构建Squid代理服务器
配置Squid实现基本代理功能
配置Squid实现基本的代理功能
1、查看IP
eth0 Link encap:Ethernet HWaddr 00:0C:29:4A:88:90
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 00:0C:29:4A:88:9A
inet addr:200.100.100.1 Bcast:200.100.100.255 Mask:255.255.255.0
2、查看主机名
[root@s2 ~]# hostname
s2.benet.com
开启路由转发
[root@s2 squid]# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
3、搭建DNS并验证
[root@s2 ~]# nslookup //此处解析的IP地址是外网的服务器的IP地址
> www.benet.com
Server: 192.168.10.1
Address: 192.168.10.1#53
Name: www.benet.com
Address: 192.168.10.2
4、启动防火墙
[root@s2 ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle raw nat filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]
5、清空各个表中的所有规则链
[root@s2 ~]# iptables -F
[root@s2 ~]# iptables -t nat -F
[root@s2 ~]# iptables -t raw -F
[root@s2 ~]# iptables -t mangle -F
7、拷贝Squid主配置文件并过滤
[root@s2 squid]# pwd
/etc/squid
[root@s2 squid]# ls
cachemgr.conf mib.txt msntauth.conf squid.conf.default
errors mime.conf msntauth.conf.default
icons mime.conf.default squid.conf
[root@s2 squid]# cp -p squid.conf squid.conf.bak
[root@s2 squid]# grep -v "^#" squid.conf.bak | grep -v "^$" >squid.conf
8、配置Squid代理服务器端
http_port 3128 //端口号
visible_hostname s2.benet.com //指定可见的主机名
http_access allow all //查找并修改此行,默认是拒绝
9、初始化并启动服务
[root@s2 squid]# service squid restart
Stopping squid: [FAILED]
init_cache_dir /var/spool/squid... Starting squid: .[ OK ]
10修改客户端的浏览器设置,指定所使用代理服务器的IP地址、端口号。
12、客户端测试验证
配置透明代理
1、查看IP
eth0 Link encap:Ethernet HWaddr 00:0C:29:4A:88:90
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 00:0C:29:4A:88:9A
inet addr:200.100.100.1 Bcast:200.100.100.255 Mask:255.255.255.0
2、查看主机名
[root@s2 ~]# hostname
s2.benet.com
开启路由转发
[root@s2 squid]# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
3、搭建DNS并验证
[root@s2 ~]# nslookup //此处解析的IP地址是外网的服务器的IP地址
> web.benet.com
Server: 192.168.10.1
Address: 192.168.10.1#53
Name: web.benet.com
Address: 200.100.100.2
>
4、启动防火墙
[root@s2 ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle raw nat filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]
5、清空各个表中的所有规则链
[root@s2 ~]# iptables -F
[root@s2 ~]# iptables -t nat -F
[root@s2 ~]# iptables -t raw -F
[root@s2 ~]# iptables -t mangle -F
7、拷贝Squid主配置文件并过滤
[root@s2 squid]# pwd
/etc/squid
[root@s2 squid]# ls
cachemgr.conf mib.txt msntauth.conf squid.conf.default
errors mime.conf msntauth.conf.default
icons mime.conf.default squid.conf
[root@s2 squid]# cp -p squid.conf squid.conf.bak
[root@s2 squid]# grep -v "^#" squid.conf.bak | grep -v "^$" >squid.conf
8、配置Squid代理服务器端
http_port 192.168.10.1:3128 transparent //监听IP和端口号
reply_body_max_size 1024000 allow all //限制下载最大10M
visible_hostname s2.benet.com //指定可见的主机名
http_access allow all //查找并修改此行,默认是拒绝
9、初始化并启动服务
[root@s2 squid]# service squid restart
Stopping squid: [FAILED]
init_cache_dir /var/spool/squid... Starting squid: .[ OK ]
10、将源IP地址属于192.168.10.0/24网段且访问TCP协议80端口的数据包,重定向转交给运行在本机3128端口上的服务(Squid)进行处理
[root@s2 squid]# iptables -t nat -I PREROUTING -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
11、追踪Squid访问日志记录
[root@s2 squid]# tail -f /var/log/squid/access.log
12、确认客户机的浏览器中不使用代理,再测试
13、查看日志追踪文件
[root@s2 squid]# tail -f /var/log/squid/access.log
1332063358.321 174 192.168.10.2 TCP_MISS/200 549 GET http://web.benet.com/ - DIRECT/200.100.100.2 text/html
1332064094.728 6 192.168.10.2 TCP_MISS/200 460 GET http://web.benet.com/ - DIRECT/200.100.100.2 text/html
1332064097.068 628 192.168.10.2 TCP_MISS/200 460 GET http://web.benet.com/ - DIRECT/200.100.100.2 text/html
配置反向代理
配置反向代理
1、查看IP
eth0 Link encap:Ethernet HWaddr 00:0C:29:4A:88:90
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 00:0C:29:4A:88:9A
inet addr:200.100.100.1 Bcast:200.100.100.255 Mask:255.255.255.0
2、查看主机名
[root@s2 ~]# hostname
s2.benet.com
开启路由转发
[root@s2 squid]# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
3、搭建DNS并验证
[root@s2 ~]# nslookup //此处解析的IP地址是网关的外网卡地址
> www.benet.com
Server: 192.168.10.1
Address: 192.168.10.1#53
Name: web.benet.com
Address: 200.100.100.1
>
4、启动防火墙
[root@s2 ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle raw nat filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]
5、清空各个表中的所有规则链
[root@s2 ~]# iptables -F
[root@s2 ~]# iptables -t nat -F
[root@s2 ~]# iptables -t raw -F
[root@s2 ~]# iptables -t mangle -F
7、拷贝Squid主配置文件并过滤
[root@s2 squid]# pwd
/etc/squid
[root@s2 squid]# ls
cachemgr.conf mib.txt msntauth.conf squid.conf.default
errors mime.conf msntauth.conf.default
icons mime.conf.default squid.conf
[root@s2 squid]# cp -p squid.conf squid.conf.bak
[root@s2 squid]# grep -v "^#" squid.conf.bak | grep -v "^$" >squid.conf
8、配置Squid代理服务器端
http_port 200.100.100.1:3128 vhost //端口号
visible_hostname s2.benet.com //指定可见的主机名
http_access allow all //查找并修改此行,默认是拒绝
9、在squid.conf文件中指向反向代理后台的Web服务器的位置参数(内网有几个服务器就写几个)
cache_peer 192.168.10.2 parent 80 0 originserver weight=5 max-conn=30
10、初始化并启动服务
[root@s2 squid]# service squid restart
Stopping squid: [FAILED]
init_cache_dir /var/spool/squid... Starting squid: .[ OK ]
11、在外网访问测试即可