Configure squid to implement forward proxy 03/29 Update SLTechnology News&Howtos

Configure squid to implement forward proxy

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Environment: CentOS 6.5

Proxy host ip:192.168.3.224,10.0.0.10

Private network host ip:10.0.0.11

Pre-installation preparation

1. Close selinux

[root@php-proxy ~] # setenforce 0 [root@php-proxy ~] # getenforcepermissive [root@php-proxy ~] # vim / etc/selinux/configSELINUX=disabled

2. Close the firewall filter table and set the firewall port forwarding rules.

[root@php-proxy ~] # iptables-t filter-F [root@php-proxy ~] # iptables-t nat-A POSTROUTING-o eth0-j MASQUERADE [root@php-proxy ~] # service iptables save

3. Modify the host route pattern

[root@php-proxy ~] # vim / etc/sysctl.confnet.ipv4.ip_forward = 1

Compile and install squid

1. Install squid

Http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.3.tar.gz

[root@php-proxy ~] # tar xf squid-3.2.3.tar.gz [root@php-proxy ~] # cd squid-3.2.3 [root@php-proxy] #. / configure-- prefix=/usr/local/squid-- enable-dlmalloc-- enable-gnuregex-- disable-carp-- enable-async-io=100-- with-aufs-threads=32-- with-pthreads-- enable-storeio= "ufs,aufs"-- enable-removal-policies= "heap Lru "--enable-icmp-- enable-htcp-- enable-delay-pools-- enable-useragent-log-- enable-referer-log-- disable-wccp-- disable-wccpv2-- enable-kill-parent-hack-- enable-arp-acl-- disable-snmp-- enable-default-err-language=Simplify_Chinese-- enable-err-languages=" Simplify_Chinese English "- disable-poll-disable-select-enable-epoll-enable-auth--enable-auth-basic=" DB,NCSA,PAM,RADIUS SASL "- with-aio-disable-ident-lookups-enable-truncate-enable-stacktraces-with-maxfd=65535-disable-ipv6-enable-ipf-transparent-enable-linux-netfilter

2. Configure squid

[root@php-proxy ~] # mkdir-p / data/squid/ {cache,coredump,logs} [root@php-proxy ~] # / usr/sbin/groupadd squid [root@php-proxy ~] # / usr/sbin/useradd squid-g squid-s / sbin/nologin [root@php-proxy ~] # chmod-R 777 / data/squid/ {cache,coredump,logs} [root@php-proxy] # chown-R squid.squid / data/squid/ {cache,coredump,logs}

3. Content of configuration file

[root@php-proxy ~] # vim / usr/local/squid/etc/squid.confhttp_port 10.0.0.10 usr/local/squid/etc/squid.confhttp_port 1080 cache_effective_user squidcache_effective_group squidcache_ mem 2048 MBcache_swap_low 90cache_swap_high 95 Ipcache_size 1024ipcache_low 90ipcache_high 95 cache_replacement_policy lrumemory_replacement_policy lru cache_dir aufs / data/squid/cache 20480 16 256coredump_dir / data/squid/coredump memory_pools_limit 1024 MBmax_open_disk_fds 0minimum_object_size 0 KBmaximum_object_size 32768 KBmaximum_object_size_in_memory 2048 KB access_log / dev/nullcache_access_log none cache_log / dev/nullcache_store_log none cache_swap_log / data/squid/ Logs/swap.log logfile_rotate 1pid_filename / usr/local/squid/var/logs/squid.pid cache_mgr lovezym5@126.comstrip_query_terms offvisible_hostname ProxySrverror_directory / usr/local/squid/share/errors/zh-cn Request_header_max_size 64 KBrequest_body_max_size 0 KB negative_ttl 5 minutesread_timeout 1 minutesclient_lifetime 10 minutesconnect_timeout 1 minutepeer_connect_timeout 30 secondsrequest_timeout 2 minutespersistent_request_timeout 1 minute client_persistent_connections offserver_persistent_connections ontcp_recv_bufsize 65535 byteshalf_closed_clients offhttpd_suppress_version_string Offie_refresh offallow_underscore on refresh_pattern ^ ftp: 0 1440 10080refresh_pattern ^ gopher: 0% 1440refresh_pattern-I (/ cgi-bin/ |\?) 0% 0refresh_pattern. 0 20% 4320 dns_nameservers DNS Server IP acl OverConnLimit maxconn 300http_access deny OverConnLimit acl our_network src 192.168.0.0/16http_access allow our_network Acl SSL_ports port 443acl CONNECT method CONNECThttp_access deny CONNECT! SSL_ports request_header_access Via deny allrequest_header_access X-Forwarded-For deny all# checks whether the configuration is correct [root@php-proxy ~] # / usr/local/squid/sbin/squid-k parse# initializes the cache cache directory [root@php-proxy ~] # / usr/local/squid/sbin/squid-z

