成功配置SQUID3.0透明代理

bigbigsh

成功配置SQUID3.0透明代理,希望有能力者把我这脚本完善一下,一来可以提高自己的服务器的性能,来二初学者可以做为
样本直接可用.
eth0是外网 eth1 是196.196.0.8   内网是(196.196.0.0/24)   
我要做的是关掉所有下载,包括在线视频.如土豆网等一下视频.(土豆网等一些视频我是让它进到页面无法显示网页里的视频播放器达到禁止的效果)
我也是看别人的资料照抄.我没有什么精华部分.目前只是可以用和禁止下载网络视频也是可以关掉的.)但有一个问题/我自己除了土豆网里的视频能看外.其它的视频都看不了
局域网里的任何一台一点视频都看不了.


http_port 3128 transparent
cache_mem 256 MB
dns_nameservers 196.196.0.8
maximum_object_size_in_memory 2 MB
memory_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 5000 32 512
error_directory /usr/local/squid/share/errors/Simplify_Chinese
acl nocache urlpath_regex cookie.*\.php *\.jsp *\.asp *\.pl *\.cgi
no_cache deny nocache
acl audio urlpath_regex -i .torrent$ .avi$ .mp3$ .mp4$  
http_access deny audio
acl badfiles urlpath_regex -i .swf$ .flv$
http_access deny badfiles
acl download urlpath_regex -i \.zip$ \.exe$ \.mp3$ \.ra$ \.avi$ \.rar$ \.rvmb$ \.mpe$ \.flv$ \.swf$
http_access deny download
acl localhost src 196.196.0.0/24
http_access allow localhost
http_access deny all
acl safe port 80 3128
http_access allow safe
cache_effective_user squid
cache_effective_group squid
icp_port 0
cache_mgr worldrestart@yahoo.com.cn
acl OverConnLimit maxconn 16
http_access deny OverConnLimit
acl conncount maxconn 5
visible_hostname 196.196.0.8
icon_directory /usr/local/squid/share/icons
max_open_disk_fds 0
minimum_object_size 1 KB
maximum_object_size 20 MB
cache_swap_low 90
cache_swap_high 95
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log squid
cache_store_log none
emulate_httpd_log on
refresh_pattern -i \.htm$ 0 20% 1440
refresh_pattern -i \.html$ 0 20% 1440
refresh_pattern -i . 5 25% 2880
acl buggy_server url_regex ^http://.... http://
broken_posts allow buggy_server
request_entities off
relaxed_header_parser on
client_lifetime 120 minute
hostname_aliases 196.196.0.8
error_directory /usr/local/squid/share/errors/Simplify_Chinese
always_direct allow all
ignore_unknown_nameservers on
coredump_dir  /var/log/squid
half_closed_clients off
buffered_logs on

[ 本帖最后由 bigbigsh 于 2009-1-15 17:13 编辑 ]

chenzq1604

楼主最好提供一下squid安装机器的硬件比如内存多大，硬盘或者是准备设置CACHE的空闲目录有多大，CPU多高等等,不然新手拿你的配置好机器浪费了，差机器跑不了

bigbigsh

Intel(R) Xeon(R) CPU            3065  @ 2.33GHz
硬盘160G SATA 内存1G

[root@hwt ~]# /usr/local/squid/bin/squidclient -p 3128 -h 196.196.0.8 mgr:info
HTTP/1.0 200 OK
Server: squid/3.0.STABLE1
Mime-Version: 1.0
Date: Sat, 10 Jan 2009 01:13:16 GMT
Content-Type: text/plain
Expires: Sat, 10 Jan 2009 01:13:16 GMT
Last-Modified: Sat, 10 Jan 2009 01:13:16 GMT
X-Cache: MISS from 196.196.0.8
Via: 1.0 196.196.0.8 (squid/3.0.STABLE1)
Proxy-Connection: close

