Skocz do zawartości

Squid


MrReal

Rekomendowane odpowiedzi

Zdziwiło mnie trochę że jest tak niewiele howto i tutoriali o squidzie w sieci, a na forum nie ma nic. Najwyższy czas coś o tym powiedzieć :P.

 

Problem polega na tym że pomimo iż robie wszystko wg przepisu z

http://zlobek.tcz.wroclaw.pl/dzial.php3?dzial=8

to squid nie działa. Tzn włączam squida i nic. Początkowo ustawiałem bez trybu transparentnego i zmieniałem konfiguracje przeglądarki. Efekt był taki że jak chciałem otworzyć stronkę to mogłem czekać 100 lat (a do tego nie było nawet błędu time elapsed lub connection error itp).

Pogrzebałem trochę tu i ówdzie i teraz mam taką konfigurację:

http_port 8080
icp_port 3130

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 32 MB
maximum_object_size 10240 KB
cache_dir ufs /var/spool/squid 300 16 256

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

acl all src 10.10.0.0/16
acl localhost src 127.0.0.1/255.255.255.255
http_access allow all
http_access allow localhost
icp_access allow all
icp_access allow localhost

log_icp_queries off
buffered_logs on

coredump_dir /var/spool/squid

Niektóre linie to pozostałość po squid.conf.default

Po włączeniu tego konfiga jest taka sama sytuacja jak opisałem wyżej.

 

W iptables mam takie wpisy (tzn albo 1 albo 2 albo oba)

iptables -A INPUT -i $INTIF -s $INTNET -p tcp --dport 8080 -j ACCEPT

iptables -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT --to-port 8080

 

Jeśli przeglądarka ustawiona jest na połączenie bezpośrednie (bez Proxy) to stronki otwierają się normalnie - tylko że squid nie działa.

 

Chce najpierw zrobić squida nietransparentnego i jak będzie działać to zmienić go na transparentnego.

Gdzie jest błąd ?

 

Dzięki serdeczne i Pozdrawiam :D

 

 

EDIT

qrde to jakieś fatum chyba. Dlaczego ja mam problemy których nikt nie umie rozwiązać :(

W tym przypadku miałem błąd w iptables i już działa jakotako :P

Wezme se zainstaluje jakiegoś mplayera albo catalyst żeby mieć problemy takie na które są odpowiedzi :P

 

Czy może mi ktoś pokazać squid.conf dla porównania?

Odnośnik do komentarza
Udostępnij na innych stronach

#    WELCOME TO SQUID 2
#    ------------------
#



# NETWORK OPTIONS
# -----------------------------------------------------------------------------

#  TAG: http_port
#    Usage:    port
#  hostname:port
#  1.2.3.4:port

#
#    The default port number is 3128.
#
#Default:


http_port 8080



#
#Default:
# ssl_unclean_shutdown off


#
#Default:
# icp_port 3130


#Default:
# htcp_port 4827

#  TAG: mcast_groups
#Default:
# none

#  TAG: udp_incoming_address
#  TAG: udp_outgoing_address

#Default:
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255


#  TAG: icp_query_timeout    (msec)
#Default:
# icp_query_timeout 0

#  TAG: maximum_icp_query_timeout    (msec)
#Default:
# maximum_icp_query_timeout 2000

#  TAG: mcast_icp_query_timeout    (msec)

#Default:
# mcast_icp_query_timeout 2000

#  TAG: dead_peer_timeout    (seconds)
#Default:
# dead_peer_timeout 10 seconds

#  TAG: hierarchy_stoplist
#    A list of words which, if found in a URL, cause the object to
#    be handled directly by this cache.  In other words, use this
#    to not query neighbor caches for certain objects.  You may
#    list this option multiple times.
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

#  TAG: no_cache
#    A list of ACL elements which, if matched, cause the request to
#    not be satisfied from the cache and the reply to not be cached.
#    In other words, use this to force certain objects to never be cached.
#
#    You must use the word 'DENY' to indicate the ACL names which should
#    NOT be cached.
#
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#  TAG: cache_mem    (bytes)
#Default:
cache_mem 512 MB

