使用 squid3 dansguardian iptables 和一个 nic 的透明代理

使用 squid3 dansguardian iptables 和一个 nic 的透明代理

我正在尝试通过透明代理 (squid3) 和 dansguardian 过滤我的家庭互联网连接。我有以下设置:https://i.stack.imgur.com/5Z3DP.png

我的 Ubuntu 服务器直接连接到 VDSL,就像网络中的任何其他计算机一样。

我的消费级 VDSL (192.168.2.1) 是 ZTE 一体化设备(DHCP 服务器、路由器、无线接入点、交换机等),运行 Linux BusyBox v1.01 和 iptables v1.4.0。我可以通过 CLI 访问它。我不想将服务器 (Ubuntu 14.04/192.168.2.2) 放在 VDSL 和家庭网络之间,因为我想避免在服务器上安装第二个网卡和单独的无线接入点。

因此,我希望通过服务器路由所有进入 VDSL 的 80 端口流量。我在服务器上安装了 squid3 代理 + dansguardian 过滤器。

我已将以下内容添加/更改至 /etc/squid3/squid.conf 文件:

acl localhost src 127.0.0.1/32
http_access allow localhost
http_access deny all
http_port 3129
http_port 3128 intercept
dns_nameservers 208.67.222.123, 208.67.220.123

我已将以下内容添加/更改至 /etc/dansguardian/dansguardian.conf 文件:

"UNCONFIGURED - Please remove this line after configuration" **removed**
filterport = 8888
proxyport = 3128

在 VDSL 上我发出了 iptables 命令(br0 是 192.168.2.1 调制解调器/网关上的桥接接口,192.168.2.2 是服务器):

iptables -t nat -A PREROUTING -i br0 -s ! 192.168.2.2 -d ! 192.168.2.2 -p tcp --dport 80 -j DNAT --to-destination 192.168.2.2:3128

(还尝试了端口 8888,以防我误解了语法)

我的 squid 日志文件看起来不错:

