iptables配置
*nat
:PREROUTING ACCEPT [1322:74513]
:POSTROUTING ACCEPT [880:38720]
:OUTPUT ACCEPT [880:38720]
-A PREROUTING -s 192.168.1.26 -i eth0 -p tcp -m tcp -d 61.172.240.188 --dport 80 -j REDIRECT --to-ports 33128 //透明代理配置,源地址为1.26的到80端口的请求全部转发到squid的33128端口.
-A POSTROUTING -s 192.168.1.26 -o eth0 -j SNAT --to-source 192.168.1.218 //做网关配置,并在1.26的机器上把网关设置成该服务器的IP.
COMMIT
squid配置
http_port 0.0.0.0:33128 transparent //透明代理模式配置为 transparent
dns_nameservers 202.106.0.20 //dns配置
cache_mgr root@ivg.com //错误web页面上显示的邮箱
cache_dir ufs /var/log/squid 7000 16 256
cache_mem 1024 MB
cache_swap_low 90
cache_swap_high 95
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
visible_hostname localhost
client_netmask 255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl allow_lan src 192.168.1.0/24
http_access allow allow_lan //允许局域网ip访问
http_access deny all //拒绝其它未定义的规则
url_rewrite_program /etc/squid/red.pl //指令指定重定向程序的命令行
url_rewrite_children 20 //指定squid应该开启多少重定向进程
acl Foo src 119.147.70.251/32
acl All src 0/0
redirector_access allow Foo
redirector_access deny All //squid将每个请求发送往重定向器,可以使用redirector_access规则来有选择的发送某些请求.
vi /etc/squid/red.pl //URL重定向器的配置
#!/usr/bin/perl -wl
$|=1; # don't buffer the output
while (<>) {
($uri,$client,$ident,$method) = ( );
($uri,$client,$ident,$method) = split;
next unless ($uri=~ m,^http://www.taobao.com/$,); //访问taobao(完全匹配)跳到hao123,php正则表达式详解:http://www.cnblogs.com/ximu/archive/2011/10/14/2211281.html
$uri = "http://www.hao123.com";
} continue {
print "$uri";
}
详细squid重定向器配置(squid权威指南):
http://blog.s135.com/book/squid/chap11.html#a44
操作系统优化
(1)加大系统的文件描述符限制:
ulimit -n
默认为1024增大为65536:
ulimit -n 65536
查看所有的系统限制:
ulimit -a
(2)加速回收TIME_WAIT的sockets:
sysctl -a|grep net.ipv4.tcp_tw
sysctl -w net.ipv4.tcp_tw_reuse=1
sysctl -w net.ipv4.tcp_tw_recycle =1
(3)加大临时端口的范围(默认是1024-4999):
echo "1024 40000" > /proc/sys/net/ipv4/ip_local_port_range
(4)如果还做NAT的话,增加NAT表的限制:
echo "65535" > /proc/sys/net/ipv4/ip_conntrack_max
---------------------------------
squidclient使用简介:
squidclient -h 127.0.0.1 -p 33128 mgr:
squidclient -h 127.0.0.1 -p 33128 mgr:client_list //查看客户端列表
squidclient -h 127.0.0.1 -p 33128 mgr:objects //取得已缓存的列表
squidclient -h 127.0.0.1 -p 33128 mgr:info //取得运行状态
经验技巧:打开一个网址,访问一下,看看有没有Cache到
squidclient -h 127.0.0.1 -p 33128 mgr:objects | grep GET | grep xxx.com
统计cache到的总数哈:
squidclient -h 127.0.0.1 -p 33128 mgr:objects | grep GET | wc -l
squid的access.log的时间转换:
perl -pe 's/^\\d+\\.\\d+/localtime($&)/e;' access.log