forum.lissyara.su

Код: Выделить всё

lan="fxp1"
wan="fxp0"
set block-policy drop
set skip on $lan
set skip on $wan
scrub in all
rdr pass on $lan inet proto tcp from $wan to any port www -> 127.0.0.1 port 3128
nat pass on $wan from $lan to any -> $wan
block in
pass in quick on $lan
pass in quick on $wan
pass out keep state

Код: Выделить всё

hostname="shark.localdomain"
ifconfig_fxp0="inet 10.0.1.200  netmask 255.255.255.0"
defaultrouter="10.0.1.1"
ifconfig_fxp1="inet 192.168.99.99 netmask 255.255.255.0"
squid_enable="YES"
sshd_enable="YES"
pf_enable="YES"

Код: Выделить всё

nameserver 10.0.1.2

Код: Выделить всё

http_port 192.168.99.99:3128
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
maximum_object_size 8092 KB
maximum_object_size_in_memory 512 KB
cache_dir ufs /var/webcache 2048 64 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_mgr aershov@foxtelecom.ru
visible_hostname shark.localdomain
tcp_outgoing_address 10.0.1.200

acl     all             src             0.0.0.0/0.0.0.0
acl     users           src             "/usr/local/etc/squid/users.conf"
acl     localhost       src             127.0.0.0/8
acl     our_networks    src             192.168.99.0/24
acl     allowed_sites   dstdomain       "/usr/local/etc/squid/allowed_sites.conf"
acl     stoplist    dstdomain       "/usr/local/etc/squid/stoplist.conf"

http_access     deny    stoplist
http_access     allow   allowed_sites
http_access     deny    users
http_access     allow   our_networks
http_access     allow   localhost
http_access     deny   all

Код: Выделить всё

1231754899.308  49452 192.168.99.100 TCP_MISS/504 1422 GET http://auto.search.msn.com/response.asp? - DIRECT/213.155.158.66 text/html
1231757268.150   6057 192.168.99.100 TCP_MISS/504 1367 GET http://ya.ru/ - DIRECT/213.180.204.8 text/html

Код: Выделить всё

2009/01/12 10:43:06| Preparing for shutdown after 2 requests
2009/01/12 10:43:06| Waiting 30 seconds for active connections to finish
2009/01/12 10:43:06| FD 13 Closing HTTP connection
2009/01/12 10:43:37| Shutting down...
2009/01/12 10:43:37| Closing unlinkd pipe on FD 11
2009/01/12 10:43:37| storeDirWriteCleanLogs: Starting...
2009/01/12 10:43:37|   Finished.  Wrote 0 entries.
2009/01/12 10:43:37|   Took 0.0 seconds (   0.0 entries/sec).
CPU Usage: 0.082 seconds = 0.014 user + 0.069 sys
Maximum Resident Size: 5672 KB
Page faults with physical i/o: 0
2009/01/12 10:43:37| logfileClose: closing log /var/log/squid/store.log
2009/01/12 10:43:37| logfileClose: closing log /var/log/squid/access.log
2009/01/12 10:43:37| Squid Cache (Version 2.7.STABLE5): Exiting normally.
2009/01/12 10:43:38| Starting Squid Cache version 2.7.STABLE5 for i386-portbld-freebsd7.1...
2009/01/12 10:43:38| Process ID 1722
2009/01/12 10:43:38| With 3578 file descriptors available
2009/01/12 10:43:38| Using kqueue for the IO loop
2009/01/12 10:43:38| DNS Socket created at 0.0.0.0, port 53698, FD 6
2009/01/12 10:43:38| Adding nameserver 10.0.1.2 from /etc/resolv.conf
2009/01/12 10:43:38| logfileOpen: opening log /var/log/squid/access.log
2009/01/12 10:43:38| Unlinkd pipe opened on FD 11
2009/01/12 10:43:38| Swap maxSize 2097152 + 65536 KB, estimated 0 objects
2009/01/12 10:43:38| Target number of buckets: 8318
2009/01/12 10:43:38| Using 16384 Store buckets
2009/01/12 10:43:38| Max Mem  size: 65536 KB
2009/01/12 10:43:38| Max Swap size: 2097152 KB
2009/01/12 10:43:38| logfileOpen: opening log /var/log/squid/store.log
2009/01/12 10:43:38| Rebuilding storage in /var/webcache (CLEAN)
2009/01/12 10:43:38| Using Least Load store dir selection
2009/01/12 10:43:38| Current Directory is /usr/local/squid/logs
2009/01/12 10:43:38| Loaded Icons.
2009/01/12 10:43:38| Accepting proxy HTTP connections at 192.168.99.99, port 3128, FD 13.
2009/01/12 10:43:38| WCCP Disabled.
2009/01/12 10:43:38| Ready to serve requests.
2009/01/12 10:43:38| Done reading /var/webcache swaplog (0 entries)
2009/01/12 10:43:38| Finished rebuilding storage from disk.
2009/01/12 10:43:38|         0 Entries scanned
2009/01/12 10:43:38|         0 Invalid entries.
2009/01/12 10:43:38|         0 With invalid flags.
2009/01/12 10:43:38|         0 Objects loaded.
2009/01/12 10:43:38|         0 Objects expired.
2009/01/12 10:43:38|         0 Objects cancelled.
2009/01/12 10:43:38|         0 Duplicate URLs purged.
2009/01/12 10:43:38|         0 Swapfile clashes avoided.
2009/01/12 10:43:38|   Took 0.3 seconds (   0.0 objects/sec).
2009/01/12 10:43:38| Beginning Validation Procedure
2009/01/12 10:43:38|   Completed Validation Procedure
2009/01/12 10:43:38|   Validated 0 Entries
2009/01/12 10:43:38|   store_swap_size = 0k
2009/01/12 10:43:39| storeLateRelease: released 0 objects

Код: Выделить всё

1 text/html 1067/1067 GET http://ya.ru/
1231756801.659 RELEASE -1 FFFFFFFF 7DF3D3D8FCB1121E61E48EEF926985FE  403 1231756801        -1        -1 text/html 1067/1067 GET http://ya.ru/
1231757028.901 RELEASE -1 FFFFFFFF 69FBB2B3329FB94250D66B72726F619B  504 1231757028        -1        -1 text/html 1077/1077 GET http://ya.ru/
1231757223.186 RELEASE -1 FFFFFFFF 2B4BDF45AACE1427BE3C1731C6E83F89  403 1231757223        -1        -1 text/html 1127/1127 GET http://192.168.99.99/stat/group_detail.cgi?year=2009&month=01&day=11
1231757268.150 RELEASE -1 FFFFFFFF 3454D8F53A00E9AC0EE7BF25DE12C07A  504 1231757267        -1        -1 text/html 1077/1077 GET http://ya.ru/

Код: Выделить всё

shark# cat /etc/pf.conf
lan="fxp1"
wan="fxp0"
set block-policy drop
set skip on $lan
set skip on $wan
rdr pass on $lan inet proto tcp from $wan to any port www -> 127.0.0.1 port 3128
#block in
pass in quick on $lan
pass in quick on $wan
pass out keep state

Код: Выделить всё

rdr pass on $lan inet proto tcp from $wan to any port www -> 127.0.0.1 port 3128