Attention:
Configure on a legacy agent basis
Transparent proxy must specify gateway
1. Configure transparent Proxy:
1) Modify the configuration file: Support transparent proxy
[Email protected] ~]# vi/etc/squid.conf
Http_port 192.168.100.150:3128 Transparent # #将http_port 3128 modified to support transparent proxy
[Email protected] ~]#/etc/init.d/squid Reload
[Email protected] ~]# netstat-utpln |grep Squid # #端口监听已经修改为内网网卡IP
2) write firewall rules:
[[email protected] ~]# iptables-t nat-i prerouting-i eth0-s 192.168.100.0/24-m multiport-p TCP--dport 80,443,20,21 -j REDIRECT--to 3128 # #端口重定向
[Email protected] ~]# iptables-t nat-a postrouting-o eth1-s 192.168.100.0/24-j Masquerade
[Email protected] ~]# Iptables-t nat-l-N
[Email protected] ~]# iptables-a input-m State--state established,related-j ACCEPT
[[email protected] ~]# iptables-i input-p TCP--dport 22-j ACCEPT
[Email protected] ~]# iptables-i input-i lo-j ACCEPT
[[email protected] ~]# for I in INPUT forward;do iptables-p $i DROP; Done # #设置默认规则
[[email protected] ~]# for i in S D; Do iptables-a forward-$i 192.168.100.0/24-j ACCEPT; Done # #控制能被转发的网段
[Email protected] ~]# sed-i '/forward/s/0/1/g '/etc/sysctl.conf # #开启路由功能
[Email protected] ~]# sysctl-p
3) Test:
Cancel Legacy Proxies
[[email protected] ~]# route del default
[[email protected] ~]# route add default GW 192.168.100.150 # #设置网关
[Email protected] ~]# unset http_proxy # #取消代理
[Email protected] ~]# unset https_proxy
[Email protected] ~]# unset no_proxy
2. Set the access control list for squid:
[Email protected] ~]# vi/etc/squid/ipb.list
61.135.167.36
: Wq
[Email protected] ~]# vi/etc/squid/dblk.list
Cn.bing.com
: Wq
[Email protected] ~]# vi/etc/squid.conf
ACL ipblk DST "/etc/squid/ipb.list"
ACL dmblk dstdomain "/etc/squid/dblk.list"
ACL MYLAN src 192.168.100.0/24
ACL MC20 maxconn 20
ACL BURL url_regex-i ^rtsp://^emule://
ACL mfile urlpath_regex-i \.mp3$ \.mp4$ \.rmvb$
ACL wtime time MTWHF 08:30-17:30
Http_access deny MYLAN Mfile
Http_access deny MYLAN BURL
Http_access deny MYLAN ipblk
Http_access deny MYLAN dmblk
Http_access Allow MYLAN wtime
Http_access Allow MYLAN MC20
Http_access Deny All
: Wq
[Email protected] ~]#/etc/init.d/squid Reload
3. Test.
This article is from the "Lp-linux" blog, make sure to keep this source http://linuxlp.blog.51cto.com/11463376/1773619
Llinux Enterprise Common Service---squit transparent agent