Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to understand Suse agent SQUID, the content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Now a lot of users are using Suse, the problem also arises, today I will talk about the role and advantages of Suse agent SQUID,SQUID. There are a lot of searches on the Internet. But my experience may be a little bit. I still know a little bit about the SUSE agent SQUID. This article will give you a brief description of Suse agent SQUID. First introduce the network structure of the company.

PC- > SWITCH (stupid)-> Router (H3C 18 series)-> ISP. This network structure should be the topological structure adopted by most small and medium-sized enterprises. Some time ago, the company asked to seal the QQ of some employees, which has been basically realized. Because the router and some firewalls do not have the function of sealing domain names. The leader of the company asked to seal some domain names. If ACL is added to the routing policy to refuse access to the domain name, first, the workload is too heavy, there may be more than N IP of a website, the scope of sealing is wide, and the scope is small and there is a leak. Therefore, without changing the local area network PC network configuration, add a proxy server. So I choose SQUID under LINUX. Needless to say about installation. YAST directly, and then adjust the startup level, generally choose 3, 5, which is fine.

After installation, the configuration file of SQUID defaults to / etc/squid/squid.conf, open it. Dizzy. more than 4000 lines, but in fact, the total number of lines that really need to be configured will not exceed 20 lines. The basic requirements are as follows:

1.http_port 3128 transparent this is the listening port for configuring the proxy server. The default is 3128. The following transparent stands for running in transparent mode. If you install version 2.6 below. If you want to configure it in proxy mode, write a few more lines. Let's not talk about it here. Now that you have installed it, install a higher version, or you can add an IP in front of the port number, such as http_port 172.20.0.1 transparent 3128

2.cache_mem 256 MB

This is the size of the cache memory. Of course, you can block this. However, one of the advantages of the proxy server is to improve the speed of the local area network to access web pages. Is the use of the cache. So it is recommended to open some options.

3.cache_dir ufs / var/cache/squid 1000 16 256

This is the cached path and directory size, as well as the number of directories below. This thing is quite esoteric, and that's how I understand it. I set the size according to the actual capacity of the hard disk space.

Cache_log / var/log/squid/cache.log

Cache_store_log / var/log/squid/store.log

Emulate_httpd_log on

The first two sentences above are SQUID-related logs, it is recommended to open them, so that you can easily check when there is a problem. The third sentence says

Access.log file format, which has two formats: the normal format and the original format. The normal format is similar to the log format of most HTTP servers, such as Apache. It contains less information than the original format of Squid. However, if you run Squid in proxy mode, you may want the normal log file format. The common format may also be useful for your existing log file analysis tools.

4. The following is the concrete embodiment of the function I want to achieve.

Acl all src 0.0.0.0amp 0 # allow all addresses

Acl allow_lan src 0.0.0.0/0

Acl leixing urlpath_regex-I\ .rmvb$\ .ram$\ .rm$\ .torrent$\ .wav$\ .avi$\ .wma$ # define an ACL with the name leixing, and set the extension of some files

Http_access deny leixing # refuses leixing ACL to download the file with the extension contained above. He he。

Acl denyurl url_regex "/ etc/squid/denyurl.txt" # I defined a denyurl.txt file that contains rejected domain names. The mode of this text file is .XXX.com, such as Kaixin001.com. Www.kaixin001.com is .kaixin001.com, with one domain name on one line.

Acl denyip dstdom_regex "/ etc/squid/denyip.txt" # defines an ACL with the name denyip.

Http_access deny denyurl # # for the ACL defined above, adopt a reject policy.

Http_access deny denyip

Http_access allow allow_lan

Up to now, it is basically able to operate normally. Let me show you the effect.

The agent is now basically set up. But there is also a key question is how to put on the normal operation of the network. Because my premise is not to change the LAN user's IP premise.

I put this agent between the router and the ISP. This requires changing the exit IP of the router and setting a private address for the network card that connects the router to the proxy server. Add an intranet card that is routed to the proxy server by default on the router, and add a gateway with a default route to ISP on the proxy server. Another key step is to set up a return route on the proxy server, otherwise it will not be able to surf the Internet. I have been depressed about this for a long time. For example, the IP of my local area network passing through the router is 60.60.60.1 IP 192. You must set a target address on the proxy server that is 60.60.60.1 Universe 192. The default gateway is the router's external network card, that is, the address of the network card connected to the proxy server.

And then be an iptables.

Just add a policy. Iptables-t nat-A PREROUTING-I eht1-p tcp tcp-- dport 80-j REDIRECT-- to-port 3128

The above eth2 refers to the network card that the proxy server is connected to the router, that is, the intranet card.

We can start, stop, and reload the configuration file through / etc/init.d/squid start/stop/reload. After reading the whole article, have you learned: Suse agent SQUID.

On how to understand the Suse agent SQUID to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.