RHEL 6에서 Squid 3.1을 사용하는 투명 프록시

RHEL 6에서 Squid 3.1을 사용하는 투명 프록시

우리는 거의 50개의 Windows XP 시스템을 보유하고 있으며 서버에는 Linux(RHEL6)가 있습니다.

로컬 사용을 위한 Squid 3.1, Samba 및 Apache도 있습니다.

프록시에서는 VPN과 Outlook Express를 연결할 수 없습니다. 투명한 프록시가 이 문제를 해결할 수 있다고 들었습니다. 나는 인터넷과 스택 교환 단계를 시도했습니다. 하지만 나는 이 문제를 제대로 해결할 수 없다. 명확한 구성 파일과 IpTable 구성을 제공하십시오.

이것은 내 오징어 구성 파일입니다.

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localinternet src 10.1.1.0/24
##acl localnet src 10.0.0.0/8        # RFC1918 possible internal network
##acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
##acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
##acl localnet src fc00::/7           # RFC 4193 local private network range
##acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines
#
# Special IP List
acl special src "/etc/squid/special.txt"                # All Access IPs
# Allowed IP List
acl d_unlimited src "/etc/squid/d_unlimited.txt"        # Full Download access
acl u_unlimited src "/etc/squid/u_unlimited.txt"        # Full Upload access
acl allow_proxy src "/etc/squid/allow_proxy.txt"        # Allow Proxy
acl allow_social src "/etc/squid/allow_social.txt"      # Allow Social networking
acl allow_tutorial src "/etc/squid/allow_tutorial.txt"  # Allow Tutorial
acl allow_movie src "/etc/squid/allow_movie.txt"        # Allow Jobs
acl allow_jobs src "/etc/squid/allow_jobs.txt"          # Allow Movie
acl allow_sex src "/etc/squid/allow_sex.txt"            # Allow Sex
#
# Blocked Keys
#
acl goodkey url_regex "/etc/squid/goodkey.txt"
acl proxy url_regex "/etc/squid/proxy.txt"
acl social url_regex "/etc/squid/social.txt"
acl tutorial url_regex "/etc/squid/tutorial.txt"
acl movie url_regex "/etc/squid/movie.txt"
acl jobs url_regex "/etc/squid/jobs.txt"
acl sex url_regex "/etc/squid/sex.txt"
#
# Upload/Download Limit
#
request_body_max_size 2000 KB localinternet !u_unlimited
reply_body_max_size 6000 KB localinternet !d_unlimited
#
#
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
#
# Allow all / Allow Good keys
http_access allow special
http_access allow goodkey
#
# Allow  Proxy Sites
#
http_access allow allow_proxy proxy
#
# Allow Social Networking
#
http_access allow allow_social social
#
# Allow Tutorials
http_access allow allow_tutorial tutorial
#
# Allow Movie
http_access allow allow_movie movie
#
# Allow Jobs
http_access allow allow_jobs jobs
#
# Allow Sex
http_access allow allow_sex sex
#
# Allow List
http_access allow localinternet !proxy !social !tutorial !movie !jobs !sex
#
# Local Host
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

답변1

이것을 squid.conf에 넣으십시오.

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# acl lan src 192.168.1.1 192.168.2.0/24 # configure this for your lan settings
http_access allow localhost
http_access allow lan

그리고 오징어 서버에 iptables가 설정되어 있는지 확인하십시오.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

자세한 내용은 다음을 방문하세요.http://tldp.org/HOWTO/TransparentProxy.html

답변2

dns_nameservers 182.190.0.21 182.176.39.17 192.168.1.100
#broken_vary_encoding allow apache
#extension_methods REPORT MERGE MKACTIVITY CHECKOUT
#acl M1 arp 00:18:8B:28:DD:7F
#acl M2 arp 00:21:9b:d3:d8:de
#http_access allow M1
#http_access allow M2
#http_access deny all
#http_port 80
#httpd_accel_host 127.0.0.1
#http_accel_port 80
http_port 80 accel defaultsite=proxy.shancomputers.com vhost
forwarded_for on
#httpd_accel_single_host on
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header off


icp_access allow all






#cache_peer 127.0.0.1 parent 3128 0 no-query default

acl web_ports port 80
http_access allow web_ports
acl purge method PURGE
#http_access allow purge localhost
http_access deny purge
hierarchy_stoplist cgi-bin ?





