Настройки в rc.config:
ifconfig_rl0="inet 192.168.0.253 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 192.168.1.253 netmask 255.255.255.0"
ifconfig_rl0_alias1="inet 192.168.2.253 netmask 255.255.255.0"
ifconfig_rl0_alias2="inet 192.168.3.253 netmask 255.255.255.0"
defaultrouter="192.168.0.8"
#natd_enable="YES"
#natd_interface="rl0"
#natd_flags="-dynamic -config /etc/config/natd.conf"
squid_enable="YES"правило в фаерволе:
ipfw add fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via rl0 inКод в squid.conf:
#http_port 3128
http_port 127.0.0.1:3128 transparent
#icp_port 0
hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin \?
#no_cache deny QUERY
cache_mem 512 MB
cache_swap_low 93
cache_swap_high 95
#maximum_object_size 8092 KB
maximum_object_size_in_memory 512 KB
ipcache_size 2048
memory_replacement_policy lru
cache_dir ufs /usr/local/squid/cache 1000 64 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /usr/local/squid/logs/squid.pid
debug_options ALL,1
diskd_program /usr/local/libexec/squid/diskd-daemon
redirect_program /usr/local/bin/squidGuard
redirect_children 8
cache_mgr admin@my_domain.ru
visible_hostname mail.my_domain.ru
tcp_outgoing_address 222.222.222.222
refresh_pattern ^ftp: &n... 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320acl QUERY urlpath_regex cgi-bin \? chat css
acl our_domain dstdomain progress-stroy.local progress-stroy.com.ua www.progress-stroy.com.uano_cache allow our_domain QUERY
always_direct allow our_domainacl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255acl local_src src 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
acl local_dst dst 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777acl our_net src 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
acl our_serv dst 127.0.0.1/255.255.255.255 195.114.135.210acl CONNECT method CONNECT
acl porno url_regex -i '/usr/local/my_doc_smb/squid/porn.conf'
acl mail url_regex -i '/usr/local/my_doc_smb/squid/mail.conf'
acl Banner url_regex -i '/usr/local/my_doc_smb/squid/banner.conf'
acl download url_regex -i '/usr/local/my_doc_smb/squid/download.conf'
acl NoBanner url_regex -i '/usr/local/my_doc_smb/squid/noban.conf'acl leadership src '/usr/local/my_doc_smb/squid/leadership.conf'
acl priveleged src '/usr/local/my_doc_smb/squid/privileged.conf'
acl all_users src '/usr/local/my_doc_smb/squid/all_users.conf'http_access allow NoBanner all_users
http_access deny mail all_users
http_access deny download all_users
http_access allow all_users
http_access allow !porno !download priveleged
http_access allow leadership
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny allcachemgr_passwd 234 all
error_directory /usr/local/etc/squid/errors/Russian-1251
coredump_dir /usr/local/squid/cache
pipeline_prefetch onРезультат: прозрачный прокси не работает. В чём может быть проблема?
попробуйте вместо 127.0.0.1,3128
192.168.0.253,3128
Разобрался. Всё оказалось банально просто:
tcp_outgoing_address 222.222.222.222 - убрал и всё зафурычило)
>[оверквотинг удален]
>ifconfig_rl0_alias1="inet 192.168.2.253 netmask 255.255.255.0"
>ifconfig_rl0_alias2="inet 192.168.3.253 netmask 255.255.255.0"
>defaultrouter="192.168.0.8"
>#natd_enable="YES"
>#natd_interface="rl0"
>#natd_flags="-dynamic -config /etc/config/natd.conf"
>squid_enable="YES"
>
>правило в фаерволе:
>ipfw add fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via rl0 in
==================================================
Вот так работать будет
ipfw add fwd 127.0.0.1,3128 tcp from any to any dst-port 80 out via rl0
>[оверквотинг удален]
>>
>>правило в фаерволе:
>>
>
>ipfw add fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via
>rl0 in
>==================================================
>Вот так работать будет
>ipfw add fwd 127.0.0.1,3128 tcp from any to any dst-port 80 out
>via rl0============================
Это при условии что rl0 внешний интерфейс