----- Original Message -----
Sent: Thursday, February 23, 2006 5:08
PM
Subject: [FreeBSD] squid ve
transparency
firewall dan tüm port 80 isteklerini clientlar ile aynı ipye
sahip bir server a yönlendirdim.
server üzerinde squid kuruluı ve çalışıyor.
clientlar ın proxy ayarlarını elle yaptığımda proxy den
yararlanarak internete çıkıyorlar. ama elle ayarlamadan firewall dan
yönlendirdiğim de istekler geliyor ama proxy internete çıkış yapmadan hemen
cevap gönderiyor. neden anlayamadım.
squid üzerinde ipfw yüklü ve herhangi bir engelmeme yok.
port yönlendirme de yok çünkü port zaten başka bir firewall tarafından
yönlendiriliyor. tüm istekler squid in dinlediği porta geliyor.
kernel dosyası içeriğinin son satırları:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPDIVERT
options
DUMMYNET
options IPSTEALTH
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
options DUMMYNET #bandwith
icin.
#pseudo-device vlan 3 # IEEE 802.1Q VLAN Support
options SYSVMSG
options
MSGMNB=8192 # max # of bytes in a
queue
options
MSGMNI=40 # number of
message queue identifiers
options
MSGSEG=512 # number of message
segments per queue
options
MSGSSZ=64 # size of a message
segment
options MSGTQL=2048 # max messages in
system
options SYSVSHM
options
SHMSEG=16 # max
shared mem id's per process
options
SHMMNI=32 # max
shared mem id's per system
options SHMMAX=2097152 # max shared memory
segment size (bytes)
options
SHMALL=4096 # max amount of shared
squid.conf dosyası:
http_port 3128
visible_hostname
proxy.mydomain.com
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex
cgi-bin \?
no_cache deny QUERY
cache_mem 128 MB
maximum_object_size
512 KB
ipcache_size 2048
fqdncache_size 2048
cache_dir ufs
/usr/local/squid/cache 3072 60 312
read_timeout 5
minutes
request_timeout 30 seconds
half_closed_clients
off
forwarded_for off
auth_param basic children 5
auth_param basic
realm Squid proxy-caching web server
auth_param basic credentialsttl 2
hours
refresh_pattern
^ftp:
1440 20% 10080
refresh_pattern
^gopher: 1440
0% 1440
refresh_pattern
.
0 20% 4320
acl
all src 0.0.0.0/0.0.0.0
acl internet src 172.16.0.0/21
acl nodownload
urlpath_regex -i "/usr/local/etc/squid/nodownload"
http_access deny
nodownload
acl DENYPAGE urlpath_regex Servlet
acl manager proto
cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl
to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports
port 80 # http
acl
Safe_ports port 21 #
ftp
acl Safe_ports port 443 563 # https,
snews
acl Safe_ports port
70 # gopher
acl
Safe_ports port 210 #
wais
acl Safe_ports port 1025-65535 # unregistered ports
acl
Safe_ports port 280 #
http-mgmt
acl Safe_ports port
488 # gss-http
acl
Safe_ports port 591 #
filemaker
acl Safe_ports port
777 # multiling http
acl
CONNECT method CONNECT
no_cache deny DENYPAGE
http_access allow
internet
http_access allow manager localhost
http_access deny
manager
http_access deny !Safe_ports
http_access deny CONNECT
!SSL_ports
http_access allow localhost
http_reply_access allow
all
http_access deny all
icp_access allow all
httpd_accel_host
virtual
httpd_accel_port 80
httpd_accel_with_proxy
on
httpd_accel_uses_host_header on
coredump_dir /usr/local/squid
/
error_directory /usr/local/etc/squid/errors/Turkish
client_db
off
#redirect_program /usr/local/bin/squidGuard
#redirect_children
10
cache_effective_user squid
cache_effective_group squid
access_log
/usr/local/squid/logs/access.log squid
---------------------------------------------------------------
[EMAIL PROTECTED]# egrep squid
rc.conf
squid_enable="YES"
[EMAIL PROTECTED]#
sockstat -l | grep squid
squid
squid 903 5 udp4
*:58934
*:*
squid squid
903 12 tcp4
*:3128
*:*
squid squid
903 13 udp4
*:3130
*:*
squid squid
903 14 udp4
*:4827
*:*
[EMAIL PROTECTED]# ps
auxww | grep squid
squid 552 0.0 0.1
1660 1116 ?? Ss 1:33PM 0:00.15
(pinger) (pinger)
squid 709 0.0 0.1
1660 1104 ?? Ss 2:17PM 0:00.13
(pinger) (pinger)
squid 711 0.0 0.1
1660 1104 ?? Ss 2:17PM 0:00.13
(pinger) (pinger)
squid 746 0.0 0.1
1660 1116 ?? Ss 2:18PM 0:00.16
(pinger) (pinger)
squid 901 0.0 0.3
5552 2804 ?? Is 3:09PM 0:00.01
/usr/local/sbin/squid -D
squid 903 0.0 1.0
11472 9932 ?? S 3:09PM
0:02.01 (squid) -D (squid)
squid 904 0.0 0.1
1272 596 ?? Is 3:09PM
0:00.04 (unlinkd) (unlinkd)
squid 905 0.0 0.1
1660 1116 ?? Ss 3:09PM 0:00.11
(pinger) (pinger)
root 1094 0.0 0.1
1316 688 p0 I
4:27PM 0:00.01 tail -f
/usr/local/squid/logs/access.log
root 1222 0.0
0.1 1588 968 p2 S+
5:06PM 0:00.01 grep squid
[EMAIL PROTECTED]# ls -l /var/db/pkg/ | grep
squid
drwxr-xr-x 2 root wheel 512
Feb 17 18:07 squid-2.5.12_4
[EMAIL PROTECTED]#
rc.conf içerisinde ipfw ile ilgili bir satır
yok.
iyi çalışmalar
