Use Linux iptables for proxy server and firewall configuration (2)

Article Title: Using Linux iptables for proxy server and firewall configuration (2 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

5. cache proxy squid

1) Installation Package

Squid-2.5.STABLE1-2

2) Main configuration file

/Etc/squid. conf

Content:

Http_port: Specifies the port that squid listens to customer requests. The default value is 3128. To use a proxy, we recommend that you use this port value together with the IP address of the machine running squid;

Example: http_port 192.168.0.2: 3128

Note: squid is bound to the IP address 192.168.0.2 and the port is 3128.

Cache_mgr: When an error occurs on the current page, the proxy server will send an email message to the user registered with this configuration item, and configure it as the administrator's actual email address;

Example: cache_mgr shuke@shuke.com

(Contemporary management page errors, send messages to the shuke@shuke.com.

Http_access: HTTP access is allowed. This is the main access control list. All access requests are denied by default.

Example: http_access allow all

Note: All access requests are accepted.

Cache_dir: defines the disk cache space to store copies of accessed pages or other resources.

Format: cache_dir Type Directory-Name Fs-specific-data [options]

Note:

Type: storage Type, generally set to ufs;

Directory-Name: indicates the cache location. The default setting is cache_dir ufs/var/spool/squid 100 16 256. 100 indicates that the maximum cache space is 100 MB; 16-256 indicates the number of level-1 and level-2 directories under the cache directory.

Start command:/etc/rc. d/init. d/squid start

Settings required by the client:

Internet Explorer option-LAN Settings-select the proxy server and do not use the proxy server for the local address. Enter the proxy IP address and port number.

3) 13 configuration options of squid. conf:

Network options (related network options ):

Options which affect the neighbor selection algorithm (related OPTIONS acting on the neighbor selection algorithm ):

Options which affect the cache size (related OPTIONS defining THE cache SIZE ):

Logfile pathnames and cache directories (defines the path of the log file AND the cache directory)

Options for external support programs (external support Program OPTIONS)

Options for tuning the cache (THE option to adjust THE cache)

TIMEOUTS (timeout)

ACCESS CONTROLS)

ADMINISTRATIVE PARAMETERS)

Options for the cache Registry SERVICE (cache registration service options)

HTTPD-ACCELERATOR OPTIONS (HTTPD acceleration OPTIONS)

MISCELLANEOUS (MISCELLANEOUS)

DELAY POOL PARAMETERS)

Network options:

Tcp_incoming_address specifies the IP address bound to the client or other squid proxy servers;

Tcp_outgoing_address specifies the IP address that initiates a connection to the remote server or other squid proxy servers.

Udp_incoming_address: Specifies the IP address for receiving packets from other squid proxy servers. udp_outgoing_address specifies the IP address for sending packets to other squid proxy servers;

No IP address is bound by default. The binding address can be specified by an ip address or a complete domain name.

Swap space setting options:

Cache_swap_low (percent, 0-100)

Cache_swap_high (percent, 0-100)

Note: squid uses a large amount of swap space to store objects. After a certain period of time, the swap space will be used up, so you must regularly clear objects lower than a certain horizontal line according to a certain indicator. Squid uses the so-called least recently used algorithm (LRU) to do this. When the used swap space reaches cache_swap_high, squid clears the objects whose values are lower than a certain horizontal line according to the LRU calculation. This cleanup continues until the used space reaches cache_swap_low. The two values are expressed in percentages. If you are using a large swap space, we suggest you reduce the gap between the two values, because one percentage point may be several hundred megabytes of space, this will inevitably affect squid performance. Default Value:

Cache_swap_low 90

Cache_swap_high 95

Maximum_object_size

Note: objects larger than this value will not be stored. If you want to increase the access speed, lower this value. If you want to save the bandwidth to the maximum extent and reduce the cost, increase this value. Unit: K. Default Value:

Maximum_object_size 4096 KB

Log options:

Cache_access_log:

Description: Specifies the full path (including the file name and directory) of the log recorded by the customer request. The request can be an HTTP request from a common user or an ICP request from a neighbor. The default value is cache_access_log/var/log/squid/access. log. If you do not need this log, use the following statement to cancel it: cache_access_log none;

Cache_store_log

Description: Specifies the full path of OSS logs (including the file name and directory ). This record indicates which objects are written to the swap space and which objects are cleared from the swap space. The default path is cache_log/var/log/squid/cache. log. If you do not need this log, use the following statement to cancel it: cache_store_log none;

Cache_log:

Description: Specify the complete path of the squid General Information log (including the file name and directory ). The default path is cache_log/var/log/squid/cache. log;

Cache_swap_log:

Note: This option specifies the full path (including the file name and directory) of the "swap. log" log in each swap space ). The log file contains metadata of objects stored in the swap space (metadata ). Generally, the system automatically saves the file in the top-level directory defined by the first "cache_dir", but you can also specify other paths. If you define multiple "cache_dir", the corresponding log file may be as follows:

Cache_swap_log.00

Cache_swap_log.01

Cache_swap_log.02

The subsequent numeric extensions correspond to multiple specified "cache_dir" one by one. Note that it is best not to delete such log files, otherwise squid will not work properly;

Pid_filename:

Description: Specify the full path of the log that records the squid process number (including the file name and directory ). The default path is

Pid_filename/var/run/squid. pid. If you do not need this file, use the following statement to cancel: pid_filename none;

Debug_options:

Description: controls the amount of information recorded during logging. It can be controlled from two aspects: section control records from several aspects; level control records in each aspect. The recommended method (also the default method) is: debug_options ALL, 1, that is, each aspect is recorded, but the details are 1 (lowest );

Log_fqdn on | off:

Note: The method of recording user addresses in access. log is controlled. When this option is enabled, squid records the complete Domain Name of the customer. When this option is disabled, squid records the customer's IP address. Note: enabling this option will increase the burden on the system, because squid still needs to query the DNS of the customer's ip address. The default value is log_fqdn off.

[1] [2] [3] Next page