我有一台树莓派配置为一个小服务器,用于进行一些网络训练,这是我当前的系统版本 Linux raspberrypi 4.14.98-v7+ #1200 SMP 星期二 二月 12 20:27:48 GMT 2019 armv7l GNU/Linux。目前,我的树莓派有一个 USB 无线适配器,用于连接互联网(wlan0),并且 LAN 端口插入另一台 PC,该 PC 通过无线接口连接到互联网。
现在我想设置代理,我已经安装了 squid 并通过一些简单的配置运行它。下面是我当前的squid配置文件没有评论:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl mynetwork src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow mynetwork
http_access deny all
http_port 3128
http_port 3129 intercept
cache_dir ufs /var/spool/squid 500 16 256
refresh_pattern -i \.(gif|png|jpeg|ico)$ 3600 90% 43200
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
首先,我想让它成为透明代理,而不需要配置每个浏览器的设置,但在阅读了很多教程,解释了如何从一个端口重定向到另一个端口后,没有一个不起作用,因为代理不会记录 PC 中的活动访问日志文件。
我的纳特 表:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3129
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
我的筛选 桌子:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
总之,我遗漏了一些配置?或者这个 iptable 规则不适合我的目的?