0.Environment
hostname:yuanzhen.math.ncu.edu.tw
/dev/sdb1 /usr/local/squid
eth0 inet addr:61.218.112.203 Bcast:61.218.112.255 Mask:255.255.255.0
eth1 inet addr:140.115.25.8 Bcast:140.115.25.255 Mask:255.255.255.0
1.Install Squid
# apt-get install squid
2.Setting
# vi /etc/squid/squid.conf
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#Default:
cache_dir ufs /var/spool/squid 100 16 256
# TAG: auth_param
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# ACCESS CONTROLS
acl all src 0.0.0.0/0.0.0.0
acl ncu src 140.115.0.0/255.255.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow ncu
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access deny all
# and finally allow by default
http_reply_access allow all
# ADMINISTRATIVE PARAMETERS
#Default:
# none
visible_hostname yuanzhen
# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/cache
3.Network Setting
# vi /etc/network/interfaces
auto lo eth0 eth1
iface lo inet loopback
iface eth1 inet static
address 140.115.25.8
netmask 255.255.255.0
broadcast 140.115.25.255
iface eth0 inet static
address 61.218.112.203
netmask 255.255.255.0
broadcast 61.218.112.255
gateway 61.218.112.254
# cd /etc/init.d
# vi set_route
/sbin/route add -net 140.115.0.0/16 dev eth1
# chmod +x set_route
# cd /etc/rcS.d/
# ln -s /etc/init.d/set_route S41set_route
# /etc/init.d/squid start
沒有留言:
張貼留言