正向代理(透明+ACL)
服务端: eno16777728: inet 192.168.10.10 主机模式
eno33554968: inet 192.168.1.180 桥接模式
客户端: Address 192.168.10.20
Netmask 255.255.255.0
Gateway 192.168.10.10
DNS Server 8.8.8.8 # DNS 不可写自己本机的,自己本机未配置DNS
114.114.114.114 # 要填写外部DNS
服务端:
[root@linuxprobe ~]# yum install squid [root@linuxprobe ~]# systemctl restart squid [root@linuxprobe ~]# systemctl enable squid ln -s '/usr/lib/systemd/system/squid.service' '/etc/systemd/system/multi-user.target.wants/squid.service' [root@linuxprobe ~]# iptables -F [root@linuxprobe ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
通过iptables命令实现DNS地址解析服务53端口的数据转发功能,并且允许Squid服务器转发IPv4数据包:
[root@linuxprobe ~]# iptables -t nat -A POSTROUTING -p udp --dport 53 -o eno33554968 -j MASQUERADE # 实现DNS地址解析服务53端口的数据转发功能 [root@linuxprobe ~]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 # 允许Squid服务器转发IPv4数据包 [root@linuxprobe ~]# sysctl -p # 让转发参数立即生效 net.ipv4.ip_forward = 1
客户端:
[root@localhost ~]# ping www.baidu.com PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
SNAT数据转发功能的具体配置参数如下:
[root@linuxprobe ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 # 使用iptables防火墙管理命令把所有客户端主机对网站80端口的请求转发至Squid服务器本地的3128端口上 [root@linuxprobe ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eno33554968 -j SNAT --to 192.168.1.180 # 桥接网卡IP地址 [root@linuxprobe ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
Squid服务程序透明代理模式的配置:
[root@linuxprobe ~]# vim /etc/squid/squid.conf 59 http_port 3128 transparent # 在主配置文件中服务器端口号后面追加上transparent单词(“透明的”) 62 cache_dir ufs /var/spool/squid 100 16 256 # 设置缓存的保存路径 [root@linuxprobe ~]# systemctl stop squid # 先关闭squid服务 [root@linuxprobe ~]# squid -k parse # 检查主配置文件是否有错误 [root@linuxprobe ~]# squid -z # 对Squid服务程序的透明代理技术进行初始化 [root@linuxprobe ~]# systemctl restart squid
客户端:
[root@localhost ~]# ping www.baidu.com PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data. 64 bytes from 61.135.169.125: icmp_seq=1 ttl=54 time=16.3 ms 64 bytes from 61.135.169.125: icmp_seq=2 ttl=54 time=17.0 ms 64 bytes from 61.135.169.125: icmp_seq=3 ttl=54 time=19.8 ms 64 bytes from 61.135.169.125: icmp_seq=4 ttl=54 time=17.4 ms
服务端:
[root@linuxprobe ~]# vim /etc/squid/squid.conf 26 acl client src 192.168.10.20 # 限制网站的访问地址 31 http_access allow client 32 http_access deny all [root@linuxprobe ~]# systemctl restart squid [root@linuxprobe ~]# vim /etc/squid/squid.conf 26 acl deny_keyword url_regex -i cto # -i 关键字词 32 http_access deny deny_keyword [root@linuxprobe ~]# systemctl restart squid [root@linuxprobe ~]# vim /etc/squid/squid.conf 26 acl deny_keyword url_regex http://www.51cto.com 32 http_access deny deny_keyword [root@linuxprobe ~]# systemctl restart squid [root@linuxprobe ~]# vim /etc/squid/squid.conf 26 acl deny_keyword url_regex 51cto.com 32 http_access deny deny_keyword [root@linuxprobe ~]# systemctl restart squid
[root@linuxprobe ~]# vim /etc/squid/squid.conf 26 acl badfile url_regex -i .mp3$ .rar$ 32 http_access deny badfile [root@linuxprobe ~]# systemctl restart squid
反向代理
服务端:eno16777728: 桥接模式
服务端:
[root@linuxprobe ~]# yum install squid [root@linuxprobe ~]# systemctl restart squid [root@linuxprobe ~]# systemctl enable squid ln -s '/usr/lib/systemd/system/squid.service' '/etc/systemd/system/multi-user.target.wants/squid.service' [root@linuxprobe ~]# vim /etc/squid/squid.conf 59 http_port 192.168.1.183:80 vhost # 桥接网卡IP地址 60 cache_peer 183.131.146.19 parent 80 0 originserver # 网站源服务器IP地址 [root@linuxprobe ~]# systemctl restart squid
浏览器:192.168.1.183