Това , се казва transperant .. прозрачно прокси начина е .
iptables -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.1.1:8081
iptables -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8081
Eth1 приемаме че ти е вътрешната мрежа , а порт 80 за интернета промерно
to destination ipta-to локалната картата: и порта на който ти работи проксито, еи ти и един примерен мой конф.
А ако се чудиш какво е това cache_peer 127.0.0.1 parent 8083 0 no-query no-digest no-netdb-exchange default - Всъщност проверява всяка конкеция кам нета дали има вируси ,
готино е
А ако искаш може да набуташ юсер и пароли
при влизане да му иска юсер и пасс + това да ги сложиш в dhcp serara - да раздава , ип според мак адреса > за да си сигорен че никой друг няма да влиза свен този мак адрес. Не че е трудно да се смени мака-а
ама предполагам не всички са наясно
.
root@greenbox:~# cd /etc/squid/
root@greenbox:~# vi /etc/iptables.up.rules
root@greenbox:~# cat /etc/squid/squid.conf
#ache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer 127.0.0.1 parent 8083 0 no-query no-digest no-netdb-exchange default
http_port 172.16.1.1:8081 transparent
#http_port 8081
icp_port 3130
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl internal_network src 172.16.1.0/24
#cgi-bins will not be cached.
acl QUERY urlpath_regex cgi-bin \?Y
#Memory the Squid will use. Well, Squid will use far more than that.
cache_mem 32 MB
#250 means that Squid will use 250 megabytes of disk space.
cache_dir ufs /cache 512 32 512
#error_directory /usr/lib/squid/errors/Bulgarian
#error_directory /var/www/Bulgarian
####################
#snmp_port 3401
##...
#snmp_access allow snmppublic localhost
#snmp_access deny all
#...
#acl snmppublic snmp_community public
#########
#Places where Squid's logs will go to.
error_directory /var/log/squid/error.log
cache_log /var/log/squid/cache.log
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log
#tcp_outgoing_address 192.168.0.2
#How many times to rotate the logs before deleting them.
#See the FAQ for more info.
logfile_rotate 10
redirect_rewrites_host_header on
cache_replacement_policy GDSF
acl localnet src 172.16.1.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
# File TYPES ##############################################################################################################
#acl bad_url dstdomain "/etc/squid/bad-sites.squid"
#http_access deny bad_url
acl SKYPE url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl CONNECT method CONNECT
http_access deny CONNECT SKYPE
acl my_ip src 192.168.1.17
acl my_ip src 192.168.1.93
http_access allow my_ip
#acl filetypes urlpath_regex -i \.torrent
#acl filetypes urlpath_regex -i \.dat
acl filetypes urlpath_regex -i \.iso
#acl filetypes urlpath_regex -i \.avi
#acl filetypes urlpath_regex -i \.mpeg
#acl filetypes urlpath_regex -i \.mpg
#acl filetypes urlpath_regex -i \.asf
#acl filetypes urlpath_regex -i \.vcd
#acl filetypes urlpath_regex -i \.cif
#acl filetypes urlpath_regex -i \.c2d
#acl filetypes urlpath_regex -i \.bin
#acl filetypes urlpath_regex -i \.mp2
#acl filetypes urlpath_regex -i \.mp3
#acl filetypes urlpath_regex -i \game
#acl filetypes urlpath_regex -i \film
#acl filetypes urlpath_regex -i \.mov
#acl filetypes urlpath_regex -i \.r0
#acl filetypes urlpath_regex -i \.r1
#acl filetypes urlpath_regex -i \.r2
