squid

Posted 2021-03-17 dinghailong128

正向代理（透明）

服务端：eno16777728: inet 192.168.10.10  主机模式

        eno33554968: inet 192.168.1.180  桥接模式

客户端：Address        192.168.10.20

              Netmask         255.255.255.0

              Gateway         192.168.10.10

              DNS Server    8.8.8.8

                                   114.114.114.114

 

服务端：

[root@linuxprobe ~]# yum install squid

[root@linuxprobe ~]# systemctl restart squid

[root@linuxprobe ~]# systemctl enable squid

ln -s ‘/usr/lib/systemd/system/squid.service‘ ‘/etc/systemd/system/multi-user.target.wants/squid.service‘

 

[root@linuxprobe ~]# iptables -F

[root@linuxprobe ~]# service iptables  save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

 

通过iptables命令实现DNS地址解析服务53端口的数据转发功能，并且允许Squid服务器转发IPv4数据包:

[root@linuxprobe ~]# iptables -t nat -A POSTROUTING -p udp --dport 53 -o eno33554968 -j MASQUERADE                                                                                   # 实现DNS地址解析服务53端口的数据转发功能

[root@linuxprobe ~]# vim /etc/sysctl.conf

net.ipv4.ip_forward=1                                      # 允许Squid服务器转发IPv4数据包

[root@linuxprobe ~]# sysctl -p                          # 让转发参数立即生效

net.ipv4.ip_forward = 1

 

SNAT数据转发功能的具体配置参数如下:

[root@linuxprobe ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

                     # 使用iptables防火墙管理命令把所有客户端主机对网站80端口的请求转发至Squid服务器本地的3128端口上

[root@linuxprobe ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eno33554968 -j SNAT --to 192.168.1.180

                                                                                                                                                   # 桥接网卡IP地址

[root@linuxprobe ~]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

 

Squid服务程序透明代理模式的配置:

[root@linuxprobe ~]# vim /etc/squid/squid.conf

59 http_port 3128 transparent                                   # 在主配置文件中服务器端口号后面追加上transparent单词（“透明的”）

62 cache_dir ufs /var/spool/squid 100 16 256      # 设置缓存的保存路径

 

[root@linuxprobe ~]# systemctl stop squid         # 先关闭squid服务

[root@linuxprobe ~]# squid -k parse                  # 检查主配置文件是否有错误

[root@linuxprobe ~]# squid -z                          # 对Squid服务程序的透明代理技术进行初始化

[root@linuxprobe ~]# systemctl restart squid

 

 

 

客户端：

[root@linuxprobe ~]# ping www.baidu.com

 

 

[root@linuxprobe ~]# vim /etc/squid/squid.conf

 26 acl client src 192.168.10.20           # 限制网站的访问地址

 31 http_access allow client

 32 http_access deny all

[root@linuxprobe ~]# systemctl restart squid

 

 

[root@linuxprobe ~]# vim /etc/squid/squid.conf

 26 acl deny_keyword url_regex -i cto       # -i 关键字词

 32 http_access deny deny_keyword

[root@linuxprobe ~]# systemctl restart squid

 

 

[root@linuxprobe ~]# vim /etc/squid/squid.conf

 26 acl deny_keyword url_regex http://www.51cto.com

 32 http_access deny deny_keyword

[root@linuxprobe ~]# systemctl restart squid

 

 

[root@linuxprobe ~]# vim /etc/squid/squid.conf

 26 acl deny_keyword url_regex 51cto.com

 32 http_access deny deny_keyword

[root@linuxprobe ~]# systemctl restart squid

 

 

[root@linuxprobe ~]# vim /etc/squid/squid.conf

 26 acl badfile url_regex -i .mp3$ .rar$

 32 http_access deny badfile

[root@linuxprobe ~]# systemctl restart squid

 

 

反向代理

服务端：eno16777728:  桥接模式

 

服务端：

[root@linuxprobe ~]# yum install squid

[root@linuxprobe ~]# systemctl restart squid

[root@linuxprobe ~]# systemctl enable squid

ln -s ‘/usr/lib/systemd/system/squid.service‘ ‘/etc/systemd/system/multi-user.target.wants/squid.service‘

 

[root@linuxprobe ~]# vim /etc/squid/squid.conf

 59 http_port 192.168.1.183:80 vhost                                            # 桥接网卡IP地址

 60 cache_peer 183.131.146.19 parent 80 0 originserver                  # 网站源服务器IP地址

[root@linuxprobe ~]# systemctl restart squid

 

浏览器：192.168.1.183