mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Add squid.conf info to Squid doc
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5204 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
5190e3b699
commit
89b621246d
@ -294,13 +294,15 @@
|
|||||||
the following</para>
|
the following</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<para><filename>/etc/shorewall/tunnels</filename> — System A:</para>
|
<para><filename><filename>/etc/shorewall/tunnels</filename></filename> —
|
||||||
|
System A:</para>
|
||||||
|
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
||||||
ipsec net 134.28.54.2
|
ipsec net 134.28.54.2
|
||||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/tunnels</filename> — System B:</para>
|
<para><filename><filename>/etc/shorewall/tunnels</filename></filename> —
|
||||||
|
System B:</para>
|
||||||
|
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
||||||
ipsec net 206.162.148.9
|
ipsec net 206.162.148.9
|
||||||
@ -320,8 +322,8 @@ ipsec net 206.162.148.9
|
|||||||
zone called <quote>vpn</quote> to represent the remote subnet.</para>
|
zone called <quote>vpn</quote> to represent the remote subnet.</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<para><filename>/etc/shorewall/zones</filename> — Systems A and
|
<para><filename><filename>/etc/shorewall/zones</filename></filename> —
|
||||||
B:</para>
|
Systems A and B:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||||
# OPTIONS OPTIONS
|
# OPTIONS OPTIONS
|
||||||
@ -340,13 +342,13 @@ net ipv4
|
|||||||
from the HOSTS column.</para>
|
from the HOSTS column.</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<para>/etc/shorewall/hosts — System A</para>
|
<para><filename>/etc/shorewall/hosts</filename> — System A</para>
|
||||||
|
|
||||||
<programlisting>#ZONE HOSTS OPTIONS
|
<programlisting>#ZONE HOSTS OPTIONS
|
||||||
vpn eth0:10.0.0.0/8,134.28.54.2 <emphasis role="bold"> ipsec</emphasis>
|
vpn eth0:10.0.0.0/8,134.28.54.2 <emphasis role="bold"> ipsec</emphasis>
|
||||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
||||||
|
|
||||||
<para>/etc/shorewall/hosts — System B</para>
|
<para><filename>/etc/shorewall/hosts</filename> — System B</para>
|
||||||
|
|
||||||
<programlisting>#ZONE HOSTS OPTIONS
|
<programlisting>#ZONE HOSTS OPTIONS
|
||||||
vpn eth0:192.168.1.0/24,206.162.148.9 <emphasis role="bold">ipsec</emphasis>
|
vpn eth0:192.168.1.0/24,206.162.148.9 <emphasis role="bold">ipsec</emphasis>
|
||||||
@ -494,7 +496,7 @@ sec ipsec mode=tunnel <emphasis role="bold">mss=1400</emphasis
|
|||||||
called <quote>vpn</quote> to represent the remote host.</para>
|
called <quote>vpn</quote> to represent the remote host.</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<para>/etc/shorewall/zones — System A</para>
|
<para><filename>/etc/shorewall/zones</filename> — System A</para>
|
||||||
|
|
||||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||||
# OPTIONS OPTIONS
|
# OPTIONS OPTIONS
|
||||||
@ -524,7 +526,7 @@ ipsec net 0.0.0.0/0 vpn
|
|||||||
file:</para>
|
file:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<para>/etc/shorewall/hosts — System A:</para>
|
<para><filename>/etc/shorewall/hosts</filename> — System A:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE HOSTS OPTIONS
|
<programlisting>#ZONE HOSTS OPTIONS
|
||||||
vpn eth0:0.0.0.0/0
|
vpn eth0:0.0.0.0/0
|
||||||
@ -537,7 +539,7 @@ vpn eth0:0.0.0.0/0
|
|||||||
<para>On the laptop:</para>
|
<para>On the laptop:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<para>/etc/shorewall/zones - System B:</para>
|
<para><filename>/etc/shorewall/zones</filename> - System B:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||||
# OPTIONS OPTIONS
|
# OPTIONS OPTIONS
|
||||||
@ -546,13 +548,13 @@ net ipv4
|
|||||||
loc ipv4
|
loc ipv4
|
||||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
||||||
|
|
||||||
<para>/etc/shorewall/tunnels - System B:</para>
|
<para><filename>/etc/shorewall/tunnels</filename> - System B:</para>
|
||||||
|
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
||||||
ipsec net 206.162.148.9 vpn
|
ipsec net 206.162.148.9 vpn
|
||||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
|
||||||
|
|
||||||
<para>/etc/shorewall/hosts - System B:</para>
|
<para><filename>/etc/shorewall/hosts</filename> - System B:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE HOSTS OPTIONS
|
<programlisting>#ZONE HOSTS OPTIONS
|
||||||
vpn eth0:0.0.0.0/0
|
vpn eth0:0.0.0.0/0
|
||||||
@ -562,7 +564,7 @@ vpn eth0:0.0.0.0/0
|
|||||||
<para>On system A, here are the IPSEC files:</para>
|
<para>On system A, here are the IPSEC files:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<para>/etc/racoon/racoon.conf - System A:</para>
|
<para><filename>/etc/racoon/racoon.conf</filename> - System A:</para>
|
||||||
|
|
||||||
<programlisting>path certificate "/etc/certs" ;
|
<programlisting>path certificate "/etc/certs" ;
|
||||||
|
|
||||||
@ -599,7 +601,7 @@ sainfo <emphasis role="bold">anonymous</emphasis>
|
|||||||
compression_algorithm deflate ;
|
compression_algorithm deflate ;
|
||||||
}</programlisting>
|
}</programlisting>
|
||||||
|
|
||||||
<para>/etc/racoon/setkey.conf - System A:</para>
|
<para><filename>/etc/racoon/setkey.conf</filename> - System A:</para>
|
||||||
|
|
||||||
<programlisting>flush;
|
<programlisting>flush;
|
||||||
spdflush;</programlisting>
|
spdflush;</programlisting>
|
||||||
@ -725,7 +727,7 @@ spdadd 192.168.20.10/32 192.168.20.40/32 any -P out ipsec esp/transport/192.168.