#acl filetypes urlpath_regex -i \.r3
#acl filetypes urlpath_regex -i \.r4
#acl filetypes urlpath_regex -i \.r5
#acl filetypes urlpath_regex -i \.r6
#acl filetypes urlpath_regex -i \.r7
#acl filetypes urlpath_regex -i \.r8
#acl filetypes urlpath_regex -i \.r9
#acl filetypes urlpath_regex -i \.a0
#acl filetypes urlpath_regex -i \.a1
#acl filetypes urlpath_regex -i \.a2
#acl filetypes urlpath_regex -i \.a3
#acl filetypes urlpath_regex -i \.a4
#acl filetypes urlpath_regex -i \.a5
#acl filetypes urlpath_regex -i \.a6
#acl filetypes urlpath_regex -i \.a7
#acl filetypes urlpath_regex -i \.a8
#acl filetypes urlpath_regex -i \.a9
#acl filetypes urlpath_regex -i \.c0
#acl filetypes urlpath_regex -i \.c1
#acl filetypes urlpath_regex -i \.c2
#acl filetypes urlpath_regex -i \.c3
#acl filetypes urlpath_regex -i \.c4
#acl filetypes urlpath_regex -i \.c5
#acl filetypes urlpath_regex -i \.c6
#acl filetypes urlpath_regex -i \.c7
#acl filetypes urlpath_regex -i \.c8
#acl filetypes urlpath_regex -i \.c9
#acl filetypes urlpath_regex -i \.z0
#acl filetypes urlpath_regex -i \.z1
#acl filetypes urlpath_regex -i \.z2
#acl filetypes urlpath_regex -i \.z3
#acl filetypes urlpath_regex -i \.z4
#acl filetypes urlpath_regex -i \.z5
#acl filetypes urlpath_regex -i \.z6
#acl filetypes urlpath_regex -i \.z7
#acl filetypes urlpath_regex -i \.z8
#acl filetypes urlpath_regex -i \.z9
#acl filetypes urlpath_regex -i \.dll
#acl filetypes urlpath_regex -i \.pcx
#acl filetypes urlpath_regex -i \.exe
#acl filetypes urlpath_regex -i \.zip
#acl filetypes urlpath_regex -i \.dmp
acl filetypes urlpath_regex -i \.ccf
#acl filetypes urlpath_regex -i \.rar
#acl filetypes urlpath_regex -i \.ace
#acl filetypes urlpath_regex -i \.z
#acl filetypes urlpath_regex -i \.gz
#acl filetypes urlpath_regex -i \.tgz
#acl filetypes urlpath_regex -i \.gzip
#acl filetypes urlpath_regex -i \.tga
##acl filetypes urlpath_regex -i \.png
#acl filetypes urlpath_regex -i \.tif
#acl filetypes urlpath_regex -i \.tiff
#acl filetypes urlpath_regex -i \.tar
#acl filetypes urlpath_regex -i \.arj
#acl filetypes urlpath_regex -i \.lzh
#acl filetypes urlpath_regex -i \.sit
#acl filetypes urlpath_regex -i \.hqx
#acl filetypes urlpath_regex -i \.bmp
#acl filetypes urlpath_regex -i \.cab
#acl filetypes urlpath_regex -i \.arc
#acl filetypes urlpath_regex -i \.z00
#acl filetypes urlpath_regex -i \.uue
#acl filetypes urlpath_regex -i \.xxe
#acl filetypes urlpath_regex -i \.avi
#acl filetypes urlpath_regex -i \.qt
#acl filetypes urlpath_regex -i \.pdf
#acl filetypes urlpath_regex -i \.swf
acl filetypes urlpath_regex -i \.msi
#acl filetypes urlpath_regex -i \.doc
#acl filetypes urlpath_regex -i \.xls
http_access deny filetypes
############ END FILETYPES #################################################################################################
acl time_acl time M T W H F 8:00-19:00
acl Safe_ports port 80 443
#acl Safe_ports port 25 143
acl CONNECT method CONNECT
acl GET method GET
acl all src 0.0.0.0/0.0.0.0
#http_access deny !time_acl
http_access allow localnet
http_access allow localhost
http_access deny !Safe_ports
#home access
#http_access allow home
http_access deny CONNECT
http_access deny GET
http_access deny all
maximum_object_size 200 KB
store_avg_object_size 50 KB
visible_hostname none
root@greenbox:~#
Покажи Публикации - ntrance