#  TAG: cache_swap_low    (percent, 0-100)
#  TAG: cache_swap_high    (percent, 0-100)
#Default:
# cache_swap_low 90
# cache_swap_high 95

#  TAG: maximum_object_size    (bytes)
#Default:

maximum_object_size 8192 KB

#  TAG: minimum_object_size    (bytes)
#Default:

# minimum_object_size 0 KB

#  TAG: maximum_object_size_in_memory    (bytes)
#Default:

maximum_object_size_in_memory 64 KB

#  TAG: ipcache_size    (number of entries)
#  TAG: ipcache_low    (percent)
#  TAG: ipcache_high    (percent)
#    The size, low-, and high-water marks for the IP cache.
#
#Default:

ipcache_size 8192

# ipcache_low 90
# ipcache_high 95

#  TAG: fqdncache_size    (number of entries)
#    Maximum number of FQDN cache entries.
#
#Default:
# fqdncache_size 1024

#  TAG: cache_replacement_policy

#Default:
# cache_replacement_policy lru

#  TAG: memory_replacement_policy
#Default:
# memory_replacement_policy lru


# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

#  TAG: cache_dir
#    Usage:

#Default:


cache_dir ufs /var/spool/squid 40960 16 256


#  TAG: cache_access_log
#Default:

#cache_access_log /var/log/squid/access.log

#  TAG: cache_log
#Default:
# cache_log /var/log/squid/cache.log

#  TAG: cache_store_log
#Default:
# cache_store_log /var/log/squid/store.log

#  TAG: cache_swap_log
#Default:
# none

#  TAG: emulate_httpd_log    on|off
#Default:
# emulate_httpd_log off

#  TAG: log_ip_on_direct    on|off
#Default:
# log_ip_on_direct on

#  TAG: mime_table
#Default:
# mime_table /etc/squid/mime.conf

#  TAG: log_mime_hdrs    on|off
#Default:
# log_mime_hdrs off

#  TAG: useragent_log
#Default:
# none

#  TAG: referer_log
#Default:
# none

#  TAG: pid_filename
#Default:
# pid_filename /var/run/squid.pid

#  TAG: debug_options
#Default:
# debug_options ALL,1

#  TAG: log_fqdn    on|off
#Default:
# log_fqdn off

#  TAG: client_netmask
#Default:
# client_netmask 255.255.255.255


# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------

#  TAG: ftp_user
#Default:
# ftp_user Squid@

#  TAG: ftp_list_width
#Default:
# ftp_list_width 32

#  TAG: ftp_passive
#Default:
# ftp_passive on

#  TAG: ftp_sanitycheck
#Default:
# ftp_sanitycheck on

#  TAG: ftp_telnet_protocol
#Default:
# ftp_telnet_protocol on

#  TAG: cache_dns_program
#Default:
# cache_dns_program /usr/lib64/squid/dnsserver

#  TAG: dns_children
#Default:
# dns_children 5

#  TAG: dns_retransmit_interval
#Default:
# dns_retransmit_interval 5 seconds

#  TAG: dns_timeout
#Default:
# dns_timeout 2 minutes

#  TAG: dns_defnames    on|off
#Default:
# dns_defnames off

#  TAG: dns_nameservers
#Default:
# none

#  TAG: hosts_file
#Default:
# hosts_file /etc/hosts

#  TAG: diskd_program
#Default:
# diskd_program /usr/lib64/squid/diskd

#  TAG: unlinkd_program
#Default:
# unlinkd_program /usr/lib64/squid/unlinkd

#  TAG: pinger_program
#Default:
# pinger_program /usr/lib64/squid/pinger

#  TAG: redirect_program
#Default:
# none

#  TAG: redirect_children
#Default:
# redirect_children 5

#  TAG: redirect_rewrites_host_header
#Default:
# redirect_rewrites_host_header on

#  TAG: redirector_access
#Default:
# none

#  TAG: auth_param


#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

#  TAG: authenticate_cache_garbage_interval
#Default:
# authenticate_cache_garbage_interval 1 hour

#  TAG: authenticate_ttl
#Default:
# authenticate_ttl 1 hour

#  TAG: authenticate_ip_ttl
#Default:
# authenticate_ip_ttl 0 seconds

#  TAG: external_acl_type
#Default:
# none


# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

#  TAG: wais_relay_host
#  TAG: wais_relay_port
#    Relay WAIS request to host (1st arg) at port (2 arg).
#
#Default:
# wais_relay_port 0

