pf+squid配置
2009-05-13 00:47:30来源:未知 阅读 ()
pf+squid 实现透明代理。其实pf本身就可以Nat ,用squid是为了进一步控制。
pf.conf
#       $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
 
ext_if="rl1"
int_if="rl0"
lan_net="192.3.88.0/24"
Admin="192.3.88.15"
 
# --- Define Table
table persist file "/etc/leader_user"
table persist file "/etc/software_user"
 
# --- Option
set block-policy drop
set loginterface $ext_if
scrub in all
 
# --- Queue
altq on $ext_if cbq bandwidth 2Mb queue {other, Admin}
queue other bandwidth 1Mb cbq(default)
queue Admin bandwidth 1Mb priority 3 cbq(borrow)
 
# --- NAT
nat on $ext_if from $Admin  -> ($ext_if:0)
nat on $ext_if from -> ($ext_if:0)
 
# --- Redirection
rdr on $ext_if proto tcp from any to $ext_if port 22 -> 192.3.88.3 port 22
rdr on $int_if proto tcp from $Admin to $int_if port 8888  -> 192.168.42.1 port 8888
rdr on $int_if proto tcp from $Admin to any port 21  -> 127.0.0.1 port 8021
#rdr on $int_if proto tcp from to any port 80 -> $int_if port 75626
rdr on $int_if inet proto tcp from to any port 80 -> 192.3.88.1 port 8081
 
# --- Block All
block out  on $ext_if from $lan_net to any
block in on $ext_if from any to $lan_net
pass quick on lo0 all
 
# ---- Manager SSH
block  in  on $int_if  proto tcp  from $lan_net to $int_if port 22
pass   in  on $int_if  proto tcp  from $Admin   to $int_if port 22 keep state
 
# --- Pass Administrator
pass out on  $ext_if from $Admin to any keep state queue Admin
 
# --- Pass Table
pass out on  $ext_if from to any keep state queue Admin
squid.conf
############################################# ### ports
http_port 192.3.88.1:8081
icp_port 0
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
 
### cache dir
cache_dir ufs /var/squid/cache/ 530 16 256
cache_mem 12 MB
cache_store_log none
cache_access_log /dev/null
cache_log /dev/null
emulate_httpd_log on
unlinkd_program /usr/local/libexec/unlinkd
 
### ip cache
ipcache_size 1024
ipcache_low 90
ipcache_high 95
 
### cache user
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
- freebsd7 RAID0, Geom方式 成功 2009-05-13
- netbsd启动gnome失败! 2009-05-13
- 提示:bad kernel: arp : 内网IP地址 is on em0 but got rep 2009-05-13
- DragonFly BSD 2.2.1发布 2009-05-13
- NetBSD笔记 2009-05-13
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
