成功配置SQUID3.0透明代理

bigbigsh

成功配置SQUID3.0透明代理,希望有能力者把我這腳本完善一下,一來可以提高自己的服務(wù)器的性能,來二初學(xué)者可以做為
樣本直接可用.
eth0是外網(wǎng) eth1 是196.196.0.8   內(nèi)網(wǎng)是(196.196.0.0/24)   
我要做的是關(guān)掉所有下載,包括在線視頻.如土豆網(wǎng)等一下視頻.(土豆網(wǎng)等一些視頻我是讓它進(jìn)到頁面無法顯示網(wǎng)頁里的視頻播放器達(dá)到禁止的效果)
我也是看別人的資料照抄.我沒有什么精華部分.目前只是可以用和禁止下載網(wǎng)絡(luò)視頻也是可以關(guān)掉的.)但有一個(gè)問題/我自己除了土豆網(wǎng)里的視頻能看外.其它的視頻都看不了
局域網(wǎng)里的任何一臺一點(diǎn)視頻都看不了.


http_port 3128 transparent
cache_mem 256 MB
dns_nameservers 196.196.0.8
maximum_object_size_in_memory 2 MB
memory_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 5000 32 512
error_directory /usr/local/squid/share/errors/Simplify_Chinese
acl nocache urlpath_regex cookie.*\.php *\.jsp *\.asp *\.pl *\.cgi
no_cache deny nocache
acl audio urlpath_regex -i .torrent$ .avi$ .mp3$ .mp4$  
http_access deny audio
acl badfiles urlpath_regex -i .swf$ .flv$
http_access deny badfiles
acl download urlpath_regex -i \.zip$ \.exe$ \.mp3$ \.ra$ \.avi$ \.rar$ \.rvmb$ \.mpe$ \.flv$ \.swf$
http_access deny download
acl localhost src 196.196.0.0/24
http_access allow localhost
http_access deny all
acl safe port 80 3128
http_access allow safe
cache_effective_user squid
cache_effective_group squid
icp_port 0
cache_mgr worldrestart@yahoo.com.cn
acl OverConnLimit maxconn 16
http_access deny OverConnLimit
acl conncount maxconn 5
visible_hostname 196.196.0.8
icon_directory /usr/local/squid/share/icons
max_open_disk_fds 0
minimum_object_size 1 KB
maximum_object_size 20 MB
cache_swap_low 90
cache_swap_high 95
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log squid
cache_store_log none
emulate_httpd_log on
refresh_pattern -i \.htm$ 0 20% 1440
refresh_pattern -i \.html$ 0 20% 1440
refresh_pattern -i . 5 25% 2880
acl buggy_server url_regex ^http://.... http://
broken_posts allow buggy_server
request_entities off
relaxed_header_parser on
client_lifetime 120 minute
hostname_aliases 196.196.0.8
error_directory /usr/local/squid/share/errors/Simplify_Chinese
always_direct allow all
ignore_unknown_nameservers on
coredump_dir  /var/log/squid
half_closed_clients off
buffered_logs on

[ 本帖最后由 bigbigsh 于 2009-1-15 17:13 編輯 ]

chenzq1604

樓主最好提供一下squid安裝機(jī)器的硬件比如內(nèi)存多大，硬盤或者是準(zhǔn)備設(shè)置CACHE的空閑目錄有多大，CPU多高等等,不然新手拿你的配置好機(jī)器浪費(fèi)了，差機(jī)器跑不了

bigbigsh

Intel(R) Xeon(R) CPU            3065  @ 2.33GHz
硬盤160G SATA 內(nèi)存1G

[root@hwt ~]# /usr/local/squid/bin/squidclient -p 3128 -h 196.196.0.8 mgr:info
HTTP/1.0 200 OK
Server: squid/3.0.STABLE1
Mime-Version: 1.0
Date: Sat, 10 Jan 2009 01:13:16 GMT
Content-Type: text/plain
Expires: Sat, 10 Jan 2009 01:13:16 GMT
Last-Modified: Sat, 10 Jan 2009 01:13:16 GMT
X-Cache: MISS from 196.196.0.8
Via: 1.0 196.196.0.8 (squid/3.0.STABLE1)
Proxy-Connection: close

