Debian/树莓派Raspberry Pi加速上网体验之设置Squid3透明代理

!本文可能 超过1年没有更新,今后内容也许不会被维护或者支持,部分内容可能具有时效性,涉及技术细节或者软件使用方面,本人不保证相应的兼容和可操作性。

上一篇文章介绍了如何通过设置DNS服务器来加速上网体验,今天我要向大家介绍的是如何设置透明代理实现HTTP的缓存,稍后将介绍如何过滤屏蔽相关广告站点。

首先我们已经配置好了无线热点,如果不清楚的话可以参考我前面的文章,配置好的效果是通过无线网卡连接到树莓派,然后流量经过wlan0网卡转到eth0然后出口,也就是说eth0相当于我们路由器的WAN口,而wlan0相当于局域网LAN口,理清这个关系后下面我们继续。

首先要安装squid3,这里可以直接通过下面的命令进行:

apt-get install squid3

之前大家应该记得我设置无线路由功能时使用了下面的iptables配置:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

如果我们已经做了上述配置,那么下面只要再运行一条iptables命令就可以把80端口的流量转到squid3的3128端口了:

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-ports 3128

替换之前我们设置的iptables.ipv4.nat,当然先备份一下:

sudo mv /etc/iptables.ipv4.nat /etc/iptables.ipv4.nat.old
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

做完上述命令后你会发现现在所有的网页都出现了squid的默认拒绝访问的画面,说明squid3已经开始工作了,下面我们需要对其进行配置,参考如下的patch编辑配置文件/etc/squid3/squid.conf

-- /etc/squid3/squid.conf.orig 2013-02-25 11:31:23.839560066 +1300
+++ /etc/squid3/squid.conf      2013-02-26 09:07:15.388951441 +1300
@@ -702,6 +702,7 @@
 #acl localnet src 192.168.0.0/16       # RFC1918 possible internal network
 #acl localnet src fc00::/7       # RFC 4193 local private network range
 #acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+acl localnet src 192.168.42.0/24
 
 acl SSL_ports port 443
 acl Safe_ports port 80         # http
@@ -828,7 +829,7 @@
 # We strongly recommend the following be uncommented to protect innocent
 # web applications running on the proxy server who think the only
 # one who can access services on "localhost" is a local user
-#http_access deny to_localhost
+http_access deny to_localhost
 
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
@@ -837,7 +838,7 @@
 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
-#http_access allow localnet
+http_access allow localnet
 http_access allow localhost
 
 # And finally deny all other access to this proxy
@@ -1133,7 +1134,7 @@
 #
 
 # Squid normally listens to port 3128
-http_port 3128
+http_port 3128 intercept
 
 #  TAG: https_port
 # Note: This option is only available if Squid is rebuilt with the
@@ -2073,7 +2074,7 @@
 #      accessed frequently in memory to improve performance whilst low
 #      enough to keep larger objects from hoarding cache_mem.
 #Default:
-# maximum_object_size_in_memory 512 KB
+maximum_object_size 128000 KB
 
 #  TAG: memory_replacement_policy
 #      The memory replacement policy parameter determines which
@@ -2229,7 +2230,7 @@
 #
 
 # Uncomment and adjust the following to add a disk cache directory.
-#cache_dir ufs /var/spool/squid3 100 16 256
+cache_dir ufs /var/spool/squid3 1000 16 256
 
 #  TAG: store_dir_select_algorithm
 #      Set this to 'round-robin' as an alternative.
@@ -2611,7 +2612,7 @@
 #      Note2, for Debian/Linux the default of logfile_rotate is
 #      zero, since it includes external logfile-rotation methods.
 #Default:
-# logfile_rotate 0
+logfile_rotate 10
 
 #  TAG: emulate_httpd_log      on|off
 #      The Cache can emulate the log file format which many 'httpd'
@@ -3673,7 +3674,7 @@
 #      during shutdown mode.  Any active clients after this many
 #      seconds will receive a 'timeout' message.
 #Default:
-# shutdown_lifetime 30 seconds
+shutdown_lifetime 2 seconds
 
 # ADMINISTRATIVE PARAMETERS
 # -----------------------------------------------------------------------------

注意这里maximum_object_size,由于我通过free -m查看发觉内存已经被消耗了200多M了,所以综合考虑我让squid3再用128M作为内存缓存用;cache_dir ufs /var/spool/squid3 1000 16 256根据个人情况设置,我根据存储卡大小设置为1000,也就是1GB。

设置完成后通过squid3 -k parse检查一下有没有错误,没有错误的话直接通过squid3 -k reconfigure加载配置。

现在可以正常浏览网页了吧?

下面讲解如何屏蔽广告站点,首先还是编辑squid3的配置文件/etc/squid3/squid.conf,添加如下内容:

## disable ads ( http://pgl.yoyo.org/adservers/ )
acl ads dstdom_regex "/etc/squid/ad_block.txt"
http_access deny ads
#deny_info TCP_RESET ads

建立广告列表更新脚本ad_servers_newlist.sh

#### Calomel.org  ad_servers_newlist.sh 
#
## get new ad server list
wget -O /etc/squid3/ad_block.txt 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex&showintro=0&mimetype=plaintext'
 
## refresh squid
/usr/sbin/squid3 -k reconfigure

具体的被屏蔽的广告列表见这里,好了,下面需要运行一下这个脚本:

sudo sh ad_servers_newlist.sh

然后任意访问刚才广告列表中列出的网址,看看是不是被squid3拦截了?

参考文档:

2013年12月9日更新

今天在树莓上架设了Web服务器,然后发现在eth0没有联网的情况下,访问这个Web服务会异常缓慢,于是决定改写上面的iptables规则,假设树莓主机wlan0的IP地址是192.168.43.1,我们可以让所有访问这个地址的不进行转发,最终的规则整理如下,当然在操作前建议使用sudo iptables -t nat -F清空先前的设定:

sudo iptables -t nat  -A PREROUTING -i wlan0 -p tcp -d 192.168.43.1 --dport 80 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-ports 3128
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
若无特别说明,本网站文章均为原创,原则上这些文章不允许转载,但是如果阁下是出于研究学习目的可以转载到阁下的个人博客或者主页,转载遵循创作共同性“署名-非商业性使用-相同方式共享”原则,请转载时注明作者出处谢绝商业性、非署名、采集站、垃圾站或者纯粹为了流量的转载。谢谢合作!
请稍后...

发表评论

电子邮件地址不会被公开。 必填项已用*标注