- 论坛徽章:
- 0
|
转载 原文作者:llzqq 原文网址:
http://www.chinaunix.net/jh/5/591811.html
安装SQUID
# wget ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.5.STABLE6.tar.gz
# wget http://ftp.it.net.au/OpenBSD/3.6/packages/i386/autoconf-2.13p0.tgz
# wget http://ftp.it.net.au/OpenBSD/3.6/packages/i386/gmake-3.80.tgz
# pkg_add autoconf-2.13p0.tgz
# pkg_add gmake-3.80.tgz
# tar zxvf squid-2.5.STABLE6.tar.gz
# cd squid-2.5.STABLE6
# ./configure
--prefix=/usr/local/squid
--sysconfdir=/etc/squid
--enable-ssl
--with-openssl
--enable-default-err-language=Simplify_Chinese
--enable-pf-transparent
--disable-hostname-checks
--disable-internal-dns
# make
# make install
# groupadd squid
# useradd –g squid –d /dev/null –s /sbin/nologin squid
# chown –R squid:squid /usr/local/squid/
配置SQUID
# >; /etc/squid/squid.conf
# vi /etc/squid/squid.conf
=========================squid.conf========================
http_port 127.0.0.1:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 48 MB
cache_swap_low 80
cache_swap_high 90
maximum_object_size_in_memory 24 KB
cache_dir ufs /usr/local/squid/var/cache 100 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log none
cache_store_log none
emulate_httpd_log on
pid_filename /usr/local/squid/var/logs/squid.pid
dns_children 10
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl refused_sites url_regex "/etc/squid/refused_sites"
http_access deny refused_sites
acl our_networks src 192.168.0.0/16
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr webmaster@squid.com
cache_effective_user squid
cache_effective_group squid
visible_hostname www.squid.com
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_uses_host_header on
error_directory /usr/local/squid/share/errors/Simplify_Chinese
coredump_dir /usr/local/squid/var/cache
ie_refresh on
=========================squid.conf========================
设置透明代理
# vi /etc/pf.conf
rdr on $int_if inet proto tcp from $intnet to any port 80 ->; 127.0.0.1 port 3128
设置开机启动
当系统无PPP网络接口时:
# vi /etc/rc.local
if [ -f /etc/squid/squid.conf ]; then
/usr/local/squid/sbin/squid&
fi
当系统有PPP网络接口时:
# vi /etc/ppp/ppp.linkup
MYADDR:
! sh -c "/usr/local/squid/sbin/squid&"
附录:为SQUID添加用户认证功能
安装MYSQL_AUTH
# tar xzpf mysql_auth-0.6beta.tar.gz
# cd mysql_auth-0.6beta
修改Makefile中的内容(下面的设置针对的是用mysql-server-4.0.20.tgz安装的MYSQL)
# vi Makefile
CFLAGS = -I/usr/local/include -L/usr/local/lib
$(INSTALL) -o squid -g squid -m 755 mysql_auth /usr/bin/mysql_auth
$(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf
$(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf.default
修改src/define.h中的内容
# vi +5 src/define.h
#define CONFIG_FILE "/etc/mysql_auth.conf"
#define DEF_MYSQLD_SOCKET "/var/run/mysql/mysql.sock"
修改src/mysql_auth.conf中的内容
# vi src/mysql_auth.conf
mysqld_socket /var/run/mysql/mysql.sock
# make
# make install
创建用户数据库
# cd scripts
# mysql -u root -p******
mafa
回复于:2005-08-11 09:37:33
写作的速度也太快了吧!不过质量很高!收藏了。要是netbsd的就更符合口味了,呵呵。
剑心通明
回复于:2005-08-11 09:53:57
引用:原帖由 "mafa"]写作的速度也太快了吧!不过质量很高!收藏了。要是netbsd的就更符合口味了,呵呵。
发表:
防火墙什么的还是用OB好吧,呵呵
congli
回复于:2005-08-11 09:56:44
呵~~家里用FreeBSD 5.4+ PF + Squid来作透明代理.
mafa
回复于:2005-08-11 10:02:54
ob我没条件装,只有学nb和fb的。
anstan
回复于:2005-08-11 12:44:07
要是加个流量控制就更好了
xp-lcp
回复于:2007-05-14 17:04:31
我听说squid是专做负载平衡的,这篇文章的目的到的是什么哦?带有用户验证的SQUID服务器是什么意思?谁为偶这菜鸟解释一下!!
wangbin
回复于:2007-05-15 08:54:16
默认的配置值得一看
# $FreeBSD: src/etc/pf.conf,v 1.2 2004/09/14 01:07:18 mlaier Exp $
# $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Required order: options, normalization, queueing, translation, filtering.
# Macros and tables may be defined and used anywhere.
# Note that translation rules are first match while filter rules are last match.
# Macros: define common values, so they can be referenced and changed easily.
ext_if="fxp0" # replace with actual external interface name i.e., dc0
#int_if="int0" # replace with actual internal interface name i.e., dc1
#internal_net="10.1.1.1/8"
external_addr="200.200.1.158"
# Tables: similar to macros, but more flexible for many addresses.
#table { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }
# Options: tune the behavior of pf, default values are given.
#set timeout { interval 10, frag 30 }
#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
#set timeout { icmp.first 20, icmp.error 10 }
#set timeout { other.first 60, other.single 30, other.multiple 60 }
#set timeout { adaptive.start 0, adaptive.end 0 }
#set limit { states 10000, frags 5000 }
#set loginterface none
#set optimization normal
#set block-policy drop
#set require-order yes
#set fingerprints "/etc/pf.os"
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
#scrub in all
# Queueing: rule-based bandwidth control.
#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
#queue dflt bandwidth 5% cbq(default)
#queue developers bandwidth 80%
#queue marketing bandwidth 15%
# Translation: specify how addresses are to be mapped or redirected.
# nat: packets going out through $ext_if with source address $internal_net will
# get translated as coming from the address of $ext_if, a state is created for
# such packets, and incoming packets will be redirected to the internal address.
#nat on $ext_if from $internal_net to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination $external_addr:1234 will
# be redirected to 10.1.1.1:5678. A state is created for such packets, and
# outgoing packets will be translated as coming from the external address.
#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678
# rdr outgoing FTP requests to the ftp-proxy
#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# spamd-setup puts addresses to be redirected into table .
#table persist
#no rdr on { lo0, lo1 } from any to any
#rdr inet proto tcp from to any port smtp -> 127.0.0.1 port 8025
# Filtering: the implicit first two rules are
#pass in all
#pass out all
# block all incoming packets but allow ssh, pass all outgoing tcp and udp
# connections and keep state, logging blocked packets.
#block in log all
#pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
#pass out on $ext_if proto { tcp, udp } all keep state
# pass incoming packets destined to the addresses given in table .
pass in on $ext_if proto { tcp, udp } from any to port 80 keep state
# pass incoming ports for ftp-proxy
#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
# assign packets to a queue.
#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/19351/showart_476694.html |
|
免费注册
发表于 2008-02-07 14:56