#  TAG: request_header_max_size    (KB)
#Default:
# request_header_max_size 10 KB

#  TAG: request_body_max_size    (KB)
#Default:
# request_body_max_size 0 KB

#  TAG: refresh_pattern

#Suggested default:
refresh_pattern ^ftp:  1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .  0    20%    4320

#  TAG: quick_abort_min    (KB)
#  TAG: quick_abort_max    (KB)
#  TAG: quick_abort_pct    (percent)

#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95

#  TAG: negative_ttl    time-units

#Default:
# negative_ttl 5 minutes

#  TAG: positive_dns_ttl    time-units

#Default:
# positive_dns_ttl 6 hours

#  TAG: negative_dns_ttl    time-units

#Default:
# negative_dns_ttl 1 minute

#  TAG: range_offset_limit    (bytes)

#Default:
# range_offset_limit 0 KB


# TIMEOUTS
# -----------------------------------------------------------------------------

#  TAG: forward_timeout    time-units

#Default:
# forward_timeout 4 minutes

#  TAG: connect_timeout    time-units

#Default:
# connect_timeout 1 minute

#  TAG: peer_connect_timeout    time-units

#Default:
# peer_connect_timeout 30 seconds

#  TAG: read_timeout    time-units

#Default:
# read_timeout 15 minutes

#  TAG: request_timeout

#Default:
# request_timeout 5 minutes

#  TAG: persistent_request_timeout

#Default:
# persistent_request_timeout 1 minute

#  TAG: client_lifetime    time-units
#Default:
# client_lifetime 1 day

#  TAG: half_closed_clients
#Default:
# half_closed_clients on

#  TAG: pconn_timeout
#Default:
# pconn_timeout 120 seconds

#  TAG: ident_timeout
#Default:
# ident_timeout 10 seconds

#  TAG: shutdown_lifetime    time-units
#Default:
# shutdown_lifetime 30 seconds


# ACCESS CONTROLS
# -----------------------------------------------------------------------------

#  TAG: acl

#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563    # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl CONNECT method CONNECT

#  TAG: http_access
#    Allowing or Denying access based on defined access lists
#
#    Access to the HTTP port:
#    http_access allow|deny [!]aclname ...
#
#    NOTE on default values:
#
#    If there are no "access" lines present, the default is to deny
#    the request.
#
#    If none of the "access" lines cause a match, the default is the
#    opposite of the last line in the list.  If the last line was
#    deny, the default is allow.  Conversely, if the last line
#    is allow, the default will be deny.  For these reasons, it is a
#    good idea to have an "deny all" or "allow all" entry at the end
#    of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost 
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed

acl porn url_regex "/etc/squid/porn"

#acl group_http_deny_exe_extensions url_regex -i exe$ rar$ mp3$ avi$ mpg$ mpeg$ wma$ wmv$ vba$ class$ jar$

acl our_networks src 192.168.0.0/24 #192.168.2.0/24

acl time_acl time M T W H F 7:30-15:30

deny_info ERR_PORN_DENIED porn

http_access deny porn

deny_info ERR_PLIK_DENIED group_http_deny_exe_extensions

#http_access deny our_networks group_http_deny_exe_extensions

http_access allow our_networks  time_acl

# And finally deny all other access to this proxy

http_access allow localhost 

http_access deny all

#  TAG: http_reply_access
#Default:
# http_reply_access allow all
#
#Recommended minimum configuration:
#
# Insert your own rules here.
#
#
# and finally allow by default
http_reply_access allow all

#  TAG: icp_access
#Default:
# icp_access deny all
#
#Allow ICP queries from everyone
icp_access allow all

#  TAG: miss_access
#Default setting:
# miss_access allow all

#  TAG: cache_peer_access
#Default:
# none

#  TAG: ident_lookup_access

#Default:
# ident_lookup_access deny all

#  TAG: tcp_outgoing_tos

#Default:
# none

#  TAG: tcp_outgoing_address

#Default:
# none

#  TAG: reply_body_max_size    bytes allow|deny acl acl...

#Default:
# reply_body_max_size 0 allow all


# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

#  TAG: cache_mgr
#    Email-address of local cache manager who will receive
#    mail if the cache dies.  The default is "root".
#cache_mgr root
#
#Default:
# cache_mgr root

