>показывай конфиг сквида, только без лишних комментариев плыз
Если совсем без...
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
maximum_object_size 32096 KB
cache_dir ufs /usr/local/squid/var/cache 500 16 256
emulate_httpd_log on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
# acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
# acl Safe_ports port 1025-65535 # unregistered ports 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#MY_RULES: NO(porn; banners)
acl bob src 192.168.1.5/32 #понять меня можно - это я
acl Banners url_regex '/usr/local/squid/etc/ba'
acl Porno url_regex '/usr/local/squid/etc/por'
acl NoBanners url_regex '/usr/local/squid/etc/noba'
http_access allow bob
http_access allow NoBanners
http_access deny Banners
http_access deny Porno
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#For liubiteli miltimedii
acl multimedia urlpath_regex -i \.mp3$ \.mpeg$ \.avi$ \.mov$ \.rm$
delay_pools 1
delay_class 1 1
delay_access 1 allow multimedia
delay_access 1 deny all
delay_parameters 1 1000/1000
Ну и, на всякий случай, правила маскарадинга:
#!/bin/sh
all="0.0.0.0/0"
ipchains -F
ipchains -X
ipchains -A input -i lo -j ACCEPT
ipchains -A output -i lo -j ACCEPT
ipchains -P forward ACCEPT
ipchains -M -S 7200 10 60
ipchains -N vhod
ipchains -A input -i eth0 -j vhod
ipchains -A vhod -s 192.168.0.0/255.255.0.0 -j DENY -l
ipchains -A forward -s 192.168.1.0/24 -p ICMP -j MASQ
# Transparent proxy
ipchains -A input -p tcp -d 192.168.1.1/32 www -j ACCEPT
ipchains -A input -p tcp -d 0/0 www -j REDIRECT 3128
ipchains -N res
ipchains -A res -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 domain -j MASQ
ipchains -A res -p udp -s 192.168.1.0/24 -d 0.0.0.0/0 domain -j MASQ
ipchains -A res -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 smtp -j MASQ
ipchains -A res -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 nntp -j MASQ
ipchains -A res -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 pop3 -j MASQ
ipchains -A res -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 5190 -j MASQ
ipchains -A res -s 192.168.1.0/24 -d 0.0.0.0/0 -j DENY -l
ipchains -A forward -s 192.168.1.0/24 -j res