文章來源
In transparent squid, it is not necessary to configure browser to particular port like 8080 and 3128.
First, edit your squid.conf file by typing in terminal
# vim /etc/squid/squid.conf
edit line may be 89 in 2.6 version
http_port 192.168.0.1:3128 transparent
( where 192.168.0.1 is your local interface address )
and set visible_hostname to localhost
and insert below lines under tag
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl our_networks src 192.168.0.0/24 192.168.2.0/24
http_access allow our_networks
(use gedit if not familiar with vim )
now start squid by typing
# /usr/sbin/squid -z
now flush all rules of iptables for transparent mode
# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
now delete this chains by
# iptables -X
# iptables -t nat -X
# iptables -t mangle -X
now time to save iptables, so type
# service iptables save
# service iptables restart
now all rules and chains will clear !
check it by /etc/sysconfig/iptables which has all defaults rules set to accept.
now /etc/rc.d/rc.local
and insert line
echo 1 > /proc/sys/net/ipv4/ip_forward
and then save and close.
now asuming that your internet interface is eth0 then type :
# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# service iptables save
# service iptables restart
note:- check your service of iptables is set to start during boot up .
or check status of your iptables service
# chkconfig –list iptables
if level 5 is on then its ok othewise start service at level 5 or level 2345.
沒有留言:
張貼留言