系统版本:centos6.4 x64
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
[root@squid ~]# sed -i "s#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g" /etc/sysctl.conf [root@squid ~]# sed -i "s#net.ipv4.conf.default.rp_filter = 1#net.ipv4.conf.default.rp_filter = 0#g" /etc/sysctl.conf [root@squid ~]# cat >> /etc/sysctl.conf <<BYRD #by:byrd net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time =600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 net.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_max = 25000000 net.netfilter.nf_conntrack_tcp_timeout_established = 180 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 #by:byrd BYRD [root@squid ~]# sysctl -p [root@squid ~]# for byrd in `chkconfig --list | grep 3:on | awk '{print $1}'`;do chkconfig --level 3 $byrd off;done [root@squid ~]# for byrd in crond network rsyslog sshd iptables;do chkconfig --level 3 $byrd on;done [root@squid ~]# yum install squid -y #squid-3.1.10-20.el6_5.3.x86_64.rpm [root@squid ~]# cat >> /etc/squid/squid.conf <<BYRD refresh_pattern -i \.css$ 360 50% 2880 reload-into-ims refresh_pattern -i \.js$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.html$ 720 50% 1440 reload-into-ims refresh_pattern -i \.jpg$ 1440 50% 2880 ignore-reload refresh_pattern -i \.gif$ 1440 50% 2880 ignore-reload refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload refresh_pattern -i \.jpg$ 1440 50% 2880 ignore-reload refresh_pattern -i \.png$ 1440 50% 2880 ignore-reload refresh_pattern -i \.bmp$ 1440 50% 2880 ignore-reload #########by:byrd######### visible_hostname squid.t4x.org cache_mgr squid@t4x.org cache_mem 100 MB dns_nameservers 223.5.5.5 cache_replacement_policy lru ipcache_size 1024 ipcache_low 90 ipcache_high 95 memory_pools on memory_pools_limit 64 MB BYRD [root@squid ~]# sed -i "s#http_port 3128#http_port 3129 intercept#g" /etc/squid/squid.conf [root@squid ~]# sed -i "s#\#cache_dir ufs /var/spool/squid 100 16 256#cache_dir aufs /var/spool/squid 256 16 256#g" /etc/squid/squid.conf [root@squid ~]# /usr/sbin/squid -z [root@squid ~]# squid -k parse [root@squid ~]# /usr/sbin/squid -N -d1 2014/06/09 23:50:10| Ready to serve requests.#可以尝试启动服务了 [root@squid ~]# /etc/init.d/squid start Starting squid: . [ OK ] [root@squid ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1115/sshd tcp 0 0 0.0.0.0:3129 0.0.0.0:* LISTEN 1724/(squid) tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1191/master tcp 0 0 :::22 :::* LISTEN 1115/sshd tcp 0 0 ::1:25 :::* LISTEN 1191/master udp 0 0 0.0.0.0:63682 0.0.0.0:* 1724/(squid) udp 0 0 :::7248 :::* 1724/(squid) [root@squid ~]# /usr/sbin/squid -k rotate [root@squid ~]# squidclient -p 3128 mgr:info [root@squid ~]# iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3129 or [root@squid ~]# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3129 #eth1是内网卡 [root@squid ~]# iptables -t nat -A PREROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE [root@squid ~]# iptables -F [root@squid ~]# iptables -L -t nat -n |
申明:本文由BYRD原创(基于squid-3.1.10),未经许可禁止转载! SourceByrd's Weblog-https://note.t4x.org/system/config-suqid-transparent-proxy/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
Trackbacks