黑基网 首页 学院 系统管理 查看内容

OPENBSD + PF + SQUID

2005-8-12 11:00| 投稿: net

摘要: 安装SQUID # wget ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.5.STABLE6.tar.gz # wget http://f...
安装SQUID # wget ftp://ftp.squid-cache.org/pub/squid-2/STABLE/squid-2.5.STABLE6.tar.gz # wget http://ftp.it.net.au/OpenBSD/3.6/packages/i386/autoconf-2.13p0.tgz # wget http://ftp.it.net.au/OpenBSD/3.6/packages/i386/gmake-3.80.tgz # pkg_add autoconf-2.13p0.tgz # pkg_add gmake-3.80.tgz # tar zxvf squid-2.5.STABLE6.tar.gz # cd squid-2.5.STABLE6 # ./configure --prefix=/usr/local/squid --sysconfdir=/etc/squid --enable-ssl --with-openssl --enable-default-err-language=Simplify_Chinese --enable-pf-transparent --disable-hostname-checks --disable-internal-dns # make # make install # groupadd squid # useradd –g squid –d /dev/null –s /sbin/nologin squid # chown –R squid:squid /usr/local/squid/ 配置SQUID # > /etc/squid/squid.conf # vi /etc/squid/squid.conf =========================squid.conf======================== http_port 127.0.0.1:3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 48 MB cache_swap_low 80 cache_swap_high 90 maximum_object_size_in_memory 24 KB cache_dir ufs /usr/local/squid/var/cache 100 16 256 cache_access_log /usr/local/squid/var/logs/access.log cache_log none cache_store_log none emulate_httpd_log on pid_filename /usr/local/squid/var/logs/squid.pid dns_children 10 refresh_pattern ^ftp:           1440    20%     10080 refresh_pattern ^gopher:        1440    0%      1440 refresh_pattern .               0       20%     4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80          # http acl Safe_ports port 21          # ftp acl Safe_ports port 443 563     # https, snews acl Safe_ports port 70          # gopher acl Safe_ports port 210         # wais acl Safe_ports port 1025-65535  # unregistered ports acl Safe_ports port 280         # http-mgmt acl Safe_ports port 488         # gss-http acl Safe_ports port 591         # filemaker acl Safe_ports port 777         # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl refused_sites url_regex "/etc/squid/refused_sites" http_access deny refused_sites acl our_networks src 192.168.0.0/16 http_access allow our_networks http_access deny all http_reply_access allow all icp_access allow all cache_mgr [email protected] cache_effective_user squid cache_effective_group squid visible_hostname www.squid.com httpd_accel_port 80 httpd_accel_host virtual httpd_accel_single_host off httpd_accel_with_proxy off httpd_accel_uses_host_header on error_directory /usr/local/squid/share/errors/Simplify_Chinese coredump_dir /usr/local/squid/var/cache ie_refresh on =========================squid.conf======================== 设置透明代理 # vi /etc/pf.conf rdr on $int_if inet proto tcp from $intnet to any port 80 -> 127.0.0.1 port 3128 设置开机启动 当系统无PPP网络接口时: # vi /etc/rc.local if [ -f /etc/squid/squid.conf ]; then /usr/local/squid/sbin/squid& fi 当系统有PPP网络接口时: # vi /etc/ppp/ppp.linkup MYADDR: ! sh -c "/usr/local/squid/sbin/squid&" 附录:为SQUID添加用户认证功能 安装MYSQL_AUTH # tar xzpf mysql_auth-0.6beta.tar.gz # cd mysql_auth-0.6beta 修改Makefile中的内容(下面的设置针对的是用mysql-server-4.0.20.tgz安装的MYSQL) # vi Makefile CFLAGS = -I/usr/local/include -L/usr/local/lib $(INSTALL) -o squid -g squid -m 755 mysql_auth /usr/bin/mysql_auth $(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf $(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf.default 修改src/define.h中的内容 # vi +5 src/define.h #define CONFIG_FILE "/etc/mysql_auth.conf" #define DEF_MYSQLD_SOCKET "/var/run/mysql/mysql.sock" 修改src/mysql_auth.conf中的内容 # vi src/mysql_auth.conf mysqld_socket   /var/run/mysql/mysql.sock # make # make install 创建用户数据库 # cd scripts # mysql -u root -p****** < create_script 测试MYSQL_AUTH 添加一个测试用户 # mypasswd test 123456 Password record ADDED succesfully. 验证刚才建立的用户 # mysql_auth test 123456 0K 在SQUID.CONF中增加MYSQL_AUTH认证 # vi /etc/squid/squid.conf 添加下面的代码到SQUID.CONF中“TAG: acl”一节的后面 auth_param basic program /usr/bin/mysql_auth auth_param basic realm Squid caching server auth_param basic children 5 auth_param basic credentialsttl 2 hours acl password proxy_auth REQUIRED http_access allow password authenticate_ip_ttl 2 hours http_access deny all 这样带有用户验证的SQUID服务器就作好了
小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论


新出炉

返回顶部