eth0外网 eth1内网echo 1 > /proc/sys/net/ipv4/ip_forward/sbin/modprobe iptable_nat/sbin/modprobe ip_conntrack/sbin/modprobe ip_conntrack_ftp/sbin/iptables -F INPUT/sbin/iptables -F FORWARD/sbin/iptables -F POSTROUTING -t nat/sbin/iptables -t nat -F/sbin/iptables -P FORWARD DROP/sbin/iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT/sbin/iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to xxx.xxx.xxx.xxx定向80到3128/sbin/iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128/sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128/sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128# 将 对于 80、443 端口的访问 重定向到 3128 端口 </P><P> squid配置文件加入 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on iptables防火墙规则里只要有这么一句 iptables -t nat -A PREROUTING -i eth1 -p tcp -s 193.100.0.0(内网段)/24 --dport 80 -j DNAT --to 193.100.0.3(代理服务器地址):3128
squid配置文件加入
httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
iptables防火墙规则里只要有这么一句
iptables -t nat -A PREROUTING -i eth1 -p tcp -s 193.100.0.0(内网段)/24 --dport 80 -j DNAT --to 193.100.0.3(代理服务器地址):3128
Copyright @ 2007-2012 敏韬网(敏而好学,文韬武略--MinTao.Net)(学习笔记) Inc All Rights Reserved. 闵涛 E_mail:admin@mintao.net(欢迎提供学习资源)
鄂公网安备 42011102001154号
站长:MinTao ICP备案号:鄂ICP备11006601号-18