Training purpose
Project Background
Proxy server introduction
Proxy server type
Squid package
-软件包名:squid
-服务名:squid
-主程序:/usr/sbin/squid
-配置目录:/etc/squid/
-主配置文件:/etc/squid/squid.conf
-默认监听端口:TCP 3128
-默认访问日志文件:/var/log/squid/access.log
Common configuration items
Typical application management of general agent service
surroundings
Ready to work
A Redhat as a web server: www.163.com=218.29.30.29/24 (no need to configure gateway and DNS)
A Redhat is used as a Squid proxy server, and two network cards are required (no need to configure gateway and DNS)
VMnet1=218.29.30.31/24
VMnet2=192.168.1.1/24
Copy the network card, and enter to modify, delete the Mac address and UID
Stop after configuring VMnet2
[root@redhat network-scripts]# service NetworkManager stop
An xp system
Clear two server firewalls
Check whether it is turned on: iptables -L
xp close the firewall
Experiment on the Squid server
start testing
First test whether it can be pinged and
can communicate.
Continue
Start the web service on the web server,
write something on the web
vim index.htnl
, access the web server on Squid,
and enter the IP of the web server to view
Start to configure squid proxy server
Configure Yum source
@centos ~]$ umount /dev/sr0
@centos ~]$ mkdir /iso
@centos ~]$ mount /dev/sr0 /iso
@centos ~]$ rm -rf /etc/yum.repos.d/*
@centos ~]$ vim /etc/yum.repos.d/dvd.rep
[dvd]
name=dvd
baseurl=file:///iso
gpgcheck=0
@centos ~]$ yum clean all
@centos ~]$ yum install -y squid
@centos ~]$ vim /etc/squid/squid.conf
找到http_port 3128 改成http_port 8080
然后添加一个参数
visible_hostname 主机名称
启动squid:service squid start
设置开机:chkconfig squid on
General proxy server configuration is complete
Set up the client
Successful access
Log and record on the
proxy server End of ordinary proxy server
Next
Transparent proxy server configuration
Basic conditions
Use the original topology map
Implementation steps
-Modify the configuration file
@centos ~]$ vim /etc/squid/squid.conf
修改成http_port 192.168.1.1:8080 transparent
保存
重启:service squid restart
-Add iptables rules (here is eth1, you need to check the configuration of your own network card)
nat:存放一些端口规则
-I:添加插入一条(这里是大写的i)
PRERPUTING:修改目标IP、端口的规则
-i:是input,进入
eth1:进入的接口
-s 192.168.1.0/24:进来的网络
-p tcp --dport 80:目标端口为tcp的80端口
REDIRECT:做一个重定向为ports 8080(就是转给代理服务器监听端口)
@centos ~]$ iptables -t nat -I PREROUTING -i eth1 -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to
-ports 8080
查看
@centos ~]$ iptables -t nat -L
保存防火墙配置
@centos ~]$ service iptables save
Configure the client
Delete the previous configuration first, the
network must be configured
Access is successful The
experiment is complete, you can check the log yourself