#  TAG: cache_effective_user

#Default:
# cache_effective_user squid

#  TAG: cache_effective_group

# cache_effective_group squid

#  TAG: visible_hostname

#Default:
# none

visible_hostname TWOJA NAZWA HOSTA

#  TAG: unique_hostname
#Default:
# none

#  TAG: hostname_aliases
#Default:
# none




#  TAG: announce_period

#Default:
# announce_period 0
#
#To enable announcing your cache, just uncomment the line below.
#announce_period 1 day

#  TAG: announce_host
#  TAG: announce_file
#  TAG: announce_port
#    announce_host and announce_port set the hostname and port
#    number where the registration message will be sent.
#
#    Hostname will default to 'tracker.ircache.net' and port will
#    default default to 3131.  If the 'filename' argument is given,
#    the contents of that file will be included in the announce
#    message.
#
#Default:
# announce_host tracker.ircache.net
# announce_port 3131


# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------

#  TAG: httpd_accel_host
#  TAG: httpd_accel_port

#Default:
httpd_accel_host virtual
httpd_accel_port 80

#  TAG: httpd_accel_single_host    on|off

#Default:
# httpd_accel_single_host off

#  TAG: httpd_accel_with_proxy    on|off

#Default:

httpd_accel_with_proxy on

#  TAG: httpd_accel_uses_host_header    on|off

#Default:

httpd_accel_uses_host_header on


# MISCELLANEOUS
# -----------------------------------------------------------------------------

#  TAG: dns_testnames

#Default:
# dns_testnames netscape.com internic.net nlanr.net microsoft.com

#  TAG: logfile_rotate
#    Specifies the number of logfile rotations to make when you
#    type 'squid -k rotate'.  The default is 10, which will rotate
#    with extensions 0 through 9.  Setting logfile_rotate to 0 will
#    disable the rotation, but the logfiles are still closed and
#    re-opened.  This will enable you to rename the logfiles
#    yourself just before sending the rotate signal.
#
#    Note, the 'squid -k rotate' command normally sends a USR1
#    signal to the running squid process.  In certain situations
#    (e.g. on Linux with Async I/O), USR1 is used for other
#    purposes, so -k rotate uses another signal.  It is best to get
#    in the habit of using 'squid -k rotate' instead of 'kill -USR1
#    <pid>'.
#    
#logfile_rotate 0
#
#Default:
# logfile_rotate 0

#  TAG: append_domain

#Example:
# append_domain .yourdomain.com
#
#Default:
# none

#  TAG: tcp_recv_bufsize    (bytes)

#Default:
# tcp_recv_bufsize 0 bytes

#  TAG: err_html_text

#Default:
# none

#  TAG: deny_info

#Default:
# none

#  TAG: memory_pools    on|off

#Default:
# memory_pools on

#  TAG: memory_pools_limit    (bytes)

#Default:
# none

#  TAG: forwarded_for    on|off
#    If set, Squid will include your system's IP address or name
#    in the HTTP requests it forwards.  By default it looks like
#    this:
#
#  X-Forwarded-For: 192.1.2.3
#
#    If you disable this, it will appear as
#
#  X-Forwarded-For: unknown
#
#Default:
# forwarded_for on

#  TAG: log_icp_queries    on|off

#Default:
# log_icp_queries on

#  TAG: icp_hit_stale    on|off

#Default:
# icp_hit_stale off

#  TAG: minimum_direct_hops
#    If using the ICMP pinging stuff, do direct fetches for sites
#    which are no more than this many hops away.
#
#Default:
# minimum_direct_hops 4

#  TAG: minimum_direct_rtt
#    If using the ICMP pinging stuff, do direct fetches for sites
#    which are no more than this many rtt milliseconds away.
#
#Default:
# minimum_direct_rtt 400

