作者:LLZQQ
聯絡:LLZQQ@126.COM
適用:普通使用者
來源:www.CHINAUNIX.NET
1. 首先安裝SQUID
1.0 利用ports 安裝squid
# cd /usr/ports/www/squid
# vi Makefile
加入下面的編譯參數
--disable-ident-lookups
--disable-internal-dns
--enable-pf-transparent
--enable-default-err-language=Simplify_Chinese
--disable-hostname-checks
# make install clean
1.1 配置squid服務
# vi /usr/local/etc/squid/squid.conf
===========+===========+===========+===========
http_port 127.0.0.1:3128 //squid伺服器監聽地址和連接埠
cache_mem 56 MB //squid記憶體使用量大小控制
cache_swap_low 80 //cache目錄空間使用控制
cache_swap_high 90 //cache目錄空間使用控制
maximum_object_size_in_memory 32 KB//記憶體中最大可以cache多大的檔案
cache_dir ufs /usr/local/squid/cache 200 16 256 //磁碟上cache目錄大小設定
cache_access_log none //為了提高效能關掉了日誌
cache_log none
cache_store_log none
emulate_httpd_log on //啟用http日誌格式
dns_children 15 //查詢DNS伺服器的線程數量
acl our_networks src 192.168.0.0/16 //定義LAN網段
http_access allow our_networks //允許通過定義的網段
http_access deny all //其他網段DENY掉
http_reply_access allow all //允許應答其他常用的一些請求
icp_access allow all //允許應答其他常用的一些請求
miss_access allow all //允許應答其他常用的一些請求
cache_mgr llzqq@126.com //squid管理員聯絡方法
visible_hostname llzqq.3322.org //squid主機名稱
httpd_accel_port 80 //web主機連接埠
httpd_accel_single_host off //要是想用反向 Proxy而且僅有一個主機開啟此項
httpd_accel_with_proxy on //是否代理本地web主機
httpd_accel_host virtual //允許host_header,這是http1.1和透明代理要求的
httpd_accel_uses_host_header on //允許host_header,這是http1.1和透明代理要求的
error_directory /usr/local/etc/squid/errors/Simplify_Chinese//以何種語言顯示錯誤
ie_refresh on //相容老版本的IE瀏覽器
===========+===========+===========+===========
1.2 手動建立快取
# mdmfs -M -s 204m -O time -o noatime -p 0700 -v 2 -w squid:squid md0 \
/usr/local/squid/cache
-M 代表建立一個malloc型,預設是swap
-O是最佳化,可選為time和space
-o為mount選項
-p是掛載點許可權
-v是UFS版本(1、2)
-w是owner和group
md0是裝置名稱
/usr/local/squid/cache是掛載點
注意,不用先建立md0, mdmfs會自己建立
詳細參數說明在這裡:http://www.freebsd.org/cgi/man.cgi?query=mdmfs&sektion=8
1.3 建立cache目錄
# squid -z
1.4 定製squid啟動教本
# vi /usr/local/etc/rc.d/squid.sh
===========+===========+===========+===========
#!/bin/sh
# llzqq@126.com
case "$1" in
start)
if [ ! /usr/local/squid/cache/00 ]; then
/usr/local/sbin/squid -D
echo "squid start successful"
else
/usr/local/sbin/squid –z
sleep 5
/usr/local/sbin/squid -D
fi
;;
stop)
/usr/local/sbin/squid -k kill
;;
reload)
/usr/local/sbin/squid -k reconfigure
;;
*)
echo "use: start|stop|reload"
;;
esac
exit 0
===========+===========+===========+===========
# chmod 555 /usr/local/etc/rc.d/squid.sh
1.5 設定開機自動掛載快取
# vi /etc/fstab
在檔案最後加入下面這行
/dev/md0 /usr/local/squid/cache mfs rw,-s204m 2 0
2. 安裝DNS CAHCE伺服器
2.0 利用ports安裝bind
# cd /usr/ports/dns/bind9
# make install clean
# vi /etc/namedb/named.conf
===========+===========+===========+===========
acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
version "0.0.0";
recursion yes;
allow-recursion {
"trust-lan";
};
auth-nxdomain no;
listen-on { 192.168.0.20; 192.168.1.10; 127.0.0.1; };
forwarders {
202.99.160.68;
202.99.168.8;};
};
logging {
channel warning
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
===========+===========+===========+===========
2.1 更新根區檔案
# cd /etc/namedb
# rm named.root
# wget ftp://ftp.internic.org/domain/named.root
2.2 建立記錄檔
# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:wheel /var/log/named/*
2.3 產生localhost.rev
# cd /etc/namedb
# chmod 755 make-localhost
# ./make-localhost
2.4 產生rndc-key
# cd /usr/local/etc
# /usr/local/sbin/rndc-confgen > rndc.conf
把rndc.conf中:
