This is an old revision of the document!
[server:~] # cat /etc/pf.conf rdr on le0 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128
[server:~] # tail -f /var/squid/logs/access.log
Сервис NAT eth0 - интерфейс в сети 192.168.X/24
root@server:~# cat /etc/sysctl.conf ... net.ipv4.ip_forward = 1 ... root@server:~# sysctl -f root@server:~# iptables -t nat -F PREROUTING root@server:~# iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/24 --dport 80 -j REDIRECT --to-port 3128
root:~# tail -f /var/log/squid/access.log
Использование списков доступа Policy Routing
# cat squid.conf ... wccp_router 192.168.X.1 ...
root@server:~# modprobe ip_gre root@server:~# ip tunnel add wccp0 mode gre remote 192.168.X.1 local 192.168.X.10 dev eth0 root@server:~# ip tunnel show root@server:~# ifconfig wccp0 up root@server:~# sysctl net.ipv4.conf.all.rp_filter=0 root@server:~# sysctl net.ipv4.conf.eth0.rp_filter=0 root@server:~# sysctl net.ipv4.conf.wccp0.rp_filter=0
root@server:~# iptables -t nat -F root@server:~# iptables -t nat -A PREROUTING -i wccp0 -p tcp -s 192.168.X.0/24 --dport 80 -j DNAT --to-destination 192.168.X.10:3128
root@server:~# iptables -t nat -vL root@server:~# tail -f /var/log/squid/access.log
[server:~] # ifconfig gre0 create [server:~] # ifconfig gre0 link1 tunnel 192.168.X.10 192.168.X.1 up или [server:~] # cat /etc/rc.conf … cloned_interfaces="gre0" ifconfig_gre0="ifconfig gre0 link1 tunnel 192.168.X.10 192.168.X.1 up" link1 - тип туннеля (man 4 gre)
[server:~] # cat /etc/pf.conf rdr on gre0 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128
[server:~] # pfctl -vs nat rdr on gre0 inet proto tcp from 192.168.X.0/24 to any port = http -> 127.0.0.1 port 3128 [ Evaluations: 134 Packets: 28 Bytes: 10429 States: 2 ] [server:~] # tail -f /usr/local/squid/logs/access.log
ip wccp version 1 ip wccp web-cache redirect-list ACL_REDIRECT_HTTP interface FastEthernet1/0 no ip policy route-map RM_REDIRECT_HTTP ip wccp web-cache redirect in router#show ip wccp web-cache view WCCP Routers Informed of: -none- WCCP Cache Engines Visible: 192.168.X.10 WCCP Cache Engines NOT Visible: -none-
Остановка прокси не должна сказываться на работе пользователей