三年前搞过一个基于debian的高级网关路由,使用的是iptable+squid+apche+pptpd+bind
实现了透明代理,简单访问web页面加速,dns解析加速,访问控制和VPN呼入。
现在我在的公司暂时还没有自己的dns,所以我使用redhat 简单架设了一个squid+bind cache服务。
由于前些日子已经在内网部署了yum服务,安装比较简单
yum install caching-nameserver
yum install squid
/etc/named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
// query-source-v6 port 53;
max-cache-size 40M;
max-cache-ttl 86400;
max-ncache-ttl 166000;
allow-query { localhost;192.168.1.0/24 };
recursion yes;
//forwarders {202.98.96.68;};
forwarders {61.139.2.69;202.98.96.68;};
forward only;
/etc/squid/squid.conf
cache_mgr
http_port 127.0.0.1:3128
cache_mem 112 MB
cache_swap_low 80
cache_swap_high 95
maximum_object_size 5096 KB
cache_dir ufs /var/spool/squid 2200 16 256
access_log none
emulate_httpd_log on
refresh_pattern -i \.gif$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.jpg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.png$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.css$ 10 50% 60 reload-into-ims
refresh_pattern -i \.js$ 10 50% 60 reload-into-ims
refresh_pattern -i \.xml$ 10 50% 30 reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
阅读(931) | 评论(0) | 转发(0) |