2014/09/29 23:42:13| Starting Squid Cache version 3.3.8 for x86_64-pc-linux-gnu...
2014/09/29 23:42:13| Process ID 3648
2014/09/29 23:42:13| Process Roles: master worker
2014/09/29 23:42:13| With 65536 file descriptors available
2014/09/29 23:42:13| Initializing IP Cache...
2014/09/29 23:42:13| DNS Socket created at [::], FD 5
2014/09/29 23:42:13| DNS Socket created at 0.0.0.0, FD 6
2014/09/29 23:42:13| Adding nameserver 208.67.222.123 from squid.conf
2014/09/29 23:42:13| Adding nameserver 208.67.220.123 from squid.conf
2014/09/29 23:42:13| Logfile: opening log daemon:/var/log/squid3/access.log
2014/09/29 23:42:13| Logfile Daemon: opening log /var/log/squid3/access.log
2014/09/29 23:42:13| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/09/29 23:42:13| Store logging disabled
2014/09/29 23:42:13| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/09/29 23:42:13| Target number of buckets: 1008
2014/09/29 23:42:13| Using 8192 Store buckets
2014/09/29 23:42:13| Max Mem  size: 262144 KB
2014/09/29 23:42:13| Max Swap size: 0 KB
2014/09/29 23:42:13| Using Least Load store dir selection
2014/09/29 23:42:13| Set Current Directory to /var/spool/squid3
2014/09/29 23:42:13| Loaded Icons.
2014/09/29 23:42:13| HTCP Disabled.
2014/09/29 23:42:13| Pinger socket opened on FD 12
2014/09/29 23:42:13| Squid plugin modules loaded: 0
2014/09/29 23:42:13| Adaptation support is off.
2014/09/29 23:42:13| Accepting HTTP Socket connections at local=[::]:3129 remote=[::] FD 9 flags=9
2014/09/29 23:42:13| Accepting NAT intercepted HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 10 flags=41
2014/09/29 23:42:13| pinger: Initialising ICMP pinger ...
2014/09/29 23:42:13| pinger: ICMP socket opened.
2014/09/29 23:42:13| pinger: ICMPv6 socket opened
2014/09/29 23:42:13| Pinger exiting.
2014/09/29 23:42:14| storeLateRelease: released 0 objects
2014/09/29 23:44:13| Preparing for shutdown after 0 requests
2014/09/29 23:44:13| Waiting 30 seconds for active connections to finish
2014/09/29 23:44:13| Closing HTTP port [::]:3129
2014/09/29 23:44:13| Closing HTTP port 0.0.0.0:3128
2014/09/29 23:44:13| Closing Pinger socket on FD 12
2014/09/29 23:44:13| Shutdown: NTLM authentication.
2014/09/29 23:44:13| Shutdown: Negotiate authentication.
2014/09/29 23:44:13| Shutdown: Digest authentication.
2014/09/29 23:44:13| Shutdown: Basic authentication.
2014/09/29 23:44:18| Starting Squid Cache version 3.3.8 for x86_64-pc-linux-gnu...
2014/09/29 23:44:18| Process ID 3940
2014/09/29 23:44:18| Process Roles: master worker
2014/09/29 23:44:18| With 65536 file descriptors available
2014/09/29 23:44:18| Initializing IP Cache...
2014/09/29 23:44:18| DNS Socket created at [::], FD 5
2014/09/29 23:44:18| DNS Socket created at 0.0.0.0, FD 6
2014/09/29 23:44:18| Adding nameserver 208.67.222.123 from squid.conf
2014/09/29 23:44:18| Adding nameserver 208.67.220.123 from squid.conf
2014/09/29 23:44:18| Logfile: opening log daemon:/var/log/squid3/access.log
2014/09/29 23:44:18| Logfile Daemon: opening log /var/log/squid3/access.log
2014/09/29 23:44:18| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2014/09/29 23:44:18| Store logging disabled
2014/09/29 23:44:18| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2014/09/29 23:44:18| Target number of buckets: 1008
2014/09/29 23:44:18| Using 8192 Store buckets
2014/09/29 23:44:18| Max Mem  size: 262144 KB
2014/09/29 23:44:18| Max Swap size: 0 KB
2014/09/29 23:44:18| Using Least Load store dir selection
2014/09/29 23:44:18| Set Current Directory to /var/spool/squid3
2014/09/29 23:44:18| Loaded Icons.
2014/09/29 23:44:18| HTCP Disabled.
2014/09/29 23:44:18| Pinger socket opened on FD 12
2014/09/29 23:44:18| Squid plugin modules loaded: 0
2014/09/29 23:44:18| Adaptation support is off.
2014/09/29 23:44:18| Accepting HTTP Socket connections at local=[::]:3129 remote=[::] FD 9 flags=9
2014/09/29 23:44:18| Accepting NAT intercepted HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 10 flags=41
2014/09/29 23:44:18| pinger: Initialising ICMP pinger ...
2014/09/29 23:44:18| pinger: ICMP socket opened.
2014/09/29 23:44:18| pinger: ICMPv6 socket opened
2014/09/29 23:44:18| Pinger exiting.
2014/09/29 23:44:19| storeLateRelease: released 0 objects

但是,dansguardian日志文件是空的。

当我使用以下命令检查调制解调器的 iptables 时,iptables -t nat --line-numbers -L它返回以下内容:

It Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       tcp  --  anywhere             200.200.200.200     tcp dpt:www to:192.168.2.1:8000
2    srvcntrl   all  --  anywhere             anywhere
3    fwports    all  --  anywhere             anywhere
4    portmapp   all  --  anywhere             anywhere
5    upnp       all  --  anywhere             anywhere
6    dmzmapp    all  --  anywhere             anywhere
7    DNAT       tcp  -- !192.168.2.2         !192.168.2.2         tcp dpt:www to:192.168.2.2:3128

我遗漏了一些东西,因为它无法正常工作。虽然我从 80 年代中期就开始使用计算机,并且习惯使用 cli;但网络拓扑对我来说仍然很陌生。任何帮助都非常感谢。

相关内容