Centos7.3 installs transparent agent for squid 02/24 Update SLTechnology News&Howtos

Centos7.3 installs transparent agent for squid

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

There is no need to say much about squid, a powerful agent software, and I have tested it myself. However, there are problems in the process of centos7.3 installation and testing. When doing transparent agents, using iptables can be successful, while using firewall default firewall is not successful. However, after really knowing the principle of firwall, firewall has already done it for us! Please take a look.

Installation

# yum install squid-y

Disable selinux

# vi / etc/sysconfig/selinuxSELINUX=disabled#setenforce 0 temporarily shut down

Turn on route forwarding

# vi / etc/sysctl.confnet.ipv4.ip_forward=1

Configure squid

# vi / etc/squid/squid.conf

Mainly modify the following, other functions, there should be a large number of explanations on the Internet

Cache_dir ufs / var/log/squid 10240 16 256...http_access allow all / / test, allowing all access to http_access deny allhttp_port 3128 transparent / / key, must be added, as a transparent proxy. Others watch to modify # squid-k parse check configuration file # squid-z initialization # systemctl start squid startup # lsof-I: 3128 to see if the port is enabled

Key, firewall Firewall configuration

# firewall-cmd-- zone=external-- add-interface=eth0-- permanent / / add the external network Nic to the public network zone#firewall-cmd-- zone=internal-- add-interface=eth2-- permanent / / add the private network Nic to the private network zone#firewall-cmd-- zone=external-- add-service=squid-- permanent / / key Add squid service # firewall-cmd-- zone=internal-- add-service=squid-- permanent / / as long as the private network region adds services # firewall-cmd-- zone=external-- list-all / / lists the public network area information. Masquerade:yes should be enabled by default. If it is no, execute the following statement to add # firewall-cmd-- zone=external-- add-masquerade-- permanent#systemctl restart firewalld / / restart the firewall.

Client

Add the private network ip and gateway, and set the private network IP,DNS as the squid server to the available DNS.

Open the web page and see if it can be used.

It should be noted that if the add-service=squid service is not added to the firewall on the squid server side, although the client can access the web page normally, it will no longer be forwarded through squid, and then all squid restrictions will be invalidated.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.