#  TAG: cachemgr_passwd

#Default:
# none

#  TAG: store_avg_object_size    (kbytes)
#    Average object size, used to estimate number of objects your
#    cache can hold.  See doc/Release-Notes-1.1.txt.  The default is
#    13 KB.
#
#Default:
# store_avg_object_size 13 KB

#  TAG: store_objects_per_bucket

#Default:
# store_objects_per_bucket 20

#  TAG: client_db    on|off
#    If you want to disable collecting per-client statistics,
#    turn off client_db here.
#
#Default:
# client_db on

#  TAG: netdb_low
#  TAG: netdb_high

#Default:
# netdb_low 900
# netdb_high 1000

#  TAG: netdb_ping_period

#Default:
# netdb_ping_period 5 minutes

#  TAG: query_icmp    on|off

#Default:
# query_icmp off

#  TAG: test_reachability    on|off
#    When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH
#    instead of ICP_MISS if the target host is NOT in the ICMP
#    database, or has a zero RTT.
#
#Default:
# test_reachability off

#  TAG: buffered_logs    on|off

#Default:
# buffered_logs off

#  TAG: reload_into_ims    on|off

#Default:
# reload_into_ims off

#  TAG: always_direct

#Default:
# none

#  TAG: never_direct

#Default:
# none

#  TAG: header_access

#Default:
# none

#  TAG: header_replace

#Default:
# none

#  TAG: icon_directory
#    Where the icons are stored. These are normally kept in
#    /usr/share/squid/icons
#
#Default:
# icon_directory /usr/share/squid/icons

#  TAG: short_icon_urls
#    If this is enabled Squid will use short URLs for icons.
#
#    If off the URLs for icons will always be absolute URLs
#    including the proxy name and port.
#
#Default:
# short_icon_urls off

#  TAG: error_directory
#    Directory where the error files are read from.
#    /usr/lib/squid/errors contains sets of error files
#    in different languages. The default error directory
#    is /etc/squid/errors, which is a link to one of these
#    error sets.
#
#    If you wish to create your own versions of the error files,
#    either to customize them to suit your language or company,
#    copy the template English files to another
#    directory and point this tag at them.
#    
#error_directory /etc/squid/errors
#
#Default:
# error_directory /etc/squid/errors

#  TAG: maximum_single_addr_tries

#Default:
# maximum_single_addr_tries 1

#  TAG: snmp_port

#Default:
# snmp_port 0

#  TAG: snmp_access

#Default:
# snmp_access deny all

#  TAG: snmp_incoming_address
#  TAG: snmp_outgoing_address

#Default:
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255

#  TAG: as_whois_server
#    WHOIS server to query for AS numbers.  NOTE: AS numbers are
#    queried only when Squid starts up, not for every request.
#
#Default:
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

#  TAG: wccp_router
#    Use this option to define your WCCP ``home'' router for
#    Squid.   Setting the 'wccp_router' to 0.0.0.0 (the default)
#    disables WCCP.
#
#Default:
# wccp_router 0.0.0.0

#  TAG: wccp_version
#    According to some users, Cisco IOS 11.2 only supports WCCP
#    version 3.  If you're using that version of IOS, change
#    this value to 3.
#
#Default:
# wccp_version 4

#  TAG: wccp_incoming_address
#  TAG: wccp_outgoing_address

#Default:
# wccp_incoming_address 0.0.0.0
# wccp_outgoing_address 255.255.255.255


# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------

#  TAG: delay_pools

#Default:
# delay_pools 0

#  TAG: delay_class

#Example:
# delay_pools 2      # 2 delay pools
# delay_class 1 2    # pool 1 is a class 2 pool
# delay_class 2 3    # pool 2 is a class 3 pool
#
#    The delay pool classes are:
#
#  class 1  Everything is limited by a single aggregate
#    bucket.
#
#  class 2  Everything is limited by a single aggregate
#    bucket as well as an "individual" bucket chosen
#    from bits 25 through 32 of the IP address.
#
#  class 3  Everything is limited by a single aggregate
#    bucket as well as a "network" bucket chosen
#    from bits 17 through 24 of the IP address and a
#    "individual" bucket chosen from bits 17 through
#    32 of the IP address.
#
#    NOTE: If an IP address is a.b.c.d
#  -> bits 25 through 32 are "d"
#  -> bits 17 through 24 are "c"
#  -> bits 17 through 32 are "c * 256 + d"
#
#Default:
# none

