Table of Contents

Организация transparent proxy

Использование policy routing

Настройка SQUID

FreeBSD

Настройка PF

Сервис NAT

[server:~] # cat /etc/pf.conf
rdr on em1 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128

Проверка

[server:~] # tail -f /var/log/squid/access.log

Ubuntu

Настройка iptables

Сервис NAT

root@server:~# iptables -t nat -F PREROUTING

root@server:~# iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.X.0/24 --dport 80 -j REDIRECT --to-port 3128

Проверка

root:~# tail -f /var/log/squid3/access.log

Использование Policy Routing

Использование wccp

Настройка прокси сервера

# cat squid.conf
...
wccp_router 192.168.X.1
...

Настройка Ubuntu

http://opennet.ru/base/cisco/cisco_wccp_squid.txt.html

Настройка туннеля

root@server:~# cat /etc/sysctl.conf
...
net.ipv4.ip_forward=1

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.eth0.rp_filter=0
net.ipv4.conf.eth1.rp_filter=0
net.ipv4.conf.wccp0.rp_filter=0
...
root@server:~# modprobe ip_gre

root@server:~# ip tunnel add wccp0 mode gre remote 192.168.X.1 local 192.168.X.10 dev eth1

root@server:~# ip tunnel show

root@server:~# ifconfig wccp0 up

root@server:~# sysctl -f

Настройка iptables

root@server:~# iptables -t nat -F
root@server:~# iptables -t nat -A PREROUTING -i wccp0 -p tcp -s 192.168.X.0/24 --dport 80 -j DNAT --to-destination 192.168.X.10:3128

Проверка

root@server:~# iptables -t nat -vL

root@server:~# tail -f /var/log/squid3/access.log

Настройка FreeBSD

Настройка туннеля

[server:~] # ifconfig gre0 create

[server:~] # ifconfig gre0 link1 tunnel 192.168.X.10 192.168.X.1 up

link1 - тип туннеля (man 4 gre)

Настройка pf

[server:~] # cat /etc/pf.conf
rdr on gre0 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128

Проверка

[server:~] # pfctl -vs nat
rdr on gre0 inet proto tcp from 192.168.X.0/24 to any port = http -> 127.0.0.1 port 3128
  [ Evaluations: 134       Packets: 28        Bytes: 10429       States: 2     ]

[server:~] # tail -f /var/squid/logs/access.log

Настройка cisco router

ip wccp version 1
ip wccp web-cache redirect-list ACL_REDIRECT_HTTP

interface FastEthernet1/0
 no ip policy route-map RM_REDIRECT_HTTP
 ip wccp web-cache redirect in

router#show ip wccp web-cache view 
    WCCP Routers Informed of:
        -none-

    WCCP Cache Engines Visible:
        192.168.X.10

    WCCP Cache Engines NOT Visible:
        -none-

Остановка прокси не должна сказываться на работе пользователей