RHEL 6でSquid 3.1を使用した透明プロキシ

tag-icon tag-icon linux rhel proxy squid
RHEL 6でSquid 3.1を使用した透明プロキシ

私たちはほぼ50のWindows XPシステムを持っており、サーバーにはLinux(RHEL6)があります。

ローカル使用のためのSquid 3.1、Samba、Apacheもあります。

プロキシではVPNとOutlook Expressを接続できません。透明なプロキシがこの問題を解決できると聞きました。私はインターネットとスタック交換のステップを試しました。しかし、私はこの問題を正しく解決できません。明確な構成ファイルと IpTable 構成を提供します。

これは私のイカ構成ファイルです。

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localinternet src 10.1.1.0/24
##acl localnet src 10.0.0.0/8        # RFC1918 possible internal network
##acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
##acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
##acl localnet src fc00::/7           # RFC 4193 local private network range
##acl localnet src fe80::/10          # RFC 4291 link-local (directly plugged) machines
#
# Special IP List
acl special src "/etc/squid/special.txt"                # All Access IPs
# Allowed IP List
acl d_unlimited src "/etc/squid/d_unlimited.txt"        # Full Download access
acl u_unlimited src "/etc/squid/u_unlimited.txt"        # Full Upload access
acl allow_proxy src "/etc/squid/allow_proxy.txt"        # Allow Proxy
acl allow_social src "/etc/squid/allow_social.txt"      # Allow Social networking
acl allow_tutorial src "/etc/squid/allow_tutorial.txt"  # Allow Tutorial
acl allow_movie src "/etc/squid/allow_movie.txt"        # Allow Jobs
acl allow_jobs src "/etc/squid/allow_jobs.txt"          # Allow Movie
acl allow_sex src "/etc/squid/allow_sex.txt"            # Allow Sex
#
# Blocked Keys
#
acl goodkey url_regex "/etc/squid/goodkey.txt"
acl proxy url_regex "/etc/squid/proxy.txt"
acl social url_regex "/etc/squid/social.txt"
acl tutorial url_regex "/etc/squid/tutorial.txt"
acl movie url_regex "/etc/squid/movie.txt"
acl jobs url_regex "/etc/squid/jobs.txt"
acl sex url_regex "/etc/squid/sex.txt"
#
# Upload/Download Limit
#
request_body_max_size 2000 KB localinternet !u_unlimited
reply_body_max_size 6000 KB localinternet !d_unlimited
#
#
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
#
# Allow all / Allow Good keys
http_access allow special
http_access allow goodkey
#
# Allow  Proxy Sites
#
http_access allow allow_proxy proxy
#
# Allow Social Networking
#
http_access allow allow_social social
#
# Allow Tutorials
http_access allow allow_tutorial tutorial
#
# Allow Movie
http_access allow allow_movie movie
#
# Allow Jobs
http_access allow allow_jobs jobs
#
# Allow Sex
http_access allow allow_sex sex
#
# Allow List
http_access allow localinternet !proxy !social !tutorial !movie !jobs !sex
#
# Local Host
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

ベストアンサー1

これをsquid.confに入れます。

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# acl lan src 192.168.1.1 192.168.2.0/24 # configure this for your lan settings
http_access allow localhost
http_access allow lan

そして、イカサーバーにiptablesが設定されていることを確認してください。

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

詳しくは以下をご覧ください。http://tldp.org/HOWTO/TransparentProxy.html

おすすめ記事