Le script de configuration du proxy SQUID

 ____________________________________________________

TABLE DES MATIERES :

1.    Configuration. 1

2.    NAT destination + redirect 1

3.    NAT source + redirect 2

____________________________________________________

1.     Configuration

#LAN

LAN_ADDR=***.***.*.*/**

#PROXY

PROXY_ADDR=***.***.*.***

 

#SERVER NNTP

NNTP_ADDR=***.**.**.**.**

 

#SERVER SMTP

SMTP_ADDR=***.**.**.**

 

#SERVER POP3

POP3_ADDR=***.**.**.**

 

#SERVER DNS

DNS_ADDR=***.*.*.**

 

# Mandrake-Security : if you remove this comment, remove the next line too.

echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

echo 1 > /proc/sys/net/ipv4/ip_forward

 

#Flush IP tables NAT

 

iptables -t nat -F

 

 

2.     NAT destination + redirect

#SMTP

iptables -t nat -A PREROUTING -i eth0 -s $LAN_ADDR -p tcp --dport smtp -j DNAT --to-destination $SMTP_ADDR         #server SMTP

iptables -t nat -A PREROUTING -i eth0 -s $LAN_ADDR -p udp --dport smtp -j DNAT --to-destination $SMTP_ADDR        #server SMTP

 

#NNTP

iptables -t nat -A PREROUTING -i eth0 -s $LAN_ADDR -p tcp --dport nntp -j DNAT --to-destination $NNTP_ADDR         #server NNTP

iptables -t nat -A PREROUTING -i eth0 -s $LAN_ADDR -p udp --dport nntp -j DNAT --to-destination $NNTP_ADDR        #server NNTP

 

#POP3

iptables -t nat -A PREROUTING -i eth0 -s $LAN_ADDR -p tcp --dport pop3 -j DNAT --to-destination $POP3_ADDR         #server POP3

iptables -t nat -A PREROUTING -i eth0 -s $LAN_ADDR -p udp --dport pop3 -j DNAT --to-destination $POP3_ADDR        #server POP3

 

#DNS

iptables -t nat -A PREROUTING -i eth0 -s $LAN_ADDR -p udp --dport domain -j DNAT --to-destination $DNS_ADDR       #server DNS

 

 

3.     NAT source + redirect

#SMTP

iptables -t nat -A POSTROUTING -s $LAN_ADDR -p tcp --dport smtp -j SNAT --to-source $PROXY_ADDR                      #proxy SMTP

iptables -t nat -A POSTROUTING -s $LAN_ADDR -p udp --dport smtp -j SNAT --to-source $PROXY_ADDR                     #proxy SMTP

 

#NNTP

iptables -t nat -A POSTROUTING -s $LAN_ADDR -p tcp --dport nntp -j SNAT --to-source $PROXY_ADDR                      #proxy NNTP

iptables -t nat -A POSTROUTING -s $LAN_ADDR -p udp --dport nntp -j SNAT --to-source $PROXY_ADDR                     #proxy NNTP

 

#POP3

iptables -t nat -A POSTROUTING -s $LAN_ADDR -p tcp --dport pop3 -j SNAT --to-source $PROXY_ADDR                      #proxy POP3

iptables -t nat -A POSTROUTING -s $LAN_ADDR -p udp --dport pop3 -j SNAT --to-source $PROXY_ADDR                     #proxy POP3

 

#DNS

iptables -t nat -A POSTROUTING -s $LAN_ADDR -p udp --dport domain -j SNAT --to-source $PROXY_ADDR                 #proxy DNS