(The last two in a real application is unreliable, we should first of all, and then gradually open its own services) pf settings to this basic complete the following to start squid part 1, installation of squid./configure--enable-useragent-log--enable-referer-log--enable-default-err-language = Simplify_Chinese--enable-err-languages = "Simplify_ChineseEnglis"--disable-internal-dns--enable-pf-transparent # make # makeinstall # mkdir/home/cache (create the directory where cache) 2, increase the squid running on user and user group (my are set to squid) chownsquid: caceee squid/home/usr/local/squid/etc//add the/etc/hosts squid.con internal DNS resolution, such as my: 192.168.2.2www.aaa.com192.168.2.3mail.aaa.com3, following begin configuring squid.conf file (here's my profile) visible_hostnamecache.example.comcache_dirufs/home/cache102416256cache_mem100MBcache_effective_usersquidcache_effective_groupsquidhttp_port80httpd_accel_hostvirtualhttpd_accel_single_hostofhttpd_accel_port80httpd_accel_uses_host_headeronhttpd_accel_with_proxyon # acceleratermydomainonlyaclacceleratedHostAdstdomain.example1.com # aclacceleratedHostBdstdomain.example2.com # aclacceleratedHostCdstdomain.example3.com # acceleraterhttpprotocolonport80aclacceleratedProtocolprotocolTTPaclacceleratedPortport80 # accessarcaclallsrc0.0.0.0/0.0.0.0 # AllowrequestswhentheyaretotheacceleratedmachineANDtote # rightportwithrightprotocolhttp_accessallowacceleratedProtocolacceleratedPortacceleratedostA # http_accessallowacceleratedProtocolacceleratedPortacceleratedostB # http_accessallowacceleratedProtocolacceleratedPortacceleratedostC # loggingemulate_httpd_logoncache_store_lognone # manageraclmanagerprotocache_objecthttp_accessallowmanagerallcachemgr_passwdpassallsquid.conf file configuration completed 4, directory permissions settings chown-Rsquid: squid/home/cace creates a log file, the default in/usr/local/squid/var/access.log5, create a cache directory:/usr/local/squid/sbin/squid-z start squid/usr/local/squid/sbin/squid in the notes the intention of my building is a Web service through the squid reverse proxy to complete as other (I now only ftp) services through pf to complete it in order to accomplish this goal we need to add the pf rule is the following statement rdron $ lan_ifprototcpfrom $ lan_iftoanyport80-> $ lan_ifport80 ($ lan_if is my gateway of the network card) where access to port 80, you are forwarded to the gateway listening on port 80, Squid in pf rules only allow ftp service (questions about the extranet access, also need to add a similar sentence?) so far, FreeBsd5.4 + pf + squid reverse proxy basically completed.
No comments:
Post a Comment