iptable+nat+squid进行透明代理

服务器端配置
ip:172.16.100.242
mask:255.255.255.0
gw:172.16.100.242
dns:172.16.100.42

[root@knight squid]# grep -v "#" /etc/squid/squid.conf|grep -n -v "^$"
21:hierarchy_stoplist cgi-bin ?
23:acl QUERY urlpath_regex cgi-bin \?
24:no_cache deny QUERY
28: cache_mem 8 MB
30: cache_swap_low 90
31: cache_swap_high 95
33: maximum_object_size 4096 KB
35: minimum_object_size 0 KB
37: maximum_object_size_in_memory 8 KB
45: cache_dir ufs /var/spool/squid 100 16 256
47: cache_access_log /var/log/squid/access.log
49: cache_log /var/log/squid/cache.log
51: cache_store_log /var/log/squid/store.log
76: dns_nameservers 172.16.100.42
86:auth_param basic children 5
87:auth_param basic realm Squid proxy-caching web server
88:auth_param basic credentialsttl 2 hours
89:auth_param basic casesensitive off
100:refresh_pattern ^ftp:               1440    20%     10080
101:refresh_pattern ^gopher:    1440    0%      1440
102:refresh_pattern .           0       20%     4320
124:acl all src 0.0.0.0/0.0.0.0
125:acl mynet src 172.16.100.0/24
126:acl mynet src 172.16.4.0/24
127:acl manager proto cache_object
128:acl localhost src 127.0.0.1/255.255.255.255
129:acl to_localhost dst 127.0.0.0/8
130:acl SSL_ports port 443 563
131:acl CONNECT method CONNECT
133:http_access allow manager localhost
134:http_access allow mynet
135:http_access deny manager
136:http_access deny !Safe_ports
137:http_access deny CONNECT !SSL_ports
140:http_access allow localhost
141:http_access deny all
143:http_reply_access allow all
145:icp_access allow all
159:visible_hostname linux
169: httpd_accel_port 80
170: httpd_accel_host virtual
173: httpd_accel_with_proxy on
175: httpd_accel_uses_host_header on
236:coredump_dir /var/spool/squid

service squid start
service named start

将以下内容写到/etc/rc.local文件末尾
iptables -t nat -A PREROUTING -s 172.16.100.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -s 172.16.100.0/255.255.255.0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
echo "1" > /proc/sys/net/ipv4/ip_forward

查看日志：tail -f /var/log/squid/access.log

客户端配置：
ip:172.16.100.192
mask:255.255.255.0
gw:172.16.100.242
dns:172.16.100.242
直接打开浏览器上网就OK啦！