forum.lissyara.su

Код: Выделить всё

#
#begin
int_if="rl0"
ext_if="nfe0"
me="127.0.0.1"
icmp_types="{ echoreq, unreach }"
trusted_lan1="172.16.1.0/24"
trusted_lan2="192.0.1.0/24"
set block-policy return
set skip on lo0
#set skip on $int_if
#set timeout { frag 10, tcp.established 3600 }
scrub in all
rdr on rl0 proto { tcp } from 172.16.1.0/24 to any port 80 -> 127.0.0.1 port 3129
#rdr on $int_if proto { tcp udp } from $trusted_lan1 to any port 80 -> 127.0.0.1 port 3129
nat on $ext_if from $trusted_lan1 to any -> ($ext_if)
antispoof quick for $ext_if
block all
#pass on lo0 from any to any
pass out on $ext_if from $ext_if to any keep state
pass out on $ext_if from lo0 to any keep state
pass out on $ext_if from $trusted_lan1 to any keep state
pass in on $ext_if from $trusted_lan2 to any keep state
pass in on $int_if from $trusted_lan1 to any keep state
pass log inet proto icmp all icmp-type $icmp_types

Код: Выделить всё

2010/08/25 20:50:08| Set Current Directory to /var/spool/squid
2010/08/25 20:50:08| Loaded Icons.
2010/08/25 20:50:08| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3129, FD 11.
2010/08/25 20:50:08| commBind: Cannot bind socket FD 13 to *:3130: (48) Address already in use
FATAL: Cannot open ICP Port
Squid Cache (Version 3.0.STABLE25): Terminated abnormally.
CPU Usage: 0.014 seconds = 0.014 user + 0.000 sys
Maximum Resident Size: 6016 KB
Page faults with physical i/o: 0

Код: Выделить всё

predator[squid] > sockstat | grep squid
squid    squid      1326  3  dgram  -> /var/run/log
squid    squid      1326  6  udp4   *:53042               *:*
squid    squid      1326  13 tcp4   *:8080                *:*
squid    squid      1326  14 udp4   *:3130                *:*
squid    squid      1323  3  dgram  -> /var/run/log

Код: Выделить всё

00:00:05.773759 rule 8/0(match): pass in on rl0: 172.16.1.15.59510 > 213.140.231.3.53: 14385+[|domain]
00:00:00.024617 rule 8/0(match): pass in on rl0: 172.16.1.15.1467 > 127.0.0.1.3129: Flags [S], seq 3251303216, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:00.438831 rule 8/0(match): pass in on rl0: 172.16.1.15.1467 > 127.0.0.1.3129: Flags [S], seq 3251303216, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:00.402363 rule 8/0(match): pass in on rl0: 172.16.1.15.1467 > 127.0.0.1.3129: Flags [S], seq 3251303216, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:00.003356 rule 8/0(match): pass in on rl0: 172.16.1.15.54042 > 213.140.231.3.53: 8744+[|domain]
00:00:00.021477 rule 8/0(match): pass in on rl0: 172.16.1.15.1469 > 127.0.0.1.3129: Flags [S], seq 1260055405, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:00.477123 rule 8/0(match): pass in on rl0: 172.16.1.15.1469 > 127.0.0.1.3129: Flags [S], seq 1260055405, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:00.502914 rule 8/0(match): pass in on rl0: 172.16.1.15.1469 > 127.0.0.1.3129: Flags [S], seq 1260055405, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:09.203327 rule 8/0(match): pass in on rl0: 172.16.1.15.1470 > 192.0.1.50.10051: Flags [S], seq 1767387763, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:00.453785 rule 8/0(match): pass in on rl0: 172.16.1.15.1470 > 192.0.1.50.10051: Flags [S], seq 1767387763, win 65535, options [mss 1460,nop,nop,sackOK], length 0
00:00:00.501945 rule 8/0(match): pass in on rl0: 172.16.1.15.1470 > 192.0.1.50.10051: Flags [S], seq 1767387763, win 65535, options [mss 1460,nop,nop,sackOK], length 0