squid传统代理和透明代理
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了squid传统代理和透明代理相关的知识,希望对你有一定的参考价值。
简介:
squid 服务
传统模式 设置代理地址
透明模式 无需设置代理(网关)
代理服务器软件:
Squid
nginx
具体实验操作:
squid 192.168.120.128
web 192.168.120.129
client 192.168.120.133
squid-3.5.23软件包网址:链接:https://pan.baidu.com/s/1MbswuQi7pmuNj6XAZmmiJg 密码:8xu6
-------------------------手工编译安装squid-------------------------------------
[[email protected] ~]#mkdir /abc
[[email protected] ~]#mount.cifs //192.168.100.1/rhel7 /abc
[[email protected] ~]#cd /abc/Y2C
[[email protected] Y2C]#tar zxvf squid-3.5.23.tar.gz -C /opt/
[[email protected] Y2C]#cd /opt/
[[email protected] opt]# yum install gcc gcc-c++ make -y
----------------------------配置-------------------------------------------------
[[email protected] opt]# cd squid-3.5.23/
[[email protected] squid-3.5.23]# ./configure --prefix=/usr/local/squid
--sysconfdir=/etc
--enable-arp-acl
--enable-linux-netfilter
--enable-linux-tproxy
--enable-async-io=100
--enable-err-language="Simplify_Chinese"
--enable-underscore
--enable-poll
--enable-gnuregex
[[email protected] squid-3.5.23]# make && make install
[[email protected] squid-3.5.23]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
[[email protected] squid-3.5.23]# useradd -M -s /sbin/nologin squid
[[email protected] squid-3.5.23]# chown -R squid.squid /usr/local/squid/var/
[[email protected] squid-3.5.23]# vim /etc/squid.conf
#56行
http_access allow all #在http_access deny all上面插入
#61行
cache_effective_user squid #添加 指定程序用户
#62行
cache_effective_group squid #添加 指定账号基本组
[[email protected] squid-3.5.23]# squid -z #初始化缓存目录
[[email protected] squid-3.5.23]# squid #启动服务
[[email protected] squid-3.5.23]# netstat -ntap | grep 3128 #查看端口
tcp6 0 0 :::3128 :::* LISTEN 45271/(squid-1)
[[email protected] squid-3.5.23]# cd /etc/init.d/
[[email protected] init.d]# vim squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
start)
netstat -natp | grep squid &> /dev/null
if [ $? -eq 0 ]
then
echo "squid is running"
else
echo "正在启动 squid..."
$CMD
fi
;;
stop)
$CMD -k kill &> /dev/null
rm -rf $PID &> /dev/null
;;
status)
[ -f $PID ] &> /dev/null
if [ $? -eq 0 ]
then
netstat -natp | grep squid
else
echo "squid is not running"
fi
;;
restart)
$0 stop &> /dev/null
echo "正在关闭 squid..."
$0 start &> /dev/null
echo "正在启动 squid..."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法: $0{start|stop|status|reload|check|restart}"
;;
esac
------------------------传统代理-------------------------------------------------
[[email protected] init.d]# chmod +x squid
[[email protected] init.d]# chkconfig --add squid
[[email protected] init.d]# chkconfig --level 35 squid on #开机自启动
[[email protected] init.d]# service squid stop #关闭
[[email protected] init.d]# service squid start #开启
[[email protected] init.d]# service squid check #检查语法
[[email protected] init.d]# vim /etc/squid.conf
61 cache_mem 64 MB #指定缓存功能所使用的内存空间大小,便于保持访问比较频繁的WEB
对象,容量最好为4的倍数,单位为MB,建议设为物理内存的1/4
62 reply_body_max_size 10 MB #允许用户下载的最大文件大小(默认为0,不进行限制)
63 maximum_object_size 4096 KB #允许保存到缓存空间的最大对象大小,以KB为单位,超过
大小限制的文件将不被缓存,而是直接转发给用户
[[email protected] init.d]# service squid restart
正在关闭 squid...
正在启动 squid...
[[email protected] init.d]# iptables -F
[[email protected] init.d]# setenforce 0
[[email protected] init.d]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
操作完成后,在客户机上访问192.168.120.128
在访问网站前,先设置代理
到web服务器上查看访问来源
客户机查看web的网页可以被squid服务器所代理
==============================================================
----------------------------------------在第二台上操作-----------------------------------------------
[[email protected] ~]# systemctl stop firewalld.service
[[email protected] ~]# setenforce 0
[[email protected] ~]# yum install httpd -y
[[email protected] ~]# systemctl start httpd
-------------------------------------------设置透明代理-----------------------------------------------
配置双网卡内网ens33 外网ens36
squid 192.168.100.1 内网 ens33
12.0.0.1 外网 ens36
web 12.0.0.12
client 192.168.100.50
#在web上操作:
[[email protected] logs]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
IPADDR=12.0.0.12
NETMASK=255.255.255.0
GATEWAY=12.0.0.1
[[email protected] logs]# service network restart
Restarting network (via systemctl): [ 确定 ]
#代理服务器上
[[email protected] logs]#cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]#vim ifcfg-ens33
IPADDR=192.168.100.1
NETMASK=255.255.255.0
[[email protected] network-scripts]#cp ifcfg-ens33 ifcfg-ens37
[[email protected] network-scripts]#vim ifcfg-ens37
删除uidd
BOOTPROTO=static
NAME=ens37
DEVICE=ens37
IPADDR=12.0.0.1
[[email protected] network-scripts]#service network restart
----------------------------------代理服务器上-------------------------------------------
[[email protected] network-scripts]#echo "1" > /proc/sys/net/ipv4/ip_forward
[[email protected] network-scripts]#iptables -F
[[email protected] network-scripts]#iptables -t nat -F
[[email protected] network-scripts]#setenforce 0
[[email protected] network-scripts]#vim /etc/squid.conf
60 http_port 192.168.100.1:3128 transparent
[[email protected] network-scripts]# iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[[email protected] network-scripts]#iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
[[email protected] network-scripts]#service squid reload
用客户机访问12.0.0.12
(关闭代理设置再访问)
访问后到web上
[[email protected] ~]# cd /etc/httpd/
[[email protected] httpd]# cd logs
[[email protected] logs]# ls
access_log error_log
[[email protected] logs]# vim access_log
#squid的传统代理和透明代理就完成了,下一次再介绍squid的日志和反向代理#
以上是关于squid传统代理和透明代理的主要内容,如果未能解决你的问题,请参考以下文章