squid随机出口IP配置

2025-10-31 Linux YY.K Permalink 
yum -y install squid
mkdir -p /var/log/squid/{logs,coredump_dir,cache_dir}
chown squid.squid -R  /var/log/squid/
for i in `hostname -I`; do echo tcp_outgoing_address ${i} random_ip;done > /etc/squid/ip.list
systemctl enable squid 


cat>/etc/squid/squid.conf<<EOF
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#白名单
include /etc/squid/allow.list

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# set out - ip 配置出口IP
#acl localnet src 0.0.0.0/0

acl random_ip random 1/2
acl random_ip random 1/3
acl random_ip random 1/4
acl random_ip random 1/5
acl random_ip random 1/6
acl random_ip random 1/7
acl random_ip random 1/8
acl random_ip random 1/9
acl random_ip random 1/10
acl random_ip random 1/11
acl random_ip random 1/12
acl random_ip random 1/13
acl random_ip random 1/14
acl random_ip random 1/15
acl random_ip random 1/16
acl random_ip random 1/17
acl random_ip random 1/18
acl random_ip random 1/19
acl random_ip random 1/20

server_persistent_connections off

http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowip
http_access deny all

# 设置代理端口
http_port 3228
include /etc/squid/ip.list

dns_nameservers 8.8.8.8
visible_hostname aliserver

request_header_access Via deny all
request_header_access X-Forwarded-For deny all

cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/log/squid/cache_dir 100 16 256
cache_access_log /var/log/squid/logs/access.log
cache_log /var/log/squid/logs/cache.log
cache_store_log /var/log/squid/logs/store.log
coredump_dir /var/log/squid/coredump_dir
pid_filename /var/log/squid/squid.pid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
EOF

添加白名单IP段

addlist(){
echo  "acl allowip src $1">> /etc/squid/allow.list
}
addlist 123.456.789.0/24  #添加白名单IP段

 

 

 

proxy, squid