Хотите сделать посильный вклад в развитие Ubuntu и русскоязычного сообщества? Помогите нам с документацией!
0 Пользователей и 1 Гость просматривают эту тему.
#Recommended minimum configuration:acl all src allacl manager proto cache_objectacl localhost src 127.0.0.1/32acl to_localhost dst 127.0.0.0/8 0.0.0.0/32acl localnet src 10.0.0.0/8 # RFC1918 possible internal networkacl localnet src 172.16.0.0/12 # RFC1918 possible internal networkacl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl localnet src 192.168.1.0/24#acl SSL_ports port 443 # httpsacl SSL_ports port 563 # snewsacl SSL_ports port 873 # rsyncacl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl Safe_ports port 631 # cupsacl Safe_ports port 873 # rsyncacl Safe_ports port 901 # SWATacl purge method PURGEacl CONNECT method CONNECT# Only allow cachemgr access from localhosthttp_access allow manager localhosthttp_access deny manager# Only allow purge requests from localhosthttp_access allow purge localhosthttp_access deny purge# Deny requests to unknown portshttp_access deny !Safe_ports# Deny CONNECT to other than SSL portshttp_access deny CONNECT !SSL_portshttp_access allow localhosticp_access allow localneticp_access deny allhttp_port 192.168.1.10:3128 transparenthierarchy_stoplist cgi-bin ?access_log /var/log/squid/access.log squid#Suggested default:refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880refresh_pattern . 0 20% 4320acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]upgrade_http0.9 deny shoutcastacl apache rep_header Server ^Apachebroken_vary_encoding allow apacheextension_methods REPORT MERGE MKACTIVITY CHECKOUThosts_file /etc/hostscoredump_dir /var/spool/squid
Вопрос адрес твоего шлюза 192.168.10.1? или другой?
А что хотелось то?
# Generated by iptables-save v1.4.8 on Mon Jan 30 14:42:40 2012*mangle:PREROUTING ACCEPT [83664:51864645]:INPUT ACCEPT [13040:2030643]:FORWARD ACCEPT [70581:49808572]:OUTPUT ACCEPT [12831:4065912]:POSTROUTING ACCEPT [83416:53875279]-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtuCOMMIT# Completed on Mon Jan 30 14:42:40 2012# Generated by iptables-save v1.4.8 on Mon Jan 30 14:42:40 2012*filter:INPUT ACCEPT [768379:128891012]:FORWARD ACCEPT [1996760:2197069786]:OUTPUT ACCEPT [1111449:1209030906]-A FORWARD -s 192.168.155.0/24 -j ACCEPTCOMMIT# Completed on Mon Jan 30 14:42:40 2012# Generated by iptables-save v1.4.8 on Mon Jan 30 14:42:40 2012*nat:PREROUTING ACCEPT [119406:7965571]:POSTROUTING ACCEPT [35848:2622775]:OUTPUT ACCEPT [36098:2647911]-A POSTROUTING -s 192.168.155.0/24 -j MASQUERADECOMMIT# Completed on Mon Jan 30 14:42:40 2012
Ни слова, о проборосе порта на прокси Во первых: пишешь в конфиге squid твоей локальный интрефейсhttp_port 192.168.155.1:3128 transparentпотом там же пропиши то что я тебе говорил про твою подсетьВо вторых: заворачиваешь трафик на прокси-A PREROUTING -s 192.168.155.0/24 -i eth1 -p tcp -m multiport --dports 80,8080 -j REDIRECT --to-ports 3128Ну и пробуешь инет.
Страница сгенерирована за 0.08 секунд. Запросов: 25.