Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "the process of configuring squid proxy server under Linux system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Briefly record the configuration of the Squid transparent proxy server

Environment: VirtualBox + CentOS 6.0 + squid-3.1.4-1.el6.i686

0. Check whether squid is installed by default, and install it first if it is not installed

The code is as follows:

[root@Slyar ~] # rpm-qa squid

Squid-3.1.4-1.el6.i686

1. Add double network cards to the virtual machine, all set bridging, configure IP,eth0 as the external network and eth2 as the internal network. Pay attention to the MAC address of the network card in the configuration file to match the device!

The code is as follows:

[root@Slyar ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE= "eth0"

ONBOOT=yes

TYPE=Ethernet

HWADDR=08:00:27:BC:6A:0D

IPADDR=172.17.1.221

PREFIX=24

GATEWAY=172.17.1.254

DNS1=172.16.5.133

NAME= "System eth0"

The code is as follows:

[root@Slyar ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth2

DEVICE= "eth2"

ONBOOT=yes

TYPE=Ethernet

HWADDR=08:00:27:20:52:B2

IPADDR=192.168.1.254

PREFIX=24

NAME= "System eth2"

The code is as follows:

[root@Slyar ~] # / etc/init.d/network restart # restart the network card

If you are unable to access the Internet after configuration, please take a look at the default route with the route command. It is recommended that eth2 do not set up a gateway to save trouble, of course, it does not matter if you are willing to configure a default route.

2. Configure squid and transparent mode

The code is as follows:

[root@Slyar ~] # cp / etc/squid/squid.conf / etc/squid/squid.conf.bak

[root@Slyar ~] # vim / etc/squid/squid.conf

In order to save trouble, I will directly change the following line to http_access allow all, and the reader can modify the allowable scope.

The code is as follows:

# And finally deny all other access to this proxy

Http_access deny all

Be sure to add the following statement at the bottom of the configuration file, otherwise squid will not start!

The code is as follows:

Visible_hostname localhost

If you want to use transparent mode, add the keyword "transparent" after the port.

If you do not use transparent mode, this line does not need to be changed, after step 3, you can skip to step 7 to test.

The code is as follows:

# Squid normally listens to port 3128

Http_port 3128 transparent

3. Start squid

The code is as follows:

[root@Slyar ~] # service squid restart

4. Configure iptables for transparent proxy and set forwarding

To save trouble, directly create a shell script, enable traffic exchange between network cards, enable NAT, set DNS forwarding, and set port 80 traffic to port 3128 for squid processing.

The code is as follows:

[root@Slyar ~] # vim squid.sh # create script file

The code is as follows:

#! / bin/bash

Echo "1" > / proc/sys/net/ipv4/ip_forward

Modprobe iptable_nat

/ sbin/iptables-t nat-A POSTROUTING-j MASQUERADE

Iptables-t nat-A PREROUTING-p udp-- dport 53-j DNAT-- to 172.16.5.133

Iptables-t nat-A PREROUTING-I eth2-p tcp-s 192.168.1.0 to-ports 24-- dport 80-j REDIRECT-- to-ports 3128

[root@Slyar ~] # chmod ostatx squid.sh # gives script execution permission

[root@Slyar ~] #. / squid.sh # startup script

5. Save the iptables assignment to the configuration file

The code is as follows:

[root@Slyar ~] # service iptables save

6. Restart iptables

The code is as follows:

[root@Slyar ~] # service iptables restart

7. Test squid transparent proxy

Client sets IP address: 192.168.1.x/24

Gateway: 192.168.1.254

DNS server: 192.168.1.254

8, open IE, do not set up a proxy (because it is a transparent proxy), enter www.yisu.com if it can be opened successfully.

9. Supplement the non-transparent proxy test method: open IE-tools-Internet option-connection-LAN Settings-proxy server, set the server IP to 192.168.1.254, port 3128, and make sure.

This is the end of the content of "the process of configuring squid proxy server under Linux system". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.