展开全部实验环境:系统 centos6.3内网 eth0:192.168.223.163 外网 eth1:192.168.22.78 Squid Cache: Version squid-3.1.10网卡配置如下:内网:centos6.3(x64) squid透明代理服务器(详细安装步骤) - Only - Only外网:centos6.3(x64) squid透明代理服务器(详细安装步骤) - Only - Only安装[root@only ~]# yum -y install squidInstalling : 7:squid-3.1.10-18.el6_4.x86_64 Verifying: 7:squid-3.1.10-18.el6_4.x86_64 Installed: squid.x86_64 7:3.1.10-18.el6_4 Complete!配置文件如下(更改地方用红色)[root@only ~]# vim /etc/squid/squid.conf## Recommended minimum configuration:#acl manager proto cache_objectacl localhost src 127.0.0.1/32 ::1acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1# Example rule allowing access from your local networks.# Adapt to list your (internal) IP networks from where browsing# should be allowedacl localnet src 10.0.0.0/8 # RFC1918 possible internal networkacl localnet src 172.16.0.0/12 # RFC1918 possible internal networkacl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl localnet src fc00::/7 # RFC 4193 local private network rangeacl localnet src fe80::/10# RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl CONNECT method CONNECT#acl worktime time 8:00-23:59//定义工作时间#acl worktime time 00:00-5:59#http_access allow mynetwork !worktime//只允许非工作时间上网## Recommended minimum Access Permission configuration:## Only allow cachemgr access from localhosthttp_access allow manager localhosthttp_access deny manager# Deny requests to certain unsafe portshttp_access deny !Safe_ports# Deny CONNECT to other than secure SSL portshttp_access deny CONNECT !SSL_ports# We strongly recommend the following be uncommented to protect innocent# web applications running on the proxy server who think the only# one who can access services on "localhost" is a local user#http_access deny to_localhost## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS## Example rule allowing access from your local networks.# Adapt localnet in the ACL section to list your (internal) IP networks# from where browsing should be allowedhttp_access allow localnethttp_access allow localhost# And finally deny all other access to this proxyhttp_access allow all# Squid normally listens to port 3128http_port 192.168.223.163:3128 transparent# We recommend you to use at least the following line.hierarchy_stoplist cgi-bin ?# Uncomment and adjust the following to add a disk cache directory.cache_dir ufs /var/spool/squid 2000 16 256# Leave coredumps in the first cache dircoredump_dir /var/spool/squid# Add any of your own refresh_pattern entries above these.refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320visible_hostname 192.168.223.163cache_mem 256 MB//squid服务器占用内存大小forwarded_for off//不传递被代理地址via off //不传递代理服务器信息初始化squid代理服务器[root@only ~]# squid -z2013/08/14 10:06:24| Creating Swap Directories2013/08/14 10:06:24| /var/spool/squid exists2013/08/14 10:06:24| Making directories in /var/spool/squid/002013/08/14 10:06:24| Making directories in /var/spool/squid/012013/08/14 10:06:24| Making directories in /var/spool/squid/022013/08/14 10:06:24| Making directories in /var/spool/squid/032013/08/14 10:06:24| Making directories in /var/spool/squid/042013/08/14 10:06:24| Making directories in /var/spool/squid/052013/08/14 10:06:24| Making directories in /var/spool/squid/062013/08/14 10:06:24| Making directories in /var/spool/squid/072013/08/14 10:06:24| Making directories in /var/spool/squid/082013/08/14 10:06:24| Making directories in /var/spool/squid/092013/08/14 10:06:24| Making directories in /var/spool/squid/0A2013/08/14 10:06:24| Making directories in /var/spool/squid/0B2013/08/14 10:06:24| Making directories in /var/spool/squid/0C2013/08/14 10:06:24| Making directories in /var/spool/squid/0D2013/08/14 10:06:24| Making directories in /var/spool/squid/0E2013/08/14 10:06:24| Making directories in /var/spool/squid/0F 开启路由功能,并将下面的命令写入/etc/rc.d/rc.local 文件,使其开机自动开启路由功能[root@only ~]# echo 1>/proc/sys/net/ipv4/ip_forward 或者如下 vi/etc/sysctl.conf文件将 net.ipv4.ip_forward = 0 改成 =1 [root@only ~]# sysctl -pnet.ipv4.ip_forward = 1配置iptables防火墙自动将http请求转发到代理服务器上[root@only ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp--dport 80 -j REDIRECT --to-ports 3128设置源地址映射 [root@only ~]# iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.22.78 [root@only ~]# iptables -P INPUT ACCEPT启动squid代理服务[root@only ~]# service squid restartStopping squid:[FAILED]Starting squid: .[OK]查看squid代理服务器缓存日志[root@only ~]# tail -f /var/log/squid/access.log将squid加入开机启动项[root@only ~]# chkconfig squid--level 235 on 搞定。