Shulou(Shulou.com)06/01 Report--

This article is to share with you the content of a case of linux building a squid proxy server. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Experimental environment:

A linux builds a Web server and acts as a private network web server (and also acts as a private network client) 202.100.10.100

One linux system acts as a gateway server and two network cards enable route forwarding 192.168.133.131 and 202.100.10.1

A linux sets up a Web server and acts as a public network web server (as well as a public network client)) 192.168.133.131

The steps of the experiment:

1. Configure the IP addresses of the internal network web server, the gateway server and the external network Web server, turn on the routing and forwarding of the gateway, turn off the firewall of the gateway, test the connectivity between the internal network web server and the external network Web server, and ensure interconnection.

two。 Install the web service of the intranet Web server and the extranet Web server, start the service, and create a new test page

3. Test that the intranet client accesses the extranet web server, and the extranet client accesses the intranet web server

4. Intranet client accesses external network web server

5. The external network client accesses the private network web server

Firewall SNAT and DNAT

1. Intranet client accesses external network web server

two。 View logs on the public network web server

Tail-f / var/log/httpd/access_log

3. Set up address translation at the gateway

Iptables-t nat-A POSTROUTING-s 192.168.133.0 SNAT 24-o eth3-j SNAT-- to-source 202.100.10.1

Or iptables-t nat-A POSTROUTING-s 192.168.133.0 take 24-o eth3-j MASQUERADE

4. Once again, access the public network web server in the private network client, and then look at the public network web server. You can see that the IP recorded in the log file is not the IP of the intranet client.

DNAT:

1. Set on the gateway to map the web server of the internal network to the interface of the gateway external network.

Iptables-t nat-A PREROUTING-I eth3-d 202.100.10.1-p tcp-- dport 80-j DNAT-- to-destination 192.168.133.131

two。 Access the interface IP of the external network of the gateway (in fact, it is to access the web server of the private network)

3. View the log files of the private network web server

Squid proxy server

1. Configure the squid proxy server in the configuration gateway server, install squid, yum install-y squid

1.1 traditional proxy server

Start the squid service service squid start

Because of the squid.conf configuration file, all private IP are allowed to pass by default.

1.2 Intranet clients set up browsers, join agents, and test

Viewing the log file on the public network server, you can see that IP is the IP of the proxy server.

1.3 shut down the proxy server of the gateway server and test it again. The following figure shows that the client accesses the public network web server through the proxy server.

two。 Transparent proxy server

2.1 configure on the gateway server, set transparent proxy and enable caching, vim / etc/squid/squid.conf

Http_port 192.168.133.130 IPcache_dir ufs 3128 transparent # 192.168.133.130 is the private network interface IPcache_dir ufs / var/spool/squid 10016 256iptables-t nat-A PREROUTING-I eth2-s 192.168.133.0 dport 24-p tcp-- dport 80-j REDIRECT-- to-ports 3128 #-I interface is the private network interface-s followed by the private network segment-j followed by REDIRECT (redirect)

2.2 restart the squid service, and then test it on the private client. Cancel the proxy set by the browser in the previous test. The transparent proxy does not need to be set on the client side.

2.3 View logs on the extranet web server

Thank you for reading! This is the end of this article on "the case of linux building squid proxy server". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.