实验环境：

系统 centos6.3

内网 eth0：192.168.223.163

       外网 eth1：192.168.22.78        Squid Cache: Version squid-3.1.10

网卡配置如下：

内网：

外网：

安装

[root ~]# yum -y install squid

Installing : 7:squid-3.1.10-18.el6_4.x86_64                     

 Verifying  : 7:squid-3.1.10-18.el6_4.x86_64               

 Installed:

 squid.x86_64 7:3.1.10-18.el6_4                                                                                             

Complete!

配置文件如下（更改地方用红色）

      [root ~]# vim /etc/squid/squid.conf

#

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

 

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

 

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

#acl worktime time 8:00-23:59  //定义工作时间

#acl worktime time 00:00-5:59

#http_access allow mynetwork !worktime  //只允许非工作时间上网

 

#

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access allow all

# Squid normally listens to port 3128

http_port 192.168.223.163:3128 transparent

 

# We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

 

# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid 2000 16 256

 

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid

 

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

visible_hostname 192.168.223.163

cache_mem 256 MB  //squid服务器占用内存大小

forwarded_for off  //不传递被代理地址

via off //不传递代理服务器信息

初始化squid代理服务器

[root ~]# squid -z

2013/08/14 10:06:24| Creating Swap Directories

2013/08/14 10:06:24| /var/spool/squid exists

2013/08/14 10:06:24| Making directories in /var/spool/squid/00

2013/08/14 10:06:24| Making directories in /var/spool/squid/01

2013/08/14 10:06:24| Making directories in /var/spool/squid/02

2013/08/14 10:06:24| Making directories in /var/spool/squid/03

2013/08/14 10:06:24| Making directories in /var/spool/squid/04

2013/08/14 10:06:24| Making directories in /var/spool/squid/05

2013/08/14 10:06:24| Making directories in /var/spool/squid/06

2013/08/14 10:06:24| Making directories in /var/spool/squid/07

2013/08/14 10:06:24| Making directories in /var/spool/squid/08

2013/08/14 10:06:24| Making directories in /var/spool/squid/09

2013/08/14 10:06:24| Making directories in /var/spool/squid/0A

2013/08/14 10:06:24| Making directories in /var/spool/squid/0B

2013/08/14 10:06:24| Making directories in /var/spool/squid/0C

2013/08/14 10:06:24| Making directories in /var/spool/squid/0D

2013/08/14 10:06:24| Making directories in /var/spool/squid/0E

2013/08/14 10:06:24| Making directories in /var/spool/squid/0F

 开启路由功能，并将下面的命令写入/etc/rc.d/rc.local 文件，使其开机自动开启路由功能

[root ~]# echo '1'>/proc/sys/net/ipv4/ip_forward 

或者如下 vi  /etc/sysctl.conf文件  将 net.ipv4.ip_forward = 0 改成 =1 

[root ~]# sysctl -p

net.ipv4.ip_forward = 1

配置iptables防火墙

自动将http请求转发到代理服务器上

[root@only ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp  --dport 80 -j REDIRECT --to-ports 3128

设置源地址映射

       [root@only ~]# iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.22.78

       [root@only ~]# iptables -P INPUT ACCEPT

启动squid代理服务

[root@only ~]# service squid restart

Stopping squid:                                            [FAILED]

Starting squid: .                                          [  OK  ]

查看squid代理服务器缓存日志

[root@only ~]# tail -f /var/log/squid/access.log

将squid加入开机启动项

[root@only ~]# chkconfig squid  --level 235 on 

搞定。