acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.0/8
acl to_localhost dst 127.0.0.0/8
acl kolyan src x.x.x.209/32 # адрес смотрящий во внешнюю сеть, eth1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl snmppublic snmp_community mocat
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow to_localhost
http_access allow all
http_access deny all
icp_access allow all
http_port x.x.x.203:3128 transparent # адрес внутреннего интерфейса eth0
hierarchy_stoplist cgi-bin ?
cache_mem 8 MB
maximum_object_size_in_memory 8 KB
cache_dir ufs /squid 204800 32 512
maximum_object_size 4096 KB
access_log /var/log/squid/access.log squid
debug_options ALL,1
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname test
snmp_port 3401
snmp_access allow all
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
always_direct allow localhost
always_direct deny all
check_hostnames off
forwarded_for on
coredump_dir /var/spool/squid

# Generated by iptables-save v1.3.5 on Wed Apr 20 16:59:35 2011
*filter
:INPUT ACCEPT [301174:254193373]
:FORWARD ACCEPT [124490:50207961]
:OUTPUT ACCEPT [203623:250535465]
-A INPUT -i lo -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT
COMMIT
# Completed on Wed Apr 20 16:59:35 2011
# Generated by iptables-save v1.3.5 on Wed Apr 20 16:59:35 2011
*nat
:PREROUTING ACCEPT [29366:1815479]
:POSTROUTING ACCEPT [8122:573902]
:OUTPUT ACCEPT [6399:414631]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8000 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8001 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8081 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8100 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8101 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 21 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 70 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 210 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 280 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 488 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 591 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 777 -j REDIRECT --to-ports 3128
COMMIT
# Completed on Wed Apr 20 16:59:35 2011