squid缓存服务器————透明代理

squid透明模式

配置双网卡,squid以网关的形式存在
squid缓存服务器————透明代理_第1张图片
,在传统模式的基础上配置

先给squid服务器加一块网卡
squid缓存服务器————透明代理_第2张图片

[root@squid init.d]# cd /etc/sysconfig/network-scripts/
[root@squid network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@squid network-scripts]# vim ifcfg-ens36
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens36"
DEVICE="ens36"
ONBOOT="yes"
IPADDR=192.168.10.1
NETMASK=255.255.255.0
[root@squid network-scripts]# systemctl restart network
[root@squid network-scripts]# ifconfig
ens33: flags=4163  mtu 1500
        inet 192.168.247.206  netmask 255.255.255.0  broadcast 192.168.247.255
ens36: flags=4163  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.0  broadcast 192.168.10.255
[root@squid network-scripts]# vim /etc/sysctl.conf 
net.ipv4.ip_forward=1
[root@squid network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
[root@web httpd]# ping 192.168.247.206
PING 192.168.247.206 (192.168.247.206) 56(84) bytes of data.
64 bytes from 192.168.247.206: icmp_seq=1 ttl=64 time=0.740 ms
64 bytes from 192.168.247.206: icmp_seq=2 ttl=64 time=0.802 ms
[root@web httpd]# route add -net 192.168.10.0/24 gw 192.168.247.206
[root@web httpd]# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.637 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.648 ms
[root@squid network-scripts]# ping 192.168.247.160
PING 192.168.247.160 (192.168.247.160) 56(84) bytes of data.
64 bytes from 192.168.247.160: icmp_seq=1 ttl=64 time=1.26 ms
64 bytes from 192.168.247.160: icmp_seq=2 ttl=64 time=0.521 ms

设置win10虚拟机的网段为192.168.10.0,网卡为仅主机模式

squid缓存服务器————透明代理_第3张图片
squid缓存服务器————透明代理_第4张图片

修改配置文件

[root@squid network-scripts]# vim /etc/squid.conf
http_port 192.168.10.1:3128 transparent
//修改,transparent 为透明模式
[root@squid network-scripts]# service squid stop
[root@squid network-scripts]# service squid start 
正在启动 squid...
[root@squid network-scripts]# netstat -natp | grep 3128
tcp        0      0 192.168.10.1:3128       0.0.0.0:*               LISTEN      101064/(squid-1)    

配置iptables规则

-t nat表 -I PREROUTING 进路由 -i 入口 -s 源地址 -p tcp协议 --dport 目标端口 -j 操作 REDIRECT重定向到 --to 3128端口

[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
[root@squid network-scripts]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT

win10客户机关闭手动代理,访问web

squid缓存服务器————透明代理_第5张图片

查看access.log

[root@web httpd]# cat access_log 
192.168.247.206 - - [02/Feb/2020:12:00:11 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240"

你可能感兴趣的:(LINUX)