User Tools
организация_transparent_proxy
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
организация_transparent_proxy [2012/03/15 14:27] val |
организация_transparent_proxy [2015/04/29 14:23] (current) val [FreeBSD] |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| * Установка, настройка минимальной конфигурации, инициализация кэша и запуск пакета squid ([[Установка, настройка и запуск пакета SQUID]]) | * Установка, настройка минимальной конфигурации, инициализация кэша и запуск пакета squid ([[Установка, настройка и запуск пакета SQUID]]) | ||
| - | * Настройка squid на режим "прозрачного" (transparent) http proxy ([[Автоматизация использования SQUID]]) | + | * Настройка squid на режим "прозрачного" http proxy ([[Автоматизация использования SQUID#Transparent proxy]]) |
| ==== FreeBSD ==== | ==== FreeBSD ==== | ||
| Line 20: | Line 20: | ||
| === Проверка === | === Проверка === | ||
| <code> | <code> | ||
| - | [server:~] # tail -f /var/squid/logs/access.log | + | [server:~] # tail -f /var/log/squid/access.log |
| </code> | </code> | ||
| Line 26: | Line 26: | ||
| === Настройка iptables ==== | === Настройка iptables ==== | ||
| + | |||
| [[Сервис NAT]] | [[Сервис NAT]] | ||
| - | eth0 - интерфейс в сети 192.168.X/24 | + | |
| <code> | <code> | ||
| - | root@server:~# cat /etc/sysctl.conf | ||
| - | ... | ||
| - | net.ipv4.ip_forward = 1 | ||
| - | ... | ||
| - | |||
| - | root@server:~# sysctl -f | ||
| - | |||
| root@server:~# iptables -t nat -F PREROUTING | root@server:~# iptables -t nat -F PREROUTING | ||
| Line 43: | Line 37: | ||
| === Проверка === | === Проверка === | ||
| <code> | <code> | ||
| - | root:~# tail -f /var/log/squid/access.log | + | root:~# tail -f /var/log/squid3/access.log |
| </code> | </code> | ||
| - | ==== Настройка cisco router ==== | + | ===== Использование Policy Routing ===== |
| - | [[Использование списков доступа]] Policy Routing | + | * Использование списков доступа [[Использование списков доступа#для управления политиками маршрутизации]] |
| ===== Использование wccp ===== | ===== Использование wccp ===== | ||
| Line 55: | Line 49: | ||
| <code> | <code> | ||
| # cat squid.conf | # cat squid.conf | ||
| + | </code><code> | ||
| ... | ... | ||
| wccp_router 192.168.X.1 | wccp_router 192.168.X.1 | ||
| Line 66: | Line 61: | ||
| === Настройка туннеля === | === Настройка туннеля === | ||
| <code> | <code> | ||
| + | root@server:~# cat /etc/sysctl.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | net.ipv4.ip_forward=1 | ||
| + | |||
| + | net.ipv4.conf.all.rp_filter=0 | ||
| + | net.ipv4.conf.eth0.rp_filter=0 | ||
| + | net.ipv4.conf.eth1.rp_filter=0 | ||
| + | net.ipv4.conf.wccp0.rp_filter=0 | ||
| + | ... | ||
| + | </code><code> | ||
| root@server:~# modprobe ip_gre | root@server:~# modprobe ip_gre | ||
| - | root@server:~# ip tunnel add wccp0 mode gre remote 192.168.X.1 local 192.168.X.10 dev eth0 | + | root@server:~# ip tunnel add wccp0 mode gre remote 192.168.X.1 local 192.168.X.10 dev eth1 |
| root@server:~# ip tunnel show | root@server:~# ip tunnel show | ||
| Line 74: | Line 80: | ||
| root@server:~# ifconfig wccp0 up | root@server:~# ifconfig wccp0 up | ||
| - | root@server:~# sysctl net.ipv4.conf.all.rp_filter=0 | + | root@server:~# sysctl -f |
| - | root@server:~# sysctl net.ipv4.conf.eth0.rp_filter=0 | + | |
| - | root@server:~# sysctl net.ipv4.conf.wccp0.rp_filter=0 | + | |
| </code> | </code> | ||
| Line 89: | Line 93: | ||
| root@server:~# iptables -t nat -vL | root@server:~# iptables -t nat -vL | ||
| - | root@server:~# tail -f /var/log/squid/access.log | + | root@server:~# tail -f /var/log/squid3/access.log |
| </code> | </code> | ||
| Line 97: | Line 101: | ||
| <code> | <code> | ||
| [server:~] # ifconfig gre0 create | [server:~] # ifconfig gre0 create | ||
| + | |||
| [server:~] # ifconfig gre0 link1 tunnel 192.168.X.10 192.168.X.1 up | [server:~] # ifconfig gre0 link1 tunnel 192.168.X.10 192.168.X.1 up | ||
| Line 104: | Line 109: | ||
| === Настройка pf === | === Настройка pf === | ||
| <code> | <code> | ||
| - | [server:~] # cat /etc/pf.conf | + | [server:~] # cat /etc/pf.conf |
| + | </code><code> | ||
| rdr on gre0 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 | rdr on gre0 proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 | ||
| </code> | </code> | ||
организация_transparent_proxy.1331807251.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
