Shulou(Shulou.com)06/02 Report--

Experimental schematic diagram

Step 1: configure squid proxy server # remote sharing and mount source code package [root@squid ~] # smbclient-L / / 192.168.142.1 [root@squid ~] # mount.cifs / / 192.168.142.1/squid / mnt# decompress source code package [root@squid ~] # cd / mnt [root@squid mnt] # tar zxvf squid-3.4.6.tar.gz-C / opt# installation and compilation environment [root@squid mnt] # yum Install gcc gcc-c++ make-y # cut into the source package directory [root@squid mnt] # cd / opt/squid-3.4.6/# configure configure component items [root@squid squid-3.4.6]. / configure-- prefix=/usr/local/squid\ >-- sysconfdir=/etc\ >-- enable-arp-acl\ >-- enable-linux-netfilter\ >-- enable-linux-tproxy\ >-- enable-async-io=100\ >-- enable-err-language= "Simplify_Chinese"\ >-- enable-underscore\ >-- enable-poll\ >-- enable-gnuregex# compilation and installation [root@squid squid-3.4.6] # make & & make install# establish service command soft link to the system Easy to manage [root@squid squid-3.4.6] # ln-s / usr/local/squid/sbin/* / usr/local/sbin# add program user [root@squid squid-3.4.6] # useradd-M-s / sbin/nologin squid# modify the owner and group of the service directory [root@squid squid-3.4.6] # chown-R squid.squid / usr/local/squid/var# modify squid.conf configuration file [root@] Squid squid-3.4.6] # vim / etc/squid.confhttp_port 312 appends the following entry under port 3128 entry # to specify the amount of memory space used by the caching function It is recommended that 1/4cache_mem 64 MB# set to physical memory allow users to download maximum file size reply_body_max_size 10 MB# allow site object size maximum _ object_size 4096 KB# to be saved to cache space add user cache_effective_user squid# add user group cache_effective_group squid# check configuration file syntax [root@squid squid-3.4.6] # squid- k parse# initialize cache directory Record [root@squid squid-3.4.6] # squid- z # launch service [root@squid squid-3.4.6] # squid# to view the service port status [root@squid squid-3.4.6] # netstat-ntap | grep squidtcp6 0 0:: 3128: * LISTEN 31862 / (squid-1) # switch the startup process directory [root@ Squid squid-3.4.6] # cd / etc/init.d# create the startup script [root@squid init.d] # vim squidlights binbat bingray eq config: 2345 90 25PID = "/ usr/local/squid/var/run/squid.pid" CONF= "/ etc/squid.conf" CMD= "/ usr/local/squid/sbin/squid" case "$1" instart) netstat-ntap | grep squid & > / dev/null if [$?-eq 0] Then echo "squid is running" else echo "starting squid...." $CMD fi ; stop) $CMD-k kill & > / dev/null rm-rf $PID & > / dev/null;; status) [- f $PID] & > / dev/null if [$?-eq 0] then netstat-ntap | grep squid else echo "squid is not running" fi Restart) $0 stop & > / dev/null echo "shutting down squid..." $0 start & > / dev/null echo "starting squid...";; reload) $CMD-k reconfigure;; check) $CMD-k parse;; *) echo "usage: $0 {start | stop | reload | status | check | restart}" Esac# grants script execution permission [root@squid init.d] # chmod + x squid# add script to service Manager [root@squid init.d] # chkconfig-- add squid# add service boot self-startup [root@squid init.d] # chkconfig-- level 35 squid on# uses scripts to manage squid service [root@squid init.d] # service squid stop [root@squid init.d] # service squid start is starting squid.... [root@squid] Init.d] # netstat-ntap | grep squidtcp6 0 0: 3128: * LISTEN 48115 / (squid-1) # clear all firewall rules [root@squid init.d] # iptables-F# turn off enhanced security function [root@squid init.d] # setenforce set fire prevention policy To open port 3128 [root@squid init.d] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT step 2: configure Web website server [root@web ~] # systemctl stop firewalld.service [root@web ~] # setenforce 0 [root@web ~] # yum install httpd-y [root@web ~] # systemctl start httpd step 3: use the client to access web pages

Use browsing to visit 192.168.142.139

Step 4: configure the client to use the proxy server and verify the proxy service

1. Open the browser's work menu and select "Internet options"

two。 Select LAN Settings, select use proxy Server for LAN, and specify the server address and port

3. Visit 192.168.142.139 again

4. When you go back to the web server to view the service log, you can see that the visiting record is the address of the proxy server.

[root@web] # vim / etc/httpd/logs/access_log 192.168.142.131-[04/Dec/2019:19:04:28 + 0800] "GET / noindex/css/fonts/ExtraBold/OpenSans-ExtraBold.eot? HTTP/1.1 "404248" http://192.168.142.139/"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

Thus it can be seen that the traditional proxy uses the address of the proxy server to access the web service, which is suitable for Internet, but specifies the server when the name is needed!

The above is the Squid traditional proxy service. Let's configure the transparent proxy service. Step 1: configure the proxy server Nic.

1. Modify ens33 Nic information

[root@squid ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 # modify dhcp to append IP address, subnet mask and gateway IPADDR=192.168.100.1NETMASK=255.255.255.0 to the last line of staticBOOTPROTO=static# [root@squid ~] # service network restart Restarting network (via systemctl): [OK]

two。 Add the second network card and modify the ens36 network card information

[root@squid ~] # cd / etc/sysconfig/network-scripts/ [root@squid network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36 [root@squid network-scripts] # vim ifcfg-ens36# replace 33 with 36 and delete the UUID entry IPADDR=12.0.0.1NETMASK=255.255.255.0 [root@squid network-scripts] # service network restart Restarting network (via systemctl): [OK]

3. Add the function of forwarding packets to use the server as a gateway

[root@squid network-scripts] # echo "1" > / proc/sys/net/ipv4/ip_forward

4. Set firewall policy

# Open port 80, and redirect to proxy port 3128 [root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 to 24-p tcp-- dport 80-j REDIRECT-- to 3128 port # redirect to port 3128 proxy port [root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0GB24-p tcp-dport 443-j REDIRECT-to 3128

5. Modify squid.conf configuration file

[root@squid ~] # vim / etc/squid.conf# replaces the original 3128 port entry with the following entry to support transparent mode http_port 192.168.100.1 etc/squid.conf# 3128 transparent

6. Overload proxy service

[root@squid network-scripts] # service squid reload second step: Web server Nic information [root@web ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 # modify dhcp append IP address, subnet mask and gateway IPADDR=12.0.0.12NETMASK=255.255.255.0GATEWAY=12.0.0.1 [root@web ~] # service network restartRestarting network (via systemctl) to the last line of staticBOOTPROTO=static#: [OK] step 3: use client access

1. Modify address

two。 Cancel the previously set proxy service option

3. Use a browser to access 12.0.0.12

4. When you go back to the web server to check the service log, you can see that the visiting record is the address of the foreign network card.

12.0.0.1-[04/Dec/2019:22:41:39 + 0800] "GET / noindex/css/fonts/ExtraBold/OpenSans-ExtraBold.eot? HTTP/1.1 "404248" http://12.0.0.12/"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

Thus it can be seen that the transparent proxy uses the address of the foreign network card to access the web service, and directs the Web access to the proxy server through matchmaker routing and firewall policy.

Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.