------------------------------------------------notice here maximum_object_size, Because I see through the free-m that the memory has been consumed more than 200 m, so comprehensive consideration I let SQUID3 again use 128M as memory cache, Cache_dir UFS/VAR/SPOOL/SQUID3 1000 16 256 According to personal situation settings, I set the memory card size to 1000, which is 1GB.
After the setup is complete, check to see if there is any error through Squid3-k parse, without error, load configuration directly through Squid3-k reconfigure.
Is it OK to browse the Web now?
The following explains how to screen the ad site, first or edit the SQUID3 profile/etc/squid3/squid.conf, add the following:
The code is as follows |
Copy Code |
# # Disable Ads (http://pgl.yoyo.org/adservers/) ACL ads Dstdom_regex "/etc/squid/ad_block.txt" Http_access Deny ads #deny_info Tcp_reset ads to create an ad list update script ad_servers_newlist.sh: # # calomel.org Ad_servers_newlist.sh # # # Get new Ad Server list Wget-o/etc/squid3/ad_block.txt ' http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex& Showintro=0&mimetype=plaintext '
# # Refresh Squid /usr/sbin/squid3-k Reconfigure |
List of specific blocked ads see here, OK, here's a script to run this:
sudo sh ad_servers_newlist.sh
Then random access to the list of ads listed in the URL, to see if it was squid3 intercepted?
Setting up a Web server on a raspberry today, and then discovering that it would be very slow to access the Web service when Eth0 was not networked, decided to rewrite the iptables rules above, Assuming that the Raspberry host Wlan0 IP address is 192.168.43.1, we can have all access to this address without forwarding, the final rules are sorted as follows, of course, before the operation recommended to use sudo iptables-t nat-f clear the previous settings:
code is as follows |
copy code |
sudo Iptables-t nat -A prerouting-i wlan0-p tcp-d 192.168.43.1--dport 80-j ACCEPT sudo iptables-t nat-a prero Uting-i wlan0-p TCP--dport 80-j REDIRECT--to-ports 3128 sudo iptables-t nat-a postrouting-o eth0-j Masquerade sudo iptables-a forward-i eth0-o wlan0-m State--state related,established-j ACCEPT sudo iptables-a FORWARD -I wlan0-o eth0-j ACCEPT |