4. Configure the startup script

[root@php-proxy ~] # vim / ETC usr/local/squid/var/logs/squid.pid# config in it. D usr/local/squid/etc/squid.conf#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/ squid: squid is a pagecache reverse proxy.# processname: squid# pidfile: / usr/local/squid/var/logs/squid.pid# config: / usr/local/squid/etc/squid.conf#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/ Usr/bin BINFILE= "/ usr/local/squid/sbin/squid" CFGFILE= "/ usr/local/squid/etc/squid.conf" PIDFILE= "/ usr/local/squid/var/logs/squid.pid" LOCKFILE= "/ var/lock/squid.lock" CACHEPATH= "/ data/squid/cache" OUTFILE= "/ data/squid/logs/squid.out" SQUID_PIDFILE_TIMEOUT=$ {SQUID_PIDFILE_TIMEOUT:-20} SQUID_SHUTDOWN_TIMEOUT=$ {SQUID_SHUTDOWN_TIMEOUT :-100} [[- f $BINFILE]] & & SQUID= "${BINFILE}" CACHE_SWAP= `sed-e's RETVAL=0 start. Grep cache_dir | awk'{print $3}'`[- z "$CACHE_SWAP"] & & CACHE_SWAP= "${CACHEPATH}" RETVAL=0 start () {if [[!-f ${CFGFILE}] Then echo "The configuration file: ${CFGFILE} has no found!" 1 > & 2 exit 6 fi SQUID_OPTS= "- s-f ${CFGFILE}" [[- z "$SQUID"] & & echo "Insufficient privilege" 1 > & 2 & & exit 4 for adir in $CACHE_SWAP do if [!-d $adir/00]] Then echo-n "init_cache_dir $adir" $SQUID-z-F-D > > ${OUTFILE} 2 > & 1 fi done echo-n "Starting squid..." $SQUID $SQUID_OPTS > > ${OUTFILE} 2 > & 1 RETVAL=$? If [[$RETVAL-eq 0]]; then timeout=0; while: do [[!-f ${PIDFILE}]] | | break [[$timeout-ge $SQUID_PIDFILE_TIMEOUT]] & & RETVAL=1 & & break sleep 1 & & echo-n "." Timeout=$ ((timeout+1)) done fi echo "[[$RETVAL-eq 0]] & & touch ${LOCKFILE} [[$RETVAL-eq 0]] & & echo" start squid is ok! "[[$RETVAL-ne 0]] & & echo" start squid is failed! " Return $RETVAL} stop () {SQUID_SHUTDOWN_TIMEOUT=$ {SQUID_SHUTDOWN_TIMEOUT:-100} echo-n "Stopping squid..." $SQUID-k check > > ${OUTFILE} 2 > & 1 RETVAL=$? If [[$RETVAL-eq 0]] Then $SQUID-k shutdown & rm-f ${LOCKFILE} timeout=0 while: do [[- f ${PIDFILE}]] | | break [[$timeout-ge $SQUID_SHUTDOWN_TIMEOUT]] & & echo "& & return 1 Sleep 2 & & echo-n "." Timeout=$ (timeout+2) done echo "" echo "Stop squid is ok!" Else echo "" echo "Stop squid is failed!" [[!-e ${LOCKFILE}]] & & RETVAL=0 fi return $RETVAL} restart () {stop sleep 1 start} case "$1" instart) start;; stop) stop Reload) SQUID_OPTS=$ {SQUID_OPTS:- "- D"} $SQUID-k reconfigure-f ${CFGFILE};; restart) restart;; condrestart) [[- e ${LOCKFILE}]] & & restart | |: *) echo $"Usage: $0 {start | stop | reload | restart | condrestart}" exit 2esac exit $? [root@php-proxy ~] # chmod + x / etc/init.d/squid # add execution permission [root@php-proxy ~] # service squid start # start the service

3. Configure the host ip address

Private network ip of proxy host

[root@php-proxy ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth0:0DEVICE=eth0:0TYPE=EthernetONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=noneIPADDR=10.0.0.10NETMASK=255.0.0.0

Ip address of private network host

[root@php] # vim / etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0HWADDR=52:54:00:B1:B4:99TYPE=EthernetUUID=4dd9081e-2cf6-4f81-bde4-561d3877267eONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=staticIPADDR=10.0.0.11NETMASK=255.0.0.0GATEWAY=10.0.0.10DNS1=8.8.8.8DNS2=8.8.4.4

The testing of private network hosts is feasible:

[root@php] # curl-I www.qq.comHTTP/1.1 200 OKServer: squid/3.4.3Date: Wed, 13 Jul 2016 06:01:36 GMTContent-Type: text/html; charset=GB2312Connection: keep-aliveVary: Accept-EncodingVary: Accept-EncodingExpires: Wed, 13 Jul 2016 06:02:36 GMTCache-Control: max-age=60Vary: Accept-EncodingAccess-Control-Allow-Origin: http://bz.qq.comX-Cache: HIT from nanjing.qq.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.