linux iptables squid 透明代理

昨天配了台簡單的linux機器,利用iptables實現雙網卡內網訪問外網,今天簡單的研究了下squid,在網上找了許多資料,實現了squid透明代理
squid.conf多用預設配置,還有很多配置需要學習

[root@localhost ~]# more /usr/local/bin/firewall.sh
#
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

#
echo 1 > /proc/sys/net/ipv4/ip_forward

#
iptables -t nat -A POSTROUTING -s 192.168.168.0/24 -o eth1 -j SNAT --to 外部ip
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.168.0/24 --dport 80 -j REDIRECT --to-port 3128

[root@localhost ~]# more /etc/squid/squid.conf

acl our_networks src 192.168.168.0/24
http_access allow our_networks

http_port 3128 transparent

cache_mem 128 MB

cache_dir ufs /var/spool/squid 1000 64 1024

cache_swap_low 90
cache_swap_high 95

access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

mime_table /etc/squid/mime.conf

pid_filename /var/run/squid.pid

cache_effective_user squid
cache_effective_group squid

icp_port 3130