Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of how to configure squid based on Linux gateway server, the content is detailed and easy to understand, the operation is simple and fast, and it has a certain reference value. I believe you will gain something after reading this article on how to configure squid based on Linux gateway server. Let's take a look.

Preface

Here, we will configure a proxy server that provides proxy services only to the internal network. It has the following functions: it divides users into advanced users and ordinary users, and adopts the method of network card physical address identification for advanced users.

Ordinary users need to enter a user name and password to use it normally. Advanced users have no restrictions on access time and file types, while ordinary users can only access them at work and some other restrictions.

Installation

Install from sourc

The stable version is included in the source. Execute the following command to install it.

Sudo apt-get install squid squid-common

Source code compilation and installation

Of course, you can also download the latest version from the official website to compile and install:

Stable stable version and devel version are usually provided to developers for testing programs. Assuming that the latest stable version of squid-2.5.stable2.tar.gz has been downloaded, unzip the package with the following command:

Tar xvfz squid-2.5.stable.tar.gz

Packages compressed in bz2 may be smaller, and the corresponding command is:

Tar xvfj squid-2.5.stable.tar.bz2

Then, go to the appropriate directory to configure and compile the source code with the following command:

Cd squid-2.5.stable2

There are many options for the configuration command configure. If you are not clear, you can check it with "- help" first. In general, the following options are used:

-- prefix=/web/squid

Specify the location where squid is installed. If only this option is specified, there will be directories such as bin, sbin, man, conf, and so on, and the main configuration files will now be in the conf subdirectory. For ease of management, it is best to configure the file location to / etc with the parameter-- sysconfdir=/etc.

-- enable-storeio=ufs,null

The file system used is usually the default ufs, but if you want to be a proxy server that does not cache any files, you need to add a null file system.

-- enable-arp-acl

This can be managed directly through the client's mac address in the rule settings to prevent customers from using ip spoofing.

-enable-err-languages= "simplify_chinese"

-enable-default-err-languages= "simplify_chinese"

The above two options tell squid to compile and use simplified Chinese error messages.

-- enable-linux-netfilter

The transparent proxy feature of linux is allowed.

-- enable-underscore

An underscore is allowed in the parsed url because by default the squid considers the underlined url illegal and denies access to the address. The entire configuration compilation process is as follows:

. / configure-- prefix=/var/squid

-- sysconfdir=/etc

-- enable-arp-acl

-- enable-linux-netfilter

-- enable-pthreads

-enable-err-language= "simplify_chinese"

-- enable-storeio=ufs,null

-enable-default-err-language= "simplify_chinese"

-enable-auth= "basic"

-enable-baisc-auth-helpers= "ncsa"

-- enable-underscore

Some of these options have special functions, which are described below. Finally, execute the following two commands to compile the source code into an executable file and copy it to the specified location.

Make

Sudo make install

Basic configuration

After the installation is complete, the next step is to configure the running of squid (not the configuration from the previous installation). All projects are completed in squid.conf. The squid.conf that comes with squid includes very detailed instructions, which is equivalent to a user's manual, and any questions about the configuration can be resolved by reference. In this example, the proxy server is also the gateway, and the ip address of the internal network interface eth0 is 192.168.0.1 and the ip address of the external network to eth1 is 202.103.x.x. Here are a basic configuration options required by the agent:

Http_port 192.168.0.1:3128

The default port is 3128, and of course it can be any other port, as long as it does not conflict with other services. For security reasons, add the ip address in front of it, and squid will not listen on the external network interface. The following configuration option is an email from the server administrator, and when an error occurs, the address is displayed on the error page to make it easy for users to contact:

Cache_mgr start@soocol.

The following parameters tell squid the file system, location, and cache policy of the cache:

Cache_dir ufs / var/squid

Cache_mem 32mb

Cache_swap_low 90

Cache_swap_high 95

Here, squid will use the / var/squid directory as the directory to store the cached data. The cache size for each processing is 32 megabytes. When the cache space usage reaches 95%, the new content will replace the old one and will not be added directly to the directory. This activity will not stop until the space drops to 90%. If you do not want squid to cache any files, such as some proprietary systems with limited storage space, you can use the null file system (which does not require those caching strategies):

Cache_dir null / tmp

In the following policy configuration for caching, the main one is the first line, the user's access record, which can be analyzed to find out the detailed address of all users' access:

Cache_access_log / var/squid/access.log

Cache_log / var/squid/cache.log

Cache_store_log / var/squid/store.log

The following line configuration is the parameter that appears in the newer version, telling squid the name of the server displayed on the error page:

Visible_hostname no1.proxy

The following configuration tells squid how to handle users and treats each requested ip address as a separate address:

Client_netmask 255.255.255.255

If it is an ordinary proxy server, the above configuration is sufficient. But many squid are used as transparent proxies. The so-called transparent proxy means that the client does not know the existence of the proxy server and certainly does not need to make any settings related to the proxy, which greatly facilitates the system administrator. The relevant options are as follows:

Httpd_accel_host virtual

Httpd_accel_port 80

Httpd_accel_with_proxy on

Httpd_accel_user_host_header on

On linux, requests for web port 80 can be forwarded directly to squid port 3128 using iptables/ipchains

It is taken over by squid, and the user's browser still thinks it is accessing port 80 of the other party. For example, the following command:

Iptables-t nat-a prerouting-s 192.168.0.200 tcp 32-p tcp-- dport 80-j redirect 3128

All access to port 80 of 192.168.0.200 is redirected to port 3128.

After all the settings are completed, the key and important task is access control. Squid supports many management methods and is very easy to use (this is also because some people prefer to use squid without any caching rather than using ipta alone.

This is the end of the article on "how to configure squid based on Linux Gateway Server". Thank you for reading! I believe that everyone has a certain understanding of the knowledge of "how to configure squid based on Linux gateway server". If you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.