squid+iptables+nat+dhcp的透明代理.doc

squid+iptables+nat+dhcp的透明代理 我的系统平台：red hat enterprise Linux 5 系统一般都已经安装好了squid2.6?及iptables??dhcp需自行安装。如都没有安装，安装包可以在光盘的server中找。 squid和iptable+dhcpd的具体安装我在此不做太多说明，一般看看它们的说明即可。我公司用一台机器作为代理上网。eth0连接内部网,eth1连接外部网。下面把我的配置写下来。 iptable的配置，在/etc/rc.d/目录下用touch命令建立firewall文件，执行chmod?u+x?firewll以更改文件属性，编辑/etc/rc.d/rc.local文件，在末尾加上/etc/rc.d/firewall以确保开机时能自动执行该脚本。 modprobe ip_tables modprobe iptable_nat modprobe ip_nat_ftp modprobe ip_conntrack_ftp echo 1 /proc/sys/net/ipv4/ip_forward iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t nat -A PREROUTING -i eth0 -p tcp -s /24 --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -s 18 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 18 iptables -t nat -A POSTROUTING -s /24 -o eth1 -j SNAT --to 18 说明/24?是内网的网段??18是外网IP地址。 squid的配置： #?WELCOME TO SQUID 2.6.STABLE21 http_port 0:3128 transparent acl all src?/ acl manager proto cache_object acl localhost src /55 acl to_localhost dst /8 acl SSL_ports port 443??????????#https acl Safe_ports port 53??????????#dns acl Safe_ports port 80??????????????????# http acl Safe_ports port 21??????????????????# ftp acl Safe_ports port 443????????????????# https acl Safe_ports port 70??????????????????# gopher acl Safe_ports port 210????????????????# wais acl Safe_ports port 1025-65535?????# unregistered ports acl Safe_ports port 280????????????????# http-mgmt acl Safe_ports port 488????????????????# gss-http acl Safe_ports port 591????????????????# filemaker acl Safe_ports port 777????????????????# multiling http acl CONNECT method CONNECT acl mynet src / http_access allow mynet http_access deny all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow all http_reply_access allow all icp_access allow all hierarchy_stoplist cgi-bin ? cache_