here some of My scripts this works very well for me .. :) and if you want in your Squid ACL List you can deny direct access to the Cache other than what accessed by the Redirect on the Firewall
:) /etc/squid/squid.conf ----------------------------------Start Here-------------------------------------- #squid.conf - a very basic config file for squid #Turn logging to it's lowest level debug_options ALL,1 #defines a group (or Access Control List) that includes all IP #addresses acl manager proto cache_object acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl allowed_hosts src 172.16.0.0/255.255.0.0 #allow all sites to use connect to us via HTTP http_access allow allowed_hosts http_access deny manager http_access deny all http_access allow localhost #allow all sites to use us as a sibling icp_access allow allowed_hosts icp_access deny all icp_access allow localhost http_port 3128 httpd_accel_with_proxy on cache_dir ufs /var/spool/squid 1024 16 256 cache_mem 16 MB cache_effective_user squid cache_effective_group squid visible_hostname cache.dynamicaccess.net httpd_accel_port 80 httpd_accel_host virtual no_cache deny manager httpd_accel_uses_host_header on dns_nameservers 127.0.0.1 -----------------------------------Stop Cut Here----------------------------- /etc/rc.firewall (Partial amoun)t ----------------------------------Start Here----------------------------------- ######### DNAT Starts Here ################ $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 3128 -j DNAT --to 172.16.0.253:3128 $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 2100 -j DNAT --to 172.16.0.123:2101 $IPTABLES -t nat -A PREROUTING -i eth1 -p udp --dport 2100 -j DNAT --to 172.16.0.123:2101 ### Internal Web Server DNAT $IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 8888 -j DNAT --to 172.16.0.111:80 #$IPTABLES -t nat -A PREROUTING -i eth1 -p udp --dport 8080 -j DNAT --to 172.16.0.111:80 ### Allow Port Forwarding on the Ports Specified $IPTABLES -A FORWARD -p tcp -i $EXTIF -d 172.16.0.123 --dport 2101 -j ACCEPT $IPTABLES -A FORWARD -p udp -i $EXTIF -d 172.16.0.123 --dport 2101 -j ACCEPT $IPTABLES -A FORWARD -p tcp -i $EXTIF -d 172.16.0.111 --dport 80 -j ACCEPT $IPTABLES -A FORWARD -p tcp -i eth0 -d 172.16.0.253 --dport 3128 -j ACCEPT -----------------------------------------Stop Cut Here------------------------------------------------- My cahce now goes Faster than eva .. :) tell me how you go with it i would like to know, good luck ...