Squid Object Cache: Version 3.0.STABLE1
Start Time:     Fri, 09 Jan 2009 22:02:31 GMT
Current Time:   Sat, 10 Jan 2009 01:13:16 GMT
Connection information for squid:
        Number of clients accessing cache:      32
        Number of HTTP requests received:       41125
        Number of ICP messages received:        0
        Number of ICP messages sent:    0
        Number of queued ICP replies:   0
        Number of HTCP messages received:       0
        Number of HTCP messages sent:   0
        Request failure ratio:   0.00
        Average HTTP requests per minute since start:   215.6
        Average ICP messages per minute since start:    0.0
        Select loop called: 3191238 times, 3.587 ms avg
Cache information for squid:
        Hits as % of all requests:      5min: 11.9%, 60min: 12.2%
        Hits as % of bytes sent:        5min: 10.5%, 60min: 14.9%
        Memory hits as % of hit requests:       5min: 0.4%, 60min: 8.8%
        Disk hits as % of hit requests: 5min: 0.0%, 60min: 15.5%
        Storage Swap size:      512232 KB
        Storage Swap capacity:   5.0% used, 95.0% free
        Storage Mem size:       -232751 KB
        Storage Mem capacity:   56.1% used, 43.9% free
        Mean Object Size:       17.87 KB
        Requests given to unlinkd:      862
Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):   0.09219  0.07409
        Cache Misses:          0.12106  0.12783
        Cache Hits:            0.00000  0.00000
        Near Hits:             0.07014  0.05046
        Not-Modified Replies:  0.00000  0.00000
        DNS Lookups:           0.01269  0.01331
        ICP Queries:           0.00000  0.00000
Resource usage for squid:
        UP Time:        11445.499 seconds
        CPU Time:       38.777 seconds
        CPU Usage:      0.34%
        CPU Usage, 5 minute avg:        0.41%
        CPU Usage, 60 minute avg:       0.32%
        Process Data Segment Size via sbrk(): 25528 KB
        Maximum Resident Size: 0 KB
        Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
        Total space in arena:   25800 KB
        Ordinary blocks:        25561 KB     15 blks
        Small blocks:               0 KB      0 blks
        Holding blocks:        161396 KB   1166 blks
        Free Small blocks:          0 KB
        Free Ordinary blocks:     238 KB
        Total in use:          186957 KB 100%
        Total free:               238 KB 0%
        Total size:            187196 KB
Memory accounted for:
        Total accounted:       169861 KB  91%
        memPool accounted:     169861 KB  91%
        memPool unaccounted:    17334 KB   9%
        memPoolAlloc calls:  10560516
        memPoolFree calls:   10185892
File descriptor usage for squid:
        Maximum number of file descriptors:   1024
        Largest file desc currently in use:    183
        Number of file desc currently in use:   50
        Files queued for open:                   0
        Available number of file descriptors:  974
        Reserved number of file descriptors:   100
        Store Disk files open:                   0
Internal Data Structures:
         28871 StoreEntries
          8020 StoreEntries with MemObjects
          8018 Hot Object Cache Items
         28668 on-disk objects
[root@hwt ~]#

[ 本帖最后由 bigbigsh 于 2009-1-9 12:18 編輯 ]

ritto

先頂，再來學(xué)習(xí)一下

todayboy

先頂一下�。。。。。�！

bigbigsh

頂一下....

ruochen

頂個(gè)

bigbigsh

另外帖上自己的IPTABLES
腳本免的我下回要裝忘了
#!/bin/sh
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 110,25 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -m multiport --dports 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P FORWARD DROP
iptables -A FORWARD -p udp -s 196.196.0.0/24 --dport 53 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -i eth1 -m multiport --dports 110,25 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 8601 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 3128 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT
/sbin/sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3800 &>/dev/null
iptables -t nat -A PREROUTING -s 196.196.0.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
/sbin/iptables -A POSTROUTING -t nat -s 196.196.0.0/24 -o eth0 -j SNAT --to-source 222.X.X.X

[ 本帖最后由 bigbigsh 于 2009-1-15 17:18 編輯 ]

xingjiudong

http_port 3128 transparent

就這條有用