Имеем unix:~# squid -v
Squid Cache: Version 2.6.STABLE5
configure options: '--prefix=/usr/local' '--enable-icmp' '--enable-delay-pools' '--enable-snmp' '--enable-default-err-language=Russian-1251' '--enable-err-languages=Russian-1251 Russian-koi8-r English' '--enable-auth=ntlm basic' '--enable-basic-auth-helpers=SMB multi-domain-NTLM PAM NCSA' '--enable-ntlm-auth-helpers=SMB' '--enable-ntlm-fail-open' '--enable-external-acl-helpers=wbinfo_group session unix_group ip_user'в конфиге пишем
http_port 3128 transparent
.
.
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="DOMAIN\\allowinet"
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="DOMAIN\\allowinet"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
.
.
.
acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.0.0/24
acl squidusers proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
.
.
http_access allow localnet
http_access allow squidusers
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
В фаерволе
unix:~# ipfw show
00100 15234 8969128 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from 192.168.0.0/24 to any in via em0
00500 0 0 deny ip from 195.131.188.0/24 to any in via em1
00600 0 0 deny ip from any to 10.0.0.0/8 via em0
00700 0 0 deny ip from any to 172.16.0.0/12 via em0
00800 0 0 deny ip from any to 192.168.0.0/16 via em0
00900 0 0 deny ip from any to 0.0.0.0/8 via em0
01000 0 0 deny ip from any to 169.254.0.0/16 via em0
01100 0 0 deny ip from any to 192.0.2.0/24 via em0
01200 0 0 deny ip from any to 224.0.0.0/4 via em0
01300 0 0 deny ip from any to 240.0.0.0/4 via em0
01500 190 19969 divert 8668 ip from any to any via em0
01600 0 0 allow ip from any to 84.204.56.210
01700 0 0 allow ip from 84.204.56.210 to any
01800 0 0 deny ip from 10.0.0.0/8 to any via em0
01900 0 0 deny ip from 172.16.0.0/12 to any via em0
02000 0 0 deny ip from 192.168.0.0/16 to any via em0
02100 0 0 deny ip from 0.0.0.0/8 to any via em0
02200 0 0 deny ip from 169.254.0.0/16 to any via em0
02300 0 0 deny ip from 192.0.2.0/24 to any via em0
02400 0 0 deny ip from 224.0.0.0/4 to any via em0
02500 0 0 deny ip from 240.0.0.0/4 to any via em0
02600 82168 36376479 allow tcp from any to any established
02700 0 0 allow ip from any to any frag
02800 0 0 allow tcp from any to 1хх.1хх.188.87 dst-port 25,110 setup
02900 0 0 allow tcp from 1хх.1хх.188.87 25,110 to any
.
.
04200 32 2496 allow icmp from any to any
04400 3 144 deny log logamount 20 tcp from any to any in via em0 setup
04500 1855 93968 allow tcp from any to any setup
04600 0 0 allow udp from 1хх.1хх.188.87 to any dst-port 53 keep-state
04700 0 0 allow udp from 1хх.1хх.188.87 53 to any
04800 878 64627 allow udp from 192.168.0.0/24 to any dst-port 53
04900 878 108986 allow udp from any 53 to 192.168.0.0/24
05000 0 0 allow udp from 1хх.1хх.188.87 to any dst-port 123 keep-state
65535 102387 10097537 deny ip from any to any
если я делаю
ipfw add 1400 fwd 192.168.0.20,3128 tcp from 192.168.0.0/24 to any dst-port 80
(192.168.0.20 - это адрес проксятника...)
То авторизация перестает работать...
Что делать?
Вариант для распечатки
Настройка Squid и других прокси серверов (Public)
(ok) on 08-Авг-07, 12:59 
