Squid installation and configuration [root @ localhost ~] # Yum-yinstallsquid [root @ localhost ~] # Rpm-qlsquid (release file) etcsquidsquid. confetcsquidmsntauth. conf. default (configuration file template) varlogsquid (log directory) varspoolsquid (cache directory)
Squid installation and configuration [root @ localhost ~] # Yum-y install squid [root @ localhost ~] # Rpm-ql squid (release file)/etc/squid. conf/etc/squid/msntauth. conf. default (configuration file template)/var/log/squid (log directory)/var/spool/squid (cache directory)
SquidInstallAndConfiguration
[Root @ localhost ~] # Yum-y install squid
[Root @ localhost ~] # Rpm-ql squid (release a file)
/Etc/squid. conf
/Etc/squid/msntauth. conf. default (ConfigurationFile template)
/Var/log/squid (log directory)
/Var/spool/squid (cache directory)
[Root @ localhost ~] # Vim/etc/squid. confConfiguration)
Http_port 3128
Cache_mem 64 MB memory usage
Maximum_object_size 4096 KB (max cache)
Access_log/var/log/squid/access. log squid
Visible_hostname proxy.openlab.com (proxy server host name)
Dns_testnames www.google.com www.163.com (test DNS)
Cache_dir ufs/var/spool/squid 100 16 256 (100 M ,)
1. squidBasic proxy for server implementation
Squid Server
Eth0 200.200.200.10
Eth1 192.168.10.8
WEB Server
Eth0 200.200.200.100
[Root @ www ~] # Iptables-p input drop (-P default rule)
[Root @ localhost ~] # Iptables-I INPUT-p tcp -- dport 22-j ACCEPT
[Root @ localhost ~] # Iptables-I INPUT-p tcp -- dport 80-j ACCEPT
Squid Server
[Root @ localhost ~] # Service squid restart (start service, no needConfiguration)
Stopping squid: ...... [OK]
Starting squid:. [OK]
[Root @ localhost ~] # Vim/etc/squid. conf
Cache_dir ufs/var/spool/squid 100 16 256 (remove the front #)
Reply_body_max_size 10 MB (attachments larger than 10 MB cannot be downloaded. This line needs to be added)
Acl RealFile urlpath_regex-I \. mp3 $ (add an acl)
(Http_access deny all)
2.Transparent proxy
SquidServer
Eth0 200.200.200.10 eth1 192.168.10.8
[Root @ localhost ~] # Vim/etc/squid. conf
Http_port 192.168.10.8: 3128 transparent
[Root @ localhost ~] # Iptables-t nat-I prerouting-I eth1-s 192.168.10.0/24-p tcp -- dport 80-j REDIRECT -- to-ports 3128
[Root @ localhost ~] # Service iptables save
Enable route forwarding
[Root @ localhost ~] # Vim/etc/sysctl. conf
Net. ipv4.ip _ forward = 0
[Root @ localhost ~] # Sysctl-p
ConfigurationNat
[Root @ localhost ~] # Iptables-t nat-I POSTROUTING-s 192.168.10.0/24-o eth1-j SNAT -- to-source 200.200.200.10
WEB Server
Eth0 200.200.200.100
[Root @ localhost ~] # Iptables-L -- line-numbers
Chain INPUT (policy DROP)
Num target prot opt source destination
1 ACCEPT tcp -- anywhere tcp dpt: http
2 ACCEPT tcp -- anywhere tcp dpt: ssh
Test
3. SquidReverse Proxy
[Root @ localhost ~] # Vim/etc/squid. conf
Http_port 218.29.30.31: 80 vhost (vhost virtual host, 80 because the default http port is 80, so the proxy port is written as 80)
Cache_peer 192.168.2.11 parent 80 0 originserver weight = 5 max-conn = 30 (originserver represents the real server, weight, the larger the priority)
Cache_peer 192.168.2.12 parent 80 0 originserver weight = 5 max-conn = 30
Cache_peer 192.168.2.13 parent 80 0 originserver weight = 5 max-conn = 30
Cache_peer 192.168.2.14 parent 80 0 originserver weight = 1 max-conn = 8
Http_access allow all (allow all external access)
[Root @ localhost ~] # Service squid restart
Unintentional