Shulou(Shulou.com)06/03 Report--

Squid proxy server

Simulate intranet client IP192.168.1.10 proxy server internal network port IP192.168.1.254 proxy server external network port IP202.0.0.252 external network server IP202.0.0.10

1 installation and operation control squid

1 compile and install Squid

Tar-zxf squid--C / usr/src

Cd / usr/src/squid-

. / configure-prefix=/usr/local/squid-- sysconfdir=/etc-- enable-linux-netfilter-- enable-async-io=240-- enable-default-err-language=Simplify_Chinese-- disable-poll-- enable-epoll-- enable-gnuregex & & make & & make install

Ln-s / usr/local/squid/sbin/ / usr/local/sbin/

Useradd-M-s / sbin/nologin squid

Chown-R squid:squid / usr/local/squid/var/

2 modify the configuration file

Vim / etc/squid.conf

Http_port 3128

Add

Cache_effective_user squid / / specifies the program user of squid, which is used to set the initialized account

Cache_effective_group squid

Remove 62 line "#"

3 squid operation control

Squid-z / / initialize the cache directory

Squid / / start the squid service

Extension: add scripts and manage using chkconfig and systemctl tools

Vim / etc/init.d/squid

#! / bin/bash

# chkconfig: 2345 90 25

# config: / etc/squid.conf

# pidfile: / usr/local/squid/var/run/squid.pid

# Description: Squid-Internet Object Cache

PID= "/ usr/local/squid/var/run/squid.pid"

CONF= "/ etc/squid.conf"

CMD= "/ usr/local/squid/sbin/squid"

Case "$1" in

Start)

Netstat-anpt | grep squid & > / dev/null

If [$?-eg 0]

Then

Echo "squid id runing"

Else

Echo "starting squid..."

$CMD

Fi

Stop)

$CMD-k kill & > / dev/null

Rm-rf $PID & > / dev/null

Status)

[- f $PID] & > / dev/null

If [$?-eq 0]

Then

Netstat-anpt | grep squid

Else

Echo "Squid is not runing."

Fi

Restart)

$0 stop & > / dev/null

Echo "shutting down squid..."

$0 start & > / dev/null

Echo "starting squid..."

Reload)

$CMD-k reconfigure

Check)

$CMD-k parse

)

Echo "usage: $0 {start | stop | restart | reload | check | status}"

Esac

Chmod + x / etc/init.d/squid

Chkconfig-- add squid / / tianjiaxitongfuw

Systemctl restart squid

Second, build a proxy server

1 traditional agent

Manually add the proxy IP in the browser as the proxy server 192.168.1.254 port 3128

2 transparent proxy

(1) configure squid to support transparent proxies

Vim / etc/squid.conf

Add http_port 192.168.1.254 http_port 3128 transparent

Systemctl restart squid

Vim / etc/sysctl.conf

Add net.ipv4.ip_forward = 1

Sysctl-p

(2) set the redirection policy for firewalld

Systemctl start firewalld

Firewall-cmd-zone=external-add-interface=ens33 / / private network interface

Firewall-cmd-- zone=internal-- add-interface=ens37 / / external network interface

Firewall-cmd-zone=external-add-service=http

Firewall-cmd-zone=external-add-service=https

Firewall-cmd-zone=external-add-port=3128/tcp

Firewall-cmd-direct-add-rule ipv4 nat PREROUTING 0-I ens33-p tcp-dport 80-j REDIRECT-to-ports 3128

Firewall-cmd-- direct-- add-rule ipv4 nat PREROUTING 0-I ens33-p tcp-- dport 443j REDIRECT-- to-ports 3128

Firewall-cmd-runtime-to-permanent

During verification, the gateway of the client is the private network ip of the proxy server, and the manual proxy is turned off.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.