繼上篇把OPTWARE裝在ROUTER上之後, 我的目標就是把PROXY SERVER裝上去,

安裝很簡單, 就opkg install squid...

只是設定很難,

四處亂翻亂COPY, 弄出一個好像是WORK的版本,

下面就是囉,

cache_effective_user nobody
cache_mgr bigbrother@unslung_squid
visible_hostname ddwrt

#cache_replacement_policy heap LFUDA duno why dont work with 2.6
#memory_replacement_policy LFUDA same

ipcache_size 2048
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 100 KB

#If you have 64/8MB Router you can use 16MB cache_mem if smaler router use 8MB
cache_mem 0 MB

#this is cachedir you can change if you want. 400 meams 400MB cache. size you ca
cache_dir ufs /opt/var/squid/cache 25 4 64 read-only

logfile_rotate 10
fqdncache_size 2048
memory_pools off
maximum_object_size 16384 KB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
negative_dns_ttl 10 second
connect_timeout 60 second
read_timeout 80 second
request_timeout 80 second

dns_testnames none
mime_table /opt/etc/squid/mime.conf
unlinkd_program /opt/usr/lib/squid/unlinkd
#logfile_daemon /opt/usr/lib/squid/logfile-daemon
icon_directory /opt/usr/share/squid/icons
error_directory /opt/usr/share/squid/errors/English

#Logs you can change dir what you want
#cache_access_log /opt/var/squid/logs/access.log
cache_access_log /dev/null
#cache_log /opt/var/squid/logs/debug
cache_log /dev/null
#cache_store_log /opt/var/squid/logs/storage
cache_store_log none
hierarchy_stoplist cgi-bin ? .asp .cgi

#Proxy Ip same as ddwrt RuterIp. change how you want
http_port 本機的IP:要開的PORT transparent

# Global ACL-Definitions (Access control lists)
acl idents ident REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl intern dst 內網網域例如192.168.1.0/255.255.255.0
acl FTP proto FTP
always_direct allow FTP

#Allowed working outgoing Ports and LanIps
acl Allowed_Ports port 80 99 443 21 563 488 777 210 8080 1025-65535
acl yourLAN src 內網IP例如192.168.1.0/255.255.255.0
acl yourWAN src 外網IP例如1.1.0.0/255.255.0.0
#http_access definition
http_access allow idents
http_access allow all
http_access allow intern
http_access deny manager all
http_access allow yourLAN
http_access allow yourWAN
http_access deny all
icp_access deny all
miss_access allow all
always_direct allow intern

 

STARTUP scripte要加

if [ -d /opt/var/squid ]; then grep -q ^nobody /etc/group || echo "nobody:x:99:" >> /etc/group grep -q ^nobody /etc/passwd || echo "nobody:*:99:99:nobody:/var:/bin/false" >> /etc/passwd squid -D else exit fi
 
防火牆要加
iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT iptables -I FORWARD 1 --source 外網網域如1.1.0.0/16 -j ACCEPT
PORTFORWARE也要加個 8080到ROUTER的
arrow
arrow
    全站熱搜

    freylin 發表在 痞客邦 留言(2) 人氣()

    E-mail轉寄