Squid Object Cache: Version 3.0.STABLE1
Start Time:     Fri, 09 Jan 2009 22:02:31 GMT
Current Time:   Sat, 10 Jan 2009 01:13:16 GMT
Connection information for squid:
        Number of clients accessing cache:      32
        Number of HTTP requests received:       41125
        Number of ICP messages received:        0
        Number of ICP messages sent:    0
        Number of queued ICP replies:   0
        Number of HTCP messages received:       0
        Number of HTCP messages sent:   0
        Request failure ratio:   0.00
        Average HTTP requests per minute since start:   215.6
        Average ICP messages per minute since start:    0.0
        Select loop called: 3191238 times, 3.587 ms avg
Cache information for squid:
        Hits as % of all requests:      5min: 11.9%, 60min: 12.2%
        Hits as % of bytes sent:        5min: 10.5%, 60min: 14.9%
        Memory hits as % of hit requests:       5min: 0.4%, 60min: 8.8%
        Disk hits as % of hit requests: 5min: 0.0%, 60min: 15.5%
        Storage Swap size:      512232 KB
        Storage Swap capacity:   5.0% used, 95.0% free
        Storage Mem size:       -232751 KB
        Storage Mem capacity:   56.1% used, 43.9% free
        Mean Object Size:       17.87 KB
        Requests given to unlinkd:      862
Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):   0.09219  0.07409
        Cache Misses:          0.12106  0.12783
        Cache Hits:            0.00000  0.00000
        Near Hits:             0.07014  0.05046
        Not-Modified Replies:  0.00000  0.00000
        DNS Lookups:           0.01269  0.01331
        ICP Queries:           0.00000  0.00000
Resource usage for squid:
        UP Time:        11445.499 seconds
        CPU Time:       38.777 seconds
        CPU Usage:      0.34%
        CPU Usage, 5 minute avg:        0.41%
        CPU Usage, 60 minute avg:       0.32%
        Process Data Segment Size via sbrk(): 25528 KB
        Maximum Resident Size: 0 KB
        Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
        Total space in arena:   25800 KB
        Ordinary blocks:        25561 KB     15 blks
        Small blocks:               0 KB      0 blks
        Holding blocks:        161396 KB   1166 blks
        Free Small blocks:          0 KB
        Free Ordinary blocks:     238 KB
        Total in use:          186957 KB 100%
        Total free:               238 KB 0%
        Total size:            187196 KB
Memory accounted for:
        Total accounted:       169861 KB  91%
        memPool accounted:     169861 KB  91%
        memPool unaccounted:    17334 KB   9%
        memPoolAlloc calls:  10560516
        memPoolFree calls:   10185892
File descriptor usage for squid:
        Maximum number of file descriptors:   1024
        Largest file desc currently in use:    183
        Number of file desc currently in use:   50
        Files queued for open:                   0
        Available number of file descriptors:  974
        Reserved number of file descriptors:   100
        Store Disk files open:                   0
Internal Data Structures:
         28871 StoreEntries
          8020 StoreEntries with MemObjects
          8018 Hot Object Cache Items
         28668 on-disk objects
[root@hwt ~]#

[ 本帖最后由 bigbigsh 于 2009-1-9 12:18 编辑 ]

ritto

先顶，再来学习一下

todayboy

先顶一下！！！！！！！

bigbigsh

顶一下....

ruochen

顶个

bigbigsh

另外帖上自己的IPTABLES
脚本免的我下回要装忘了
#!/bin/sh
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 110,25 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -m multiport --dports 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P FORWARD DROP
iptables -A FORWARD -p udp -s 196.196.0.0/24 --dport 53 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -i eth1 -m multiport --dports 110,25 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 8601 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 3128 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
/sbin/sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3800 &>/dev/null
iptables -t nat -A PREROUTING -s 196.196.0.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
/sbin/iptables -A POSTROUTING -t nat -s 196.196.0.0/24 -o eth0 -j SNAT --to-source 222.X.X.X

[ 本帖最后由 bigbigsh 于 2009-1-15 17:18 编辑 ]

xingjiudong

http_port 3128 transparent

就这条有用