memory_replacement_policy lru
cache_replacement_policy heap LFUDA

#upgrade_http0.9 deny shoutcast
#acl all src all
unique_hostname proxy.shancomputers.com
visible_hostname proxy.shancomputers.com
cache_mgr [email protected]

acl dp url_regex -i \.mp3$ \.wmv$ \.avi$ \.wma$ \.mpe?g$
acl dp1 rep_mime_type video/flv
acl youtube dstdomain .youtube.com
acl YIM_ports port 5050
acl YIM_domains dstdomain .yahoo.com .yahoo.co.jp
acl YIM_hosts dstdomain scs.msg.yahoo.com cs.yahoo.co.jp
acl YIM_methods method CONNECT
acl MSN_ports port 1863 443 1503
acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com
acl MSN_hosts dstdomain messenger.hotmail.com
acl MSN_nets dst 192.168.1.0/24
acl MSN_methods method CONNECT
acl numconn maxconn 6
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl POST method POST
acl CONNECT method CONNECT
acl GET method GET
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]

acl apache rep_header Server ^Apache
acl QUERY urlpath_regex cgi-bin \?
#---------------------------------------------------------------------
http_access allow YIM_methods YIM_ports YIM_hosts
http_access allow YIM_methods YIM_ports YIM_domains
http_access allow MSN_methods MSN_ports MSN_hosts
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.1.1:3128 transparent

#http_port 192.168.1.1:8080 transparent




#---------------------------------------------------------------------

#memory_cache_mode always
acl FTP proto FTP
always_direct allow FTP
miss_access allow all
#--------------------------------------------------------------------
cache_store_log /var/log/squid/store.log
no_cache deny QUERY
no_cache deny POST

#---------------------------------------------------------------------
request_header_max_size 100 MB
maximum_object_size 96 MB


refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$       0       20%     2880
refresh_pattern .              9999    99%    99990 override-expire reload-into-ims override-lastmod
refresh_pattern cgi-bin 1 20% 2
refresh_pattern \.asp$ 1 20% 2
refresh_pattern \.acgi$ 1 20% 2
refresh_pattern \.cgi$ 1 20% 2
refresh_pattern \.pl$ 1 20% 2
refresh_pattern \.shtml$ 1 20% 2
refresh_pattern \.php3$ 1 20% 2
refresh_pattern \? 1 20% 2
refresh_pattern \.gif$ 10080 90% 43200
refresh_pattern \.jpg$ 10080 90% 43200
refresh_pattern \.bom\.gov\.au 30 20% 120
refresh_pattern \.html$ 480 50% 22160
refresh_pattern \.htm$ 480 50% 22160
refresh_pattern \.class$ 10080 90% 43200
refresh_pattern \.zip$ 10080 90% 43200
refresh_pattern \.jpeg$ 10080 90% 43200
refresh_pattern \.mid$ 10080 90% 43200
refresh_pattern \.shtml$ 480 50% 22160
refresh_pattern \.exe$ 10080 90% 43200
refresh_pattern \.thm$ 10080 90% 43200
refresh_pattern \.wav$ 10080 90% 43200
refresh_pattern \.txt$ 10080 90% 43200
refresh_pattern \.cab$ 10080 90% 43200
refresh_pattern \.au$ 10080 90% 43200
refresh_pattern \.mov$ 10080 90% 43200
refresh_pattern \.xbm$ 10080 90% 43200
refresh_pattern \.ram$ 10080 90% 43200
refresh_pattern \.avi$ 10080 90% 43200
refresh_pattern \.chtml$ 480 50% 22160
refresh_pattern \.thb$ 10080 90% 43200
refresh_pattern \.dcr$ 10080 90% 43200
refresh_pattern \.bmp$ 10080 90% 43200
refresh_pattern \.phtml$ 480 50% 22160
refresh_pattern \.mpg$ 10080 90% 43200
refresh_pattern \.pdf$ 10080 90% 43200
refresh_pattern \.swf$ 10080 90% 43200
refresh_pattern \.mp3$ 10080 90% 43200
refresh_pattern \.ra$ 10080 90% 43200
refresh_pattern \.spl$ 10080 90% 43200
refresh_pattern \.viv$ 10080 90% 43200
refresh_pattern \.doc$ 10080 90% 43200
refresh_pattern \.gz$ 10080 90% 43200
refresh_pattern \.Z$ 10080 90% 43200
refresh_pattern \.tgz$ 10080 90% 43200
refresh_pattern \.tar$ 10080 90% 43200
refresh_pattern \.vrm$ 10080 90% 43200
refresh_pattern \.vrml$ 10080 90% 43200
refresh_pattern \.aif$ 10080 90% 43200
refresh_pattern \.aifc$ 10080 90% 43200
refresh_pattern \.aiff$ 10080 90% 43200
refresh_pattern \.arj$ 10080 90% 43200
refresh_pattern \.c$ 10080 90% 43200
refresh_pattern \.cpt$ 10080 90% 43200
refresh_pattern \.dir$ 10080 90% 43200
refresh_pattern \.dxr$ 10080 90% 43200
refresh_pattern \.hqx$ 10080 90% 43200
refresh_pattern \.jpe$ 10080 90% 43200
refresh_pattern \.lha$ 10080 90% 43200
refresh_pattern \.lzh$ 10080 90% 43200
refresh_pattern \.midi$ 10080 90% 43200
refresh_pattern \.movie$ 10080 90% 43200
refresh_pattern \.mp2$ 10080 90% 43200
refresh_pattern \.mpe$ 10080 90% 43200
refresh_pattern \.mpeg$ 10080 90% 43200
refresh_pattern \.mpga$ 10080 90% 43200
refresh_pattern \.pl$ 10080 90% 43200
refresh_pattern \.ppt$ 10080 90% 43200
refresh_pattern \.ps$ 10080 90% 43200
refresh_pattern \.qt$ 10080 90% 43200
refresh_pattern \.qtm$ 10080 90% 43200
refresh_pattern \.ras$ 10080 90% 43200
refresh_pattern \.sea$ 10080 90% 43200
refresh_pattern \.sit$ 10080 90% 43200
refresh_pattern \.tif$ 10080 90% 43200
refresh_pattern \.tiff$ 10080 90% 43200
refresh_pattern \.snd$ 10080 90% 43200
refresh_pattern \.wrl$ 10080 90% 43200
refresh_pattern ^ftp:// 480 60% 22160
refresh_pattern ^gopher:// 30 20% 120
refresh_pattern . 480 50% 22160
refresh_pattern \.iso$ 10080 90% 43200
#------------------------------------------------------------------------
range_offset_limit 0 KB
#---------------------------------------------------------------------------
hosts_file /etc/hosts
coredump_dir /var/spool/squid
#----------------------------------------------------------------------------
quick_abort_min 1024 KB
quick_abort_max 2048 KB
quick_abort_pct 90
cache_effective_user squid
cache_effective_group squid

cache_dir ufs /var/spool/squid 20000 16 256
cache_mem 1024 MB
fqdncache_size 1024
request_body_max_size 100 KB

답변3

Squid는 일반적으로 포트 3128에서 수신 대기합니다.

http_port 3128 intercept

squid.conf 파일에서 이렇게 수정하세요.

관련 정보