当前位置: 主页 -> 服务器 -> Squid -> 用Squid设置透明代理(transparent proxy)

用Squid设置透明代理(transparent proxy)

相关版本：Red Hat Enterprise Linux 3，Red Hat Enterprise Linux 4

解决方法：

你要先把Squid和iptables安装好。

然后在/etc/squid/squid.conf找出以下项目：

    httpd_accel_host
    httpd_accel_port
    httpd_accel_with_proxy
    httpd_accel_uses_host_header

把它们替换成以下的设置：

# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------

#  TAG: httpd_accel_host
#  TAG: httpd_accel_port
#       If you want to run Squid as an httpd accelerator, define the
#       host name and port number where the real HTTP server is.
#
#       If you want virtual host support then specify the hostname
#       as "virtual".
#
#       If you want virtual port support then specify the port as "0".
#
#       NOTE: enabling httpd_accel_host disables proxy-caching and
#       ICP.  If you want these features enabled also, then set
#       the 'httpd_accel_with_proxy' option.
#
#Default:
httpd_accel_host virtual
httpd_accel_port 80

#  TAG: httpd_accel_with_proxy  on|off
#       If you want to use Squid as both a local httpd accelerator
#       and as a proxy, change this to 'on'. Note however that your
#       proxy users may have trouble to reach the accelerated domains
#       unless their browsers are configured not to use this proxy for
#       those domains (for example via the no_proxy browser configuration
#       setting)
#
#Default:
httpd_accel_with_proxy on

#  TAG: httpd_accel_uses_host_header    on|off
#       HTTP/1.1 requests include a Host: header which is basically the
#       hostname from the URL.  Squid can be an accelerator for
#       different HTTP servers by looking at this header.  However,
#       Squid does NOT check the value of the Host header, so it opens
#       a big security hole.  We recommend that this option remain
#       disabled unless you are sure of what you are doing.
#
#       However, you will need to enable this option if you run Squid
#       as a transparent proxy.  Otherwise, virtual servers which
#       require the Host: header will not be properly cached.
#
#Default:
httpd_accel_uses_host_header on

然后配置iptables，把所有的http请求转发到Squid服务器。

（请跟据你的网络环境，修改以下的"Squid-Server-IP","Local-Network-IP", 和"Machine-Running-Iptables"。）

# iptables -t nat -A PREROUTING -i eth0 -s ! SQUID-SERVER-IP -p tcp
     --dport 80 -j DNAT --to Squid-Server-IP:3128
# iptables -t nat -A POSTROUTING -o eth0 -s LOCAL-NETWORK-IP -d
     SQUID-SERVER-IP -j SNAT --to MACHINE-RUNNING-IPTABLES
# iptables -A FORWARD -s LOCAL-NETWORK-IP -d SQUID-SERVER-IP -i eth0
     -o eth0 -p tcp --dport 3128 -j ACCEPT
# service iptables save

完成更改后，请重启你的Squid服务器，新的配置才能生效。

    # service squid restart

在访问网页时，你可以监视Squid服务器上的/var/log/squid/access_log，如果发现有http请求转发到Squid服务器，就代表配置正碓。 uddtm 2009-08-04

« 上一篇：配置DSA公钥认证SSH ¦ 下一篇：红帽企业版Linux 3或者4上配置iSCSI存储 »