Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to build a Squid proxy server in the Linux system. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

About Squid: Squid is a Unix-based proxy server (proxy server) that caches Internet content closer to the requester than the starting point.

Squid supports caching a variety of different network objects, including those accessed through HTTP and FTP. Caching frequently requires web pages, media files, and other content that speed up response time and reduce bandwidth congestion.

The Squid proxy server (Squid proxy server) is typically installed on a separate server rather than a network server with the original files.

Squid works by tracking the use of objects in the network. Squid initially acted as an intermediary, simply passing customer requirements to the server and storing copies of the required objects.

If the same customer or group of customers requests the same objects when still in the Squid cache (cache), Squid can serve immediately to speed up downloads and save bandwidth.

Squid is a kind of software used to cache Internet data. Accept requests from the target (object) that people need to download and process them appropriately. That is, if a person wants to download a web interface, he asks squid to get the page for him.

The squid then connects to the remote server and makes a request to the page. Squid then explicitly aggregates the data to the client machine and makes a copy at the same time. The next time someone needs the same page, squid can simply read it from disk so that the data is immediately transferred to the client.

Linux system configuration Squid detailed tutorial: lab Environment:

A linux builds a Web server and acts as a private network web server (and also acts as a private network client) 202.100.10.100

One linux system acts as a gateway server and two network cards enable route forwarding 192.168.133.131 and 202.100.10.1

A linux sets up a Web server and acts as a public network web server (as well as a public network client)) 192.168.133.131

The steps of the experiment:

1. Configure the IP addresses of the internal network web server, the gateway server and the external network Web server, turn on the routing and forwarding of the gateway, turn off the firewall of the gateway, test the connectivity between the internal network web server and the external network Web server, and ensure interconnection.

two。 Install the web service of the intranet Web server and the extranet Web server, start the service, and create a new test page

3. Test that the intranet client accesses the extranet web server, and the extranet client accesses the intranet web server

4. Intranet client accesses external network web server

5. The external network client accesses the private network web server

Firewall SNAT and DNAT

1. Intranet client accesses external network web server

two。 View logs on the public network web server

Tail-f / var/log/httpd/access_log

3. Set up address translation at the gateway

Iptables-t nat-A POSTROUTING-s 192.168.133.0 SNAT 24-o eth3-j SNAT-to-source 202.100.10.1

Or iptables-t nat-A POSTROUTING-s 192.168.133.0 take 24-o eth3-j MASQUERADE

4. Once again, access the public network web server in the private network client, and then look at the public network web server. You can see that the IP recorded in the log file is not the IP of the intranet client.

DNAT:

1. Set on the gateway to map the web server of the internal network to the interface of the gateway external network.

Iptables-t nat-A PREROUTING-I eth3-d 202.100.10.1-p tcp-dport 80-j DNAT-to-destination 192.168.133.131

two。 Access the interface IP of the external network of the gateway (in fact, it is to access the web server of the private network)

3. View the log files of the private network web server

Squid proxy server

1. Configure the squid proxy server in the configuration gateway server, install squid, yum install-y squid

1.1 traditional proxy server

Start the squid service service squid start

Because of the squid.conf configuration file, all private IP are allowed to pass by default.

1.2 Intranet clients set up browsers, join agents, and test

Viewing the log file on the public network server, you can see that IP is the IP of the proxy server.

1.3 shut down the proxy server of the gateway server and test it again. The following figure shows that the client accesses the public network web server through the proxy server.

two。 Transparent proxy server

2.1 configure on the gateway server, set transparent proxy and enable caching, vim / etc/squid/squid.conf

Http_port 192.168.133.130 IP 3128 transparent # 192.168.133.130 is the private network interface

Cache_dir ufs / var/spool/squid 100 16 256

Iptables-t nat-A PREROUTING-I eth2-s 192.168.133.0 Universe 24-p tcp-dport 80-j REDIRECT-to-ports 3128 #-I interface is the private network interface-s followed by the private network segment-j followed by REDIRECT (redirect)

2.2 restart the squid service, and then test it on the private client. Cancel the proxy set by the browser in the previous test. The transparent proxy does not need to be set on the client side.

2.3 View logs on the extranet web server

This is how to build a Squid proxy server in the Linux system shared by Xiaobian. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.