1. Traditional proxy
Traditional proxies can hide IP addresses mostly for the Internet.
In Linux, squid is not installed by default. Therefore, you must install the support for the perl language pack in red hat.
The squid proxy server requires two Nics. First, ensure that your traffic passes through the linux server. Therefore, ensure that SNAT can communicate with each other.
1) configure network parameters
In the test, a network card is redirected to VM2. VM3. The intranet eth0 corresponds to the VM2 Internet eth1 corresponds to VM3.
Configure the host name: it is very important to configure the host name for proxy servers or other tasks.
Warning: During the experiment, the client and the Accessed server firewall are disabled or ICMP packets are allowed to pass through. Otherwise, ping the server may fail.
2) write iptables firewall rules and enable route forwarding
The SNAT rules required here are: iptables-t nat-a postrouting-s [intranet IP address]-o [outgoing Nic, that is, Internet Nic] SNAT -- to-source [Internet IP address] 650) this. width = 650; "src ="/e/u261/themes/default/images/spacer.gif "style =" background: url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center; border: 1px solid # ddd; "alt =" spacer.gif "/>
650) this. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4D/F2/wKioL1RcziGARnMVAAGOGxQ6ShQ867.jpg "title =" 1.png" alt = "wKioL1RcziGARnMVAAGOGxQ6ShQ867.jpg"/>
Enable route forwarding: vi/etc/sysctl. conf. Modify net. ipv4.ip _ forward = 1 and initialize sysctl-p
3) verify SNAT
650) this. width = 650; "src ="/e/u261/themes/default/images/spacer.gif "style =" background: url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center; border: 1px solid # ddd; "alt =" spacer.gif "/> 650) this. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4D/F3/wKiom1RczcOg33owAARV627o-jA348.jpg "title =" 2 (2).jpg "alt =" wKiom1RczcOg33owAARV627o-jA348.jpg "/>
The first Red Hat is firewall 2008, and the second linux is that the client accesses the server through firewall rules forwarding.
4) the installation of the squid server rpm package is not detailed here.
5) configure necessary parameters (traditional proxy)
Http_port 3128
Visible_hostname [your host name]
Reply_body_max_size [maximum download volume you want to allow, for example, 10240000 (unit: K)] allow all
6) restart the squid proxy server for initialization.
Or squid-z (Initialize cache directory) squid-D (start squid service)
7) client settings
In the lan settings, 650) this. width = 650; "src ="/e/u261/themes/default/images/spacer.gif "style =" background: url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center; border: 1px solid # ddd; "alt =" spacer.gif "/>
650) this. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4D/F2/wKioL1RczmqTyBl2AANdO19IxlU275.jpg "title =" 3.jpg" alt = "wKioL1RczmqTyBl2AANdO19IxlU275.jpg"/>
In linux
Set in preference advanced network
650) this. width = 650; "src ="/e/u261/themes/default/images/spacer.gif "style =" background: url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center; border: 1px solid # ddd; "alt =" spacer.gif "/> 650) this. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4D/F2/wKioL1RczoLTR41nAANJbmYfZLU368.jpg "title =" 4.png" alt = "wKioL1RczoLTR41nAANJbmYfZLU368.jpg"/>
If you use the graphical interface liunx, you need to manually specify the environment variable
Vi/etc/profile
HTTP_PROXY = http: // [proxy server IP address] // specify the proxy server for HTTP
HTTPS_PROXY = http: // [proxy server IP address] // specify the proxy server for HTTPS
FTP_PROXY = http: // [proxy server IP address] // for FTP
NO_PROXY = 192.168.1., 192.168.2. // no proxy is used for the two LAN segments.
Export HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY // application
8) run tail/var/log/httpd/access_log to view httpd access logs.
2, Transparent proxy
Transparent Proxy is mostly used for LAN clients without manual settings
1) modify the configuration file
650) this. width = 650; "src ="/e/u261/themes/default/images/spacer.gif "style =" background: url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center; border: 1px solid # ddd; "alt =" spacer.gif "/> 650) this. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4D/F3/wKiom1RczjvCk2g_AACcZgFKajM197.jpg "title =" 5.jpg" alt = "wKiom1RczjvCk2g_AACcZgFKajM197.jpg"/>
Add the IP address of the proxy server
2) set iptables redirection policy
650) this. width = 650; "src ="/e/u261/themes/default/images/spacer.gif "style =" background: url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center; border: 1px solid # ddd; "alt =" spacer.gif "/> 650) this. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4D/F2/wKioL1RcztTB2PETAACN4SAQhYY019.jpg "title =" 6.png" alt = "wKioL1RcztTB2PETAACN4SAQhYY019.jpg"/>
3) verify: Clear the specified proxy server. Do not manually set the proxy. If you have just finished the traditional proxy, manually remove it.
Dynamically view squid logs tail-F/var/log/squid/access. log
650) this. width = 650; "src ="/e/u261/themes/default/images/spacer.gif "style =" background: url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center; border: 1px solid # ddd; "alt =" spacer.gif "/> 650) this. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4D/F3/wKiom1RcznqDSKi2AACa2IeoaZY722.jpg "title =" 7.jpg" alt = "wKiom1RcznqDSKi2AACa2IeoaZY722.jpg"/>
A description is added successfully.
This article is from the "IT technology blog" blog, please be sure to keep this source http://xingxingxingxin.blog.51cto.com/4794205/1574210
Squid proxy server)