#  TAG: delay_access

#Example:
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
#
#Default:
# none

#  TAG: delay_parameters

#delay_parameters pool aggregate
#
#    For a class 2 delay pool:
#
#delay_parameters pool aggregate individual
#
#    For a class 3 delay pool:
#
#delay_parameters pool aggregate network individual
#
#    The variables here are:
#
#  pool  a pool number - ie, a number between 1 and the
#    number specified in delay_pools as used in
#    delay_class lines.
#
#  aggregate    the "delay parameters" for the aggregate bucket
#    (class 1, 2, 3).
#
#  individual    the "delay parameters" for the individual
#    buckets (class 2, 3).
#
#  network  the "delay parameters" for the network buckets
#    (class 3).
#
#    A pair of delay parameters is written restore/maximum, where restore is
#    the number of bytes (not bits - modem and network speeds are usually
#    quoted in bits) per second placed into the bucket, and maximum is the
#    maximum number of bytes which can be in the bucket at any time.
#
#    For example, if delay pool number 1 is a class 2 delay pool as in the
#    above example, and is being used to strictly limit each host to 64kbps
#    (plus overheads), with no overall limit, the line is:
#
#delay_parameters 1 -1/-1 8000/8000

#delay_parameters 2 32000/32000 8000/8000 600/8000
#
#    There must be one delay_parameters line for each delay pool.
#
#Default:
# none

#  TAG: delay_initial_bucket_level    (percent, 0-100)

#Default:
# delay_initial_bucket_level 50

#  TAG: incoming_icp_average
#  TAG: incoming_http_average
#  TAG: incoming_dns_average
#  TAG: min_icp_poll_cnt
#  TAG: min_dns_poll_cnt
#  TAG: min_http_poll_cnt
#    Heavy voodoo here.  I can't even believe you are reading this.
#    Are you crazy?  Don't even think about adjusting these unless
#    you understand the algorithms in comm_select.c first!
#
#Default:
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8

#  TAG: max_open_disk_fds
#    To avoid having disk as the I/O bottleneck Squid can optionally
#    bypass the on-disk cache if more than this amount of disk file
#    descriptors are open.
#
#    A value of 0 indicates no limit.
#
#Default:
# max_open_disk_fds 0

#  TAG: offline_mode
#    Enable this option and Squid will never try to validate cached
#    objects.
#
#Default:
# offline_mode off

#  TAG: uri_whitespace

#Default:
# uri_whitespace strip

#  TAG: broken_posts

#Example:
# acl buggy_server url_regex ^http://....
# broken_posts allow buggy_server
#
#Default:
# none

#  TAG: mcast_miss_addr

#Default:
# mcast_miss_addr 255.255.255.255

#  TAG: mcast_miss_ttl
# Note: This option is only available if Squid is rebuilt with the
#       -DMULTICAST_MISS_TTL option
#
#    This is the time-to-live value for packets multicasted
#    when multicasting off cache miss URLs is enabled.  By
#    default this is set to 'site scope', i.e. 16.
#
#Default:
# mcast_miss_ttl 16

#  TAG: mcast_miss_port
# Note: This option is only available if Squid is rebuilt with the
#       -DMULTICAST_MISS_STREAM option
#
#    This is the port number to be used in conjunction with
#    'mcast_miss_addr'.
#
#Default:
# mcast_miss_port 3135

#  TAG: mcast_miss_encode_key
# Note: This option is only available if Squid is rebuilt with the
#       -DMULTICAST_MISS_STREAM option
#
#    The URLs that are sent in the multicast miss stream are
#    encrypted.  This is the encryption key.
#
#Default:
# mcast_miss_encode_key XXXXXXXXXXXXXXXX

#  TAG: nonhierarchical_direct

#Default:
# nonhierarchical_direct on

#  TAG: prefer_direct

#Default:
# prefer_direct off

#  TAG: strip_query_terms
#    By default, Squid strips query terms from requested URLs before
#    logging.  This protects your user's privacy.
#
#Default:
# strip_query_terms on

