พอดีนั่งทำ Server ให้อยู่ที่หนึ่ง ไอ้เจ้าเครื่องจะให้ทำ Gateway เนี่ยมี Harddisk อยู่แค่ 1.2 GB เอาละสิ ถ้าลง Squid ไปด้วยนี่ Harddisk คงเต็มภายใน 1 อาทิตย์แหงๆ

พวกอยากให้ทำ transparent proxy ด้วย เลยตัดสินใจติดตั้ง squid ที่เครื่องที่เป็น File Server,Web Server ซึ่งเป็น Intranet Server

สั่ง apt-get install squid เสร็จก็แก้ /etc/squid/squid.conf ดังนี้ครับ

http_port 3128
# icp_port 3130
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 128 MB
cache_dir ufs /var/spool/squid 1500 16 256
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl allowall src "/etc/squid/allow.ip"
acl sex_domain dstdomain "/etc/squid/sex.domain"
acl sex_url dstdom_regex "/etc/squid/sex.url"
acl sex_word dstdom_regex "/etc/squid/sex.word"
acl sex_ip dst "/etc/squid/sex.ip"
acl sex_w url_regex "/etc/squid/sex.urly"
acl daytime time 08:00-16:30 MTWHFAS
acl mynetwork src
acl download urlpath_regex \.exe$ \.EXE$ \.zip$ \.ZIP$ \.rar$ \.RAR$ \.mp3$ \.MP3$ \.mov$ \.MOV$ \.mpg$ \.MPG$ \.mpeg$ \.MPEG$ \.avi$ \.iso$ \.AVI$ \.wma$ \.WMA$
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowall
http_access deny download daytime
http_access deny sex_word
http_access deny sex_domain
http_access deny sex_ip
http_access deny sex_url
http_access deny sex_w
http_access allow mynetwork
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user proxy
cache_effective_group proxyhttpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header oncoredump_dir /var/spool/squid

ทำการบล็อกดาวน์โหลด เว็บโป๊ ตามความต้องการ รวมทั้งอนุญาติสำหรับพวกอภิสิทธิ์ชนยูสเซอร์บางท่าน ตามความประสงค์ อุๆ

ไอ้ตัว Gateway นั้นการ์ด eth0 เป็น Public IP ส่วน eth1 เป็น Private IP มี ip เป็น ส่วนเจ้า Squid Box ก็

ก็ทำการสร้าง rules iptables ตามนี้ครับ

/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F


iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
# Transparent Proxy
iptables -t nat -A PREROUTING -i eth1 -s ! -p tcp --dport 80 -j DNAT --to
iptables -t nat -A POSTROUTING -o eth1 -s -d -j SNAT --to
iptables -A FORWARD -s -d -i eth1 -o eth1 -p tcp --dport 3128 -j ACCEPT

# Drop SSH Brute Force Attack
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP

*** หมายเหตุ rules บางส่วนตัดออกไปละไว้ในฐานที่เข้าใจ เพื่อความปลอดภัยครับ :)




You don’t need to ponder over which company to choose for buying resume from now on. Certified resume writers are at a hand’s reach. Look here prime-resume.com in order to glance over samples of resume writing or buy CV. Be convinced that you will acquire customized and professional resume writers review.
#14 by over here (| At 2014-03-31 18:26,
Every step through our iPhone Social Networking Application processes is headfully controlled to guarantee the highest level of customer contentment.
#13 by Perl Development ( At 2013-08-05 18:13,
You are overloaded and have no idea how to compose your Business Essay, get it from the most trustable organization and you will never regret.
#12 by Book Review Essay ( At 2013-07-18 12:06,
This is workable to order already written essay and buy an essay supreme-essay.com at the essay writing organization about this post.
#11 by custom research paper writers ( At 2013-07-13 14:48,
It is hard to exist with a thought that you lose your grades just because of a research paper! Nevertheless, all changes when you buy college research paper (topwritingservice.com). There're a lot of smart ways to have high rates!
#10 by buy pre written term paper (| At 2012-06-29 04:11,
The distinguished scholars will read your information related to this topic and purchase the dissertation subject in the thesis writing service.
#9 by thesis writing service (| At 2012-05-10 11:55,
Essays writing is not every person. In fact that is possible to utilize online Geography Essay to write your own essay papers.
#8 by Marketing Essay ( At 2012-01-11 23:18,
Some sites offer academic essay papers. Such services know that students in need will Buy an Essay just because they don't have an opportunity to write papers themselves.
#7 by Writing an Essay ( At 2012-01-10 05:59,
Properly composed writing services essays will give you a possibility to get good reputation. Nevertheless, term papers writing could utilize all free time. Thus this should be executable to buy writing essay to prevent it.
#6 by buy essays online ( At 2012-01-08 23:09,
Do you have a joyful academic life.
#5 by Purchase term paper ( At 2012-01-08 22:05,
It can be worth to try a lot of things in this life. Therefore, you should surely try to choose research papers buy options.
#4 by professional research papers ( At 2011-12-19 14:45,
I was searching for somebody who might aid me with papers writing. I have thought about different issues, nonetheless, I have chosen to buy cheap essay. It was a correct decision.
#3 by American essay writers ( At 2011-12-19 11:15,
If you want to buy a house, you would have to get the <a href="http://goodfinance-blog.com/topics/credit-loans">credit loans</a>. Furthermore, my mother usually takes a secured loan, which occurs to be really fast.
#2 by Velazquez32Mitzi ( At 2011-12-06 18:32,
#1 by ( At 2006-06-19 01:54,