- 论坛徽章:
- 0
|
我是freebsd的新手,因为公司要上网,安装freebsd4.10做代理服务器
使用mpd经过adsl拨号,mpd的接口是ng0
想用ipfilter 和 squid实现透明网关,但是我遇到一个奇怪的问题,请大家指教
我的squid服务器安装好了,通过在客户机上设192.168.1.254 3128代理,可以上网,然后我在ipna.rules里加入
rdr fxp1 0.0.0.0/0 port 80 ->; 192.168.0.254 port 3128 tcp
rdr fxp2 0.0.0.0/0 port 80 ->; 192.168.1.254 port 3128 tcp
rdr fxp3 0.0.0.0/0 port 80 ->; 192.168.2.254 port 3128 tcp
怎么也上不了
然后我又尝试在后面加了几句话
map ng0 192.168.0.0/24 ->; 0.0.0.0/32 portmap tcp/udp 55001:65000
map ng0 192.168.0.0/24 ->; 0.0.0.0/32
map ng0 192.168.1.0/24 ->; 0.0.0.0/32 portmap tcp/udp 1025:55000
map ng0 192.168.1.0/24 ->; 0.0.0.0/32
现在透明代理可以工作了,我看squid的access.log中也都有记录了
我想问能否取消后面加的几句话?因为qq什么的也可以出去了
贴一下我的设置,希望大家能帮忙
ipf.rules:
block in log quick all with short
block in log quick all with ipopts
block in log quick all with frag
block in log quick all with opt lsrr
block in log quick all with opt ssrr
##############
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on fxp0 all
pass out quick on fxp0 all
pass in quick on fxp1 all
pass out quick on fxp1 all
pass in quick on fxp2 all
pass out quick on fxp2 all
pass in quick on fxp3 all
pass out quick on fxp3 all
###################################
block in quick on fxp0 from 192.168.0.0/16 to any
block in quick on fxp0 from 172.16.0.0/12 to any
block in quick on fxp0 from 10.0.0.0/8 to any
block in quick on fxp0 from 127.0.0.0/8 to any
block in quick on fxp0 from 192.0.2.0/24 to any
#############################################
#pass in quick on fxp1 proto tcp/udp from any to any port = 53 keep state
#pass in quick on fxp1 proto tcp/udp from any to any port = 20 keep state
#pass in quick on fxp1 proto tcp/udp from any to any port = 21 keep state
#pass in quick on fxp1 proto tcp from any to any port = 23 keep state
#pass in quick on fxp1 proto tcp from any to any port = 22 keep state
#pass in quick on fxp1 proto tcp from any to any port = 25 keep state
#pass in quick on fxp1 proto tcp from any to any port = 110 keep state
#pass in quick on fxp1 proto tcp/udp from any to any port = 139 keep state
#pass in quick on fxp1 proto tcp from any to any port = 80 keep state
#pass in quick on fxp1 proto tcp from any to any port = 443 keep state
#pass in quick on fxp1 proto tcp/udp from any to any port = 445 keep state
#pass in quick on fxp1 proto tcp from any to any port = 3128 keep state
#pass in quick on fxp1 proto tcp from any to any port = 8000 keep state
pass in quick on fxp0 proto tcp/udp from any to any port = 53 keep state
pass in quick on fxp0 proto tcp/udp from any to any port = 20 keep state
pass in quick on fxp0 proto tcp/udp from any to any port = 21 keep state
pass in quick on fxp0 proto tcp from any to any port = 23 keep state
pass in quick on fxp0 proto tcp from any to any port = 22 keep state
pass in quick on fxp0 proto tcp from any to any port = 25 keep state
pass in quick on fxp0 proto tcp from any to any port = 110 keep state
pass in quick on fxp0 proto tcp/udp from any to any port = 139 keep state
pass in quick on fxp0 proto tcp from any to any port = 80 keep state
pass in quick on fxp0 proto tcp from any to any port = 443 keep state
pass in quick on fxp0 proto tcp/udp from any to any port = 445 keep state
pass in quick on fxp0 proto tcp from any to any port = 1863 keep state
pass in quick on fxp0 proto tcp from any to any port = 3128 keep state
pass in quick on fxp0 proto udp from any to any port = 4000 keep state
pass in quick on fxp0 proto udp from any to any port = 4001 keep state
pass in quick on fxp0 proto udp from any to any port = 6000 keep state
pass in quick on fxp0 proto udp from any to any port = 6001 keep state
pass in quick on fxp0 proto tcp from any to any port = 8000 keep state
########################################################
block in on fxp0 proto tcp/udp from any to any
ipnat.rules:
rdr ng0 0.0.0.0/0 port 80 ->; 127.0.0.1 port 81 tcp
rdr fxp1 0.0.0.0/0 port 80 ->; 192.168.0.254 port 3128 tcp
rdr fxp2 0.0.0.0/0 port 80 ->; 192.168.1.254 port 3128 tcp
rdr fxp3 0.0.0.0/0 port 80 ->; 192.168.2.254 port 3128 tcp
map ng0 192.168.0.0/24 ->; 0.0.0.0/32 portmap tcp/udp 55001:65000
map ng0 192.168.0.0/24 ->; 0.0.0.0/32
map ng0 192.168.1.0/24 ->; 0.0.0.0/32 portmap tcp/udp 1025:55000
map ng0 192.168.1.0/24 ->; 0.0.0.0/32
squid.conf
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/cache 100 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
log_mime_hdrs on
log_fqdn on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1863 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /usr/local/squid/cache |
|
免费注册
发表于 2004-10-19 14:54
