squid iptables透明代理

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#

#http_access deny to_localhost
#
# And finally deny all other access to this proxy
http_access deny all

# TAG: http_reply_access

http_reply_access allow all

# TAG: icp_access

#icp_access allow all

# TAG: cache_peer_access

# ADMINISTRATIVE PARAMETERS（管理参数）
# -----------------------------------------------------------------------------

# TAG: cache_mgr
cache_mgr webmaster@localhost #管理员信箱

# TAG: cache_effective_user
cache_effective_user squid #运行squid时的用户
cache_effective_group squid #运行squid时的组

# TAG: visible_hostname
visible_hostname ProxyServer #代理服务器名称


# OPTIONS FOR THE CACHE REGISTRATION SERVICE（cache注册服务选项）
# -----------------------------------------------------------------------------


# HTTPD-ACCELERATOR OPTIONS（HTTPD加速选项）
# -----------------------------------------------------------------------------
#设定透明代理
httpd_accel_host ProxyServer #主机名
httpd_accel_port 80 #透明代理端口
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


# MISCELLANEOUS（杂项）
# -----------------------------------------------------------------------------

# TAG: logfile_rotate
logfile_rotate 4

# TAG: forwarded_for on|off
#关闭此项将在访问某些论坛时显示的IP是unknown，
#假如打开则显示的是您client的内网IP

forwarded_for off


#图标文档目录
# icon_directory /usr/local/squid/share/icons

#错误提示文档目录
# error_directory /usr/local/squid/share/errors/Simplify_Chinese

# TAG: snmp_port
# Squid can now serve statistics and status information via SNMP.
# By default it listens to port 3401 on the machine. If you don't
# wish to use SNMP, set this to "0".
#
#Default:
# snmp_port 3401

# TAG: snmp_access
# Allowing or denying access to the SNMP port.
#
# All access to the agent is denied by default.
# usage:
#
# snmp_access allow|deny [!]aclname ...
#
#Example:
# snmp_access allow snmppublic localhost
# snmp_access deny all
#
#Default:
# snmp_access deny all

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)（延时池参数）
# -----------------------------------------------------------------------------


# TAG: coredump_dir
#当squid突然挂掉的时候，或突然出现什么故障的时候，将squid在内存中的资料写到硬盘中
coredump_dir /usr/local/squid/var/cache

二、配置iptables支持透明代理
#!/bin/bash
OUT_IP="221.000.000.0"
IN_IP="192.168.0.1"
echo "1" > /proc/sys/net/ipv4/ip_forward #配置转发
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE #配置nat功能
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-ports 3128 #将任何80端口的请求都转发到suqid的3128端口上
iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to-source $OUT_IP

文章整理：西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!