# Use with the following in named.conf, adjusting the allow list as needed:
後面以的部分加到/etc/namedb/named.conf中並去掉注釋
2.5 運行測試
# /usr/local/sbin/named -gc /etc/namedb/named.conf
23-Jan-2006 21:03:03.224 starting BIND 9.3.2 -gc /etc/namedb/named.conf
23-Jan-2006 21:03:03.229 loading configuration from '/etc/namedb/named.conf'
23-Jan-2006 21:03:03.230 no IPv6 interfaces found
23-Jan-2006 21:03:03.230 listening on IPv4 interface rl0, 192.168.0.20#53
23-Jan-2006 21:03:03.230 listening on IPv4 interface rl1, 192.168.1.10#53
23-Jan-2006 21:03:03.231 listening on IPv4 interface lo0, 127.0.0.1#53
23-Jan-2006 21:03:03.235 command channel listening on 127.0.0.1#953
23-Jan-2006 21:03:03.235 ignoring config file logging statement due to -g option
23-Jan-2006 21:03:03.254 zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 20051219
23-Jan-2006 21:03:03.254 running
2.6 狀態檢查
# rndc status
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
2.7 建立啟動指令碼
# vi /usr/local/etc/rc.d/named.sh
================+==============+==============
#!/bin/sh
# Start and Stop BIND Service on FreeBSD
# LLZQQ@126.COM
#
. /etc/rc.subr
name="named"
start_cmd="start"
stop_cmd="stop"
start()
{
if [ "$named_enable" = "YES" ]; then
/usr/local/sbin/named -u bind -c /etc/namedb/named.conf &
echo "named started"
fi
}
stop()
{
pkill named
echo "named stoped"
}
load_rc_config $name
run_rc_command "$1"
================+==============+==============
# chmod 555 /usr/local/etc/rc.d/named.sh
3. 防火牆設定
# vi /etc/pf.conf
================+==============+==============+==============
ext_if = "{ fxp0 }"
int_if = "{ rl0, rl1 }"
int_net = "{ 192.168.0.0/16 }"
loop = "lo0"
noroute = "{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 255.255.255.255/32 }"
ports = "{ 20, 21, 22, 25, 53, 80, 110 }"
squid = "{127.0.0.1}"
set block-policy return
set optimization aggressive
set loginterface fxp0
set skip on lo0
scrub in all
nat on $ext_if from $int_net to any -> $ext_if
### squid transparent
rdr on $int_if proto tcp from any to any port 80 -> $squid port 3128
antispoof for $ext_if inet
block all
block return
block in quick on $ext_if os NMAP
block in quick on $ext_if from $noroute to any
block out quick on $ext_if from any to $noroute
pass quick on $loop all
pass quick on $int_if all
pass in on $ext_if proto {tcp,udp} from any to any port $ports keep state
pass in quick proto tcp from any to any port 55000 >< 56000 keep state
pass out on $ext_if all keep state
================+==============+==============+==============
4. 其他一些網路的設定
# vi /etc/rc.conf
hostname="llzqq.3322.org"
defaultrouter="61.211.x.x"
ifconfig_rl0="inet 192.168.0.20 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.10 netmask 255.255.255.0"
ifconfig_fxp0="inet 61.211.x.x netmask 255.255.255.224"
named_enable="YES"
pf_enable="YES" # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_program="/sbin/pfctl" # where the pfctl program lives
pf_flags="" # additional flags for pfctl
pflog_enable="YES" # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_program="/sbin/pflogd" # where the pflogd program lives
pflog_flags=""
# vi /etc/resolv.conf
nameserver 211.98.2.4
nameserver 202.99.168.8
nameserver 202.99.160.68
# vi /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.check_interface=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
# vi /boot/loader.conf
kern.maxfiles="65536"
用戶端設定網關和DNS的IP地址為這台SQUIDProxy 伺服器的IP地址。
到此完成。
/Files/studio313/q.rar
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
