mysql squid_iptable +squid 做mysql的代理

mysql有时候要从不同地方连接但是可能出现要用代理的情况

在代理机器上我们要做的是下面的工作

1，安装一个squid启动一个3306的端口 其他的不要安排

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localnet

http_access allow localhost

http_access deny all

http_port 3306

hierarchy_stoplist cgi-bin ?

coredump_dir /usr/local/squid/var/cache

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

2，开启iptables的相应转发NAT

(1)，转发的话一定要开启NAT转发功能ip_forward要启动

#!/bin/bash

modprobe ip_tables

modprobe ip_nat_ftp

modprobe ip_conntrack

modprobe ip_conntrack_ftp

echo 1>/proc/sys/net/ipv4/ip_forward

iptables -t nat -F

iptables -F

iptables -F -t nat

iptables -t nat -A PREROUTING -d 192.168.18.140 -p tcp --dport 3306 -j DNAT --to-destination 192.168

.18.97:3306

iptables -t nat -A POSTROUTING -d 192.168.18.97 -p tcp --dport 3306 -j SNAT --to 192.168.18.140

最好是在/etc/sysctl.conf

修改#

Controls the use of TCP syncookies

net.ipv4.tcp_syncookies = 1

这样就一切搞定