pf+squid配置

pf.conf
#       $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
 
ext_if="rl1"
int_if="rl0"
lan_net="192.3.88.0/24"
Admin="192.3.88.15"
 
# --- Define Table
table <leader> persist file "/etc/leader_user"
table <software> persist file "/etc/software_user"
 
# --- Option
set block-policy drop
set loginterface $ext_if
scrub in all
 
# --- Queue
altq on $ext_if cbq bandwidth 2Mb queue {other, Admin}
queue other bandwidth 1Mb cbq(default)
queue Admin bandwidth 1Mb priority 3 cbq(borrow)
 
# --- NAT
nat on $ext_if from $Admin  -> ($ext_if:0)
nat on $ext_if from <software> -> ($ext_if:0)
 
# --- Redirection
rdr on $ext_if proto tcp from any to $ext_if port 22 -> 192.3.88.3 port 22
rdr on $int_if proto tcp from $Admin to $int_if port 8888  -> 192.168.42.1 port 8888
rdr on $int_if proto tcp from $Admin to any port 21  -> 127.0.0.1 port 8021
#rdr on $int_if proto tcp from <leader> to any port 80 -> $int_if port 75626
rdr on $int_if inet proto tcp from <leader> to any port 80 -> 192.3.88.1 port 8081
 
# --- Block All
block out  on $ext_if from $lan_net to any
block in on $ext_if from any to $lan_net
pass quick on lo0 all
 
# ---- Manager SSH
block  in  on $int_if  proto tcp  from $lan_net to $int_if port 22
pass   in  on $int_if  proto tcp  from $Admin   to $int_if port 22 keep state
 
# --- Pass Administrator
pass out on  $ext_if from $Admin to any keep state queue Admin
 
# --- Pass Table <software>
pass out on  $ext_if from <software> to any keep state queue Admin

squid.conf
############################################# ### ports
http_port 192.3.88.1:8081
icp_port 0
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
 
### cache dir
cache_dir ufs /var/squid/cache/ 530 16 256
cache_mem 12 MB
cache_store_log none
cache_aclearcase/" target="_blank" >ccess_log /dev/null
cache_log /dev/null
emulate_httpd_log on
unlinkd_program /usr/local/libexec/unlinkd
 
### ip cache
ipcache_size 1024
ipcache_low 90
ipcache_high 95
 
### cache user
cache_effective_user _squid
cache_effective_group _squid
 
##### timeout
connect_timeout 2 minutes
peer_connect_timeout 30 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minute
client_lifetime 1 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
 
###  FTP
#ftp_user Squid@
#ftp_list_width 32
#ftp_passive on
#ftp_sanitycheck on
 
### cache admin
visible_hostname OpenBSD
cache_mgr DocBook2004@gmail.com
cachemgr_passwd building
 
####
acl mynet src 192.3.88.0/24
acl admin src 192.3.88.15
acl waygate src 192.3.88.1
acl all src 0.0.0.0/0.0.0.0
acl file urlpath_regex -i \.mp3$ \.avi$ \.zip$ \.exe$ \.rar$ \.rm$ \.wam$ \.pdf$
 
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
 
http_access allow waygate
http_access allow admin
http_access deny file
http_access allow mynet
http_access deny all
 
 
### disk swap
cache_swap_high 95
cache_swap_low 90
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4 KB
 
### cache time
refresh_pattern -i .html 1440 80% 129600 reload-into-ims
refresh_pattern -i .shtml 1440 80% 129600 reload-into-ims
refresh_pattern -i .hml 1440 80% 129600 reload-into-ims
refresh_pattern -i .gif 1440 80% 129600 reload-into-ims
refresh_pattern -i .swf 1440 80% 129600 reload-into-ims
refresh_pattern -i .jpg 1440 80% 129600 reload-into-ims
refresh_pattern -i .png 1440 80% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 80% 129600 reload-into-ims
refresh_pattern -i .js 1440 80% 129600 reload-into-ims
 
#refresh_pattern ^ftp: 1440 90% 129600
#refresh_pattern ^gopher: 1440 90% 129600
#refresh_pattern . 0 90% 129600
 
### httpd
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

原文转自：http://www.ltesting.net