#### INstalare squid wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE7.tar.gz tar -xzvf squid-2.5.STABLE7.tar.gz groupadd squid useradd squid -g squid -d /cache/ -m cd /locul/unde/e/dezarhivat/squid-2.5.STABLE7 ./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-delay-pools --enable-icpm --enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate --enable-removal-policies --enable-linux-netfilter --enable-ssl --enable-icmp --enable-snmp --enable-err-language=Romanian make all make install #crearea dir. de loguri mkdir /var/log/squid/ chown squid:squid /var/log/squid/ chmod 770 /var/log/squid/ chown -R squid:squid /usr/local/ #creare dir. de cache (ptr. o mai buna performanta a squid-ului este recomandat sa se faca o partitie separat ptr. cache) chown -R squid:squid /cache/ ############################################### ### Squid.conf http_port 192.168.1.1:3128 http_port 127.0.0.1:3128 icp_port 3130 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 16 MB cache_dir ufs /cache 250 16 256 cache_log /var/log/squid/cache.log cache_access_log /var/log/squid/access.log cache_store_log /var/log/squid/store.log cache_swap_log /var/log/squid/swap.log logfile_rotate 10 redirect_rewrites_host_header off #Aceste setari sunt ptr. a face un proxy transparent httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on maximum_object_size 2 MB store_avg_object_size 50 KB cache_mgr lordmax_ro@yahoo.com cache_effective_user squid cache_effective_group squid log_icp_queries off buffered_logs on # ACLuri # 192.188.1.252 este ip-ul meu acl ovidiu src 192.168.1.252/255.255.255.255 acl retea src 192.168.1.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl protocoale proto http ftp acl Safe_ports port 80 443 210 119 70 20 21 1025-65535 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 acl fisiere url_regex .exe acl blacklist url_regex -i "/home/blacklist.txt" #aici imi dau voie sa trec peste acl-urile respective http_access deny fisiere !ovidiu http_access deny blacklist !ovidiu http_access allow retea http_access allow localhost http_access deny all http_access deny !Safe_ports http_access deny CONNECT # SNMP la squid pt MRTG acl snmppublic snmp_community public snmp_port 3401 snmp_access allow snmppublic localhost #End of config file ########################################### #Initiez cache-ul /usr/local/bin/squid -z #Pornesc squid /usr/local/bin/squid ################## # Fortez toti clienti sa treaca prin squid (transparent ) iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 #Daca vreau ca eu sa fiu singurul care nu trece prin squid : iptables -t nat -A PREROUTING -i eth1 -s! 192.168.1.252 -p tcp --dport 80 -j REDIRECT --to-port 3128