|
|||||||
spdadd 192.168.20.40/32 192.168.20.10/32 any -P in ipsec esp/transport/192.168.20.40-192.168.20.10/require;
|
spdadd 192.168.20.40/32 192.168.20.10/32 any -P in ipsec esp/transport/192.168.20.40-192.168.20.10/require;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>/etc/racoon/psk.txt:</para>
|
<para><filename>/etc/racoon/psk.txt</filename>:</para>
|
||||||
|
|
||||||
<programlisting>192.168.20.20 <key for 192.168.20.10<->192.168.20.20>
|
<programlisting>192.168.20.20 <key for 192.168.20.10<->192.168.20.20>
|
||||||
192.168.20.30 <key for 192.168.20.10<->192.168.20.30>
|
192.168.20.30 <key for 192.168.20.10<->192.168.20.30>
|
||||||
@ -744,20 +746,20 @@ spdadd 192.168.20.40/32 192.168.20.10/32 any -P in ipsec esp/transport/192.168.
|
|||||||
net eth0 detect routefilter,dhcp,tcpflags
|
net eth0 detect routefilter,dhcp,tcpflags
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</programlisting>
|
||||||
|
|
||||||
<para>/etc/shorewall/tunnels:</para>
|
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
||||||
|
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY
|
||||||
# ZONE
|
# ZONE
|
||||||
ipsec:noah net 192.168.20.0/24 loc</programlisting>
|
ipsec:noah net 192.168.20.0/24 loc</programlisting>
|
||||||
|
|
||||||
<para>/etc/shorewall/zones:</para>
|
<para><filename>/etc/shorewall/zones</filename>:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
<programlisting>#ZONE TYPE OPTIONS IN OUT
|
||||||
# OPTIONS OPTIONS
|
# OPTIONS OPTIONS
|
||||||
loc ipsec mode=transport
|
loc ipsec mode=transport
|
||||||
net ipv4</programlisting>
|
net ipv4</programlisting>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/hosts</filename>:</para>
|
<para><filename><filename>/etc/shorewall/hosts</filename></filename>:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE HOST(S) OPTIONS
|
<programlisting>#ZONE HOST(S) OPTIONS
|
||||||
loc eth0:192.168.20.0/24
|
loc eth0:192.168.20.0/24
|
||||||
|
@ -61,8 +61,29 @@
|
|||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>In all cases, Squid should be configured to run as a
|
<para>In all cases, Squid should be configured to run as a
|
||||||
transparent proxy as described at <ulink
|
transparent proxy as described at <ulink
|
||||||
url="http://www.tldp.org/HOWTO/TransparentProxy.html">http://www.tldp.org/HOWTO/TransparentProxy.html</ulink>.</para>
|
url="http://www.tldp.org/HOWTO/TransparentProxy.html">http://www.tldp.org/HOWTO/TransparentProxy.html</ulink>.</para>
|
||||||
|
|
||||||
|
<para>The essence of this article is that you need the following in
|
||||||
|
your squid.conf:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>httpd_accel_host virtual</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>httpd_accel_port 80</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>httpd_accel_with_proxy on</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>httpd_accel_uses_host_header on</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -249,4 +270,4 @@ ACCEPT loc $FW tcp 8080
|
|||||||
ACCEPT $FW net tcp 80,443</programlisting></para>
|
ACCEPT $FW net tcp 80,443</programlisting></para>
|
||||||
</example>
|
</example>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
Loading…
Reference in New Issue
Block a user