#  TAG: coredump_dir

#Default:
# coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#  TAG: redirector_bypass

#Default:
# redirector_bypass off

#  TAG: ignore_unknown_nameservers

#Default:
# ignore_unknown_nameservers on

#  TAG: digest_generation

#Default:
# digest_generation on

#  TAG: digest_bits_per_entry
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#
#    This is the number of bits of the server's Cache Digest which
#    will be associated with the Digest entry for a given HTTP
#    Method and URL (public key) combination.  The default is 5.
#
#Default:
# digest_bits_per_entry 5

#  TAG: digest_rebuild_period    (seconds)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#
#    This is the number of seconds between Cache Digest rebuilds.
#
#Default:
# digest_rebuild_period 1 hour

#  TAG: digest_rewrite_period    (seconds)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#
#    This is the number of seconds between Cache Digest writes to
#    disk.
#
#Default:
# digest_rewrite_period 1 hour

#  TAG: digest_swapout_chunk_size    (bytes)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#
#    This is the number of bytes of the Cache Digest to write to
#    disk at a time.  It defaults to 4096 bytes (4KB), the Squid
#    default swap page.
#
#Default:
# digest_swapout_chunk_size 4096 bytes

#  TAG: digest_rebuild_chunk_percentage    (percent, 0-100)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#
#    This is the percentage of the Cache Digest to be scanned at a
#    time.  By default it is set to 10% of the Cache Digest.
#
#Default:
# digest_rebuild_chunk_percentage 10

#  TAG: chroot
#    Use this to have Squid do a chroot() while initializing.  This
#    also causes Squid to fully drop root privileges after
#    initializing.  This means, for example, that if you use a HTTP
#    port less than 1024 and try to reconfigure, you will get an
#    error.
#
#Default:
# none

#  TAG: client_persistent_connections
#  TAG: server_persistent_connections

#Default:
# client_persistent_connections on
# server_persistent_connections on

#  TAG: detect_broken_pconn

#Default:
# detect_broken_pconn off

#  TAG: balance_on_multiple_ip

#Default:
# balance_on_multiple_ip on

#  TAG: pipeline_prefetch

#Default:
# pipeline_prefetch off

#  TAG: extension_methods
#    Squid only knows about standardized HTTP request methods.
#    You can add up to 20 additional "extension" methods here.
#
#Default:
# none

#  TAG: request_entities

#Default:
# request_entities off

#  TAG: high_response_time_warning    (msec)

#Default:
# high_response_time_warning 0

#  TAG: high_page_fault_warning

#Default:
# high_page_fault_warning 0

#  TAG: high_memory_warning

#Default:
# high_memory_warning 0

#  TAG: store_dir_select_algorithm
#    Set this to 'round-robin' as an alternative.
#
#Default:
# store_dir_select_algorithm least-load

#  TAG: forward_log
# Note: This option is only available if Squid is rebuilt with the
#       -DWIP_FWD_LOG option
#
#    Logs the server-side requests.
#
#    This is currently work in progress.
#
#Default:
# none

#  TAG: ie_refresh    on|off

#Default:
# ie_refresh off

#  TAG: vary_ignore_expire    on|off

#Default:
# vary_ignore_expire off

#  TAG: sleep_after_fork    (microseconds)

#Default:
# sleep_after_fork 0

 

# Tutaj pokazuje jak zrobic przekierowanie portow na tym samym komputerze.
    # do tego musisz sobie jeszcze odhasowac usluge proxy!
    $IPTABLES -t nat -A PREROUTING -s $INTNET -p tcp -d ! $INTNET --dport 80  -j DNAT --to-destination $INTIP:8080

# Akceptujemy pakiety NEW na naszym porcie 8080(proxy).
    $IPTABLES -A INPUT -i $INTDEV -p tcp --sport 1024: --dport 8080 -m state --state NEW -j ACCEPT

 

Opis reguł iptables w moich wcześniejszych postach

 

 

p.s Zeby nie było, że nikt nie pomógł :)

Odnośnik do komentarza
Udostępnij na innych stronach

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
×
×
  • Dodaj nową pozycję...