This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
организация_transparent_proxy [2012/03/15 14:27] val |
организация_transparent_proxy [2013/02/21 09:49] val |
||
---|---|---|---|
Line 6: | Line 6: | ||
* Установка, настройка минимальной конфигурации, инициализация кэша и запуск пакета squid ([[Установка, настройка и запуск пакета SQUID]]) | * Установка, настройка минимальной конфигурации, инициализация кэша и запуск пакета squid ([[Установка, настройка и запуск пакета SQUID]]) | ||
- | * Настройка squid на режим "прозрачного" (transparent) http proxy ([[Автоматизация использования SQUID]]) | + | * Настройка squid на режим "прозрачного" http proxy ([[Автоматизация использования SQUID#Transparent proxy]]) |
==== FreeBSD ==== | ==== FreeBSD ==== | ||
Line 26: | Line 26: | ||
=== Настройка iptables ==== | === Настройка iptables ==== | ||
+ | |||
[[Сервис NAT]] | [[Сервис NAT]] | ||
- | eth0 - интерфейс в сети 192.168.X/24 | ||
- | <code> | ||
- | root@server:~# cat /etc/sysctl.conf | ||
- | </code><code> | ||
- | ... | ||
- | net.ipv4.ip_forward = 1 | ||
- | ... | ||
- | </code><code> | ||
- | root@server:~# sysctl -f | ||
+ | <code> | ||
root@server:~# iptables -t nat -F PREROUTING | root@server:~# iptables -t nat -F PREROUTING | ||
Line 44: | Line 37: | ||
=== Проверка === | === Проверка === | ||
<code> | <code> | ||
- | root:~# tail -f /var/log/squid/access.log | + | root:~# tail -f /var/log/squid3/access.log |
</code> | </code> | ||
==== Настройка cisco router ==== | ==== Настройка cisco router ==== | ||
- | [[Использование списков доступа]] Policy Routing | + | * Использование списков доступа [[Использование списков доступа#для управления политиками маршрутизации]] |
===== Использование wccp ===== | ===== Использование wccp ===== | ||
Line 56: | Line 49: | ||
<code> | <code> | ||
# cat squid.conf | # cat squid.conf | ||
+ | </code><code> | ||
... | ... | ||
wccp_router 192.168.X.1 | wccp_router 192.168.X.1 | ||
Line 67: | Line 61: | ||
=== Настройка туннеля === | === Настройка туннеля === | ||
<code> | <code> | ||
+ | root@server:~# cat /etc/sysctl.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | net.ipv4.ip_forward=1 | ||
+ | |||
+ | net.ipv4.conf.all.rp_filter=0 | ||
+ | net.ipv4.conf.eth0.rp_filter=0 | ||
+ | net.ipv4.conf.eth1.rp_filter=0 | ||
+ | net.ipv4.conf.wccp0.rp_filter=0 | ||
+ | ... | ||
+ | </code><code> | ||
root@server:~# modprobe ip_gre | root@server:~# modprobe ip_gre | ||
- | root@server:~# ip tunnel add wccp0 mode gre remote 192.168.X.1 local 192.168.X.10 dev eth0 | + | root@server:~# ip tunnel add wccp0 mode gre remote 192.168.X.1 local 192.168.X.10 dev eth1 |
root@server:~# ip tunnel show | root@server:~# ip tunnel show | ||
Line 75: | Line 80: | ||
root@server:~# ifconfig wccp0 up | root@server:~# ifconfig wccp0 up | ||
- | root@server:~# sysctl net.ipv4.conf.all.rp_filter=0 | + | root@server:~# sysctl -f |
- | root@server:~# sysctl net.ipv4.conf.eth0.rp_filter=0 | + | |
- | root@server:~# sysctl net.ipv4.conf.wccp0.rp_filter=0 | + | |
</code> | </code> | ||
Line 90: | Line 93: | ||
root@server:~# iptables -t nat -vL | root@server:~# iptables -t nat -vL | ||
- | root@server:~# tail -f /var/log/squid/access.log | + | root@server:~# tail -f /var/log/squid3/access.log |
</code> | </code> | ||
Line 98: | Line 101: | ||
<code> | <code> | ||
[server:~] # ifconfig gre0 create | [server:~] # ifconfig gre0 create | ||
+ | |||
[server:~] # ifconfig gre0 link1 tunnel 192.168.X.10 192.168.X.1 up | [server:~] # ifconfig gre0 link1 tunnel 192.168.X.10 192.168.X.1 up | ||
Line 105: | Line 109: | ||
=== Настройка pf === | === Настройка pf === | ||
<code> | <code> | ||
- | [server:~] # cat /etc/pf.conf | + | [server:~] # cat /etc/pf.conf |
+ | </code><code> | ||
rdr on gre0 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 | rdr on gre0 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 | ||
</code> | </code> |