a simple record of squid. Configuration of transparent proxy server
Environment: VirtualBox + CentOS 6.0 + squid-3.1.4-1.el6.i686
0, check whether squid is installed by default, not installed first installed
[Email protected] ~]# Rpm-qa squid
squid-3.1.4-1.el6.i686
1, the virtual machine to add two network cards, all set up bridge, configuration Ip,eth0 as an external network, eth1 as the intranet, note the configuration files in the network card MAC address to match the device!
[Email protected] ~]# Vim/etc/sysconfig/network-scripts/ifcfg-eth0
Device= "Eth0"
Onboot=yes
Type=ethernet
hwaddr=08:00:27:bc:6a:0d
ipaddr=172.17.1.221
Prefix=24
gateway=172.17.1.254
dns1=172.16.5.133
Name= "System eth0" </p> <p>[[email protected] ~]# vim/etc/sysconfig/network-scripts/ifcfg-eth1
Device= "Eth1"
Onboot=yes
Type=ethernet
Hwaddr=08:00:27:20:52:b2
ipaddr=192.168.1.254
Prefix=24
Name= "System eth1" </p> <p>[[email protected] ~]#/etc/init.d/network restart #重新启动网卡
No Internet access after configuration, note the route command to see the default route. Recommended eth1 do not set the gateway, the trouble of the province, of course, if you are willing to configure the default route is also not so-called.
2. Configure squid and transparent mode
[Email protected] ~]# Cp/etc/squid/squid.conf/etc/squid/squid.conf.bak
[Email protected] ~]# vim/etc/squid/squid.conf
For the sake of convenience, I directly change the following line to http_access allow all, the reader can modify the allowable range.
# and finally deny all other access to the This proxy
Http_access Deny All
Remember to add the following statement at the bottom of the configuration file, or squid will not start!
Visible_hostname localhost
If you want to use transparent mode, add the keyword "Transparent" after the port.
Without the use of transparent mode, this line does not have to change, after the 3rd step can jump straight to the 7th step test.
# Squid normally listens to port 3128
Http_port 3128 Transparent
3. Start Squid
[Email protected] ~]# Service squid restart
4. Configure iptables for transparent proxy, set forward
In order to save trouble, create a shell script directly, turn on traffic between network cards, turn on NAT, set up DNS forwarding, set 80 port traffic all forward to 3128 port to squid processing.
[Email protected] ~]# vim squid.sh #创建脚本文件
#!/bin/bash
echo "1" >/proc/sys/net/ipv4/ip_forward
Modprobe Iptable_nat
/sbin/iptables-t nat-a Postrouting-j Masquerade
Iptables-t nat-a prerouting-p UDP--dport 53-j DNAT--to 172.16.5.133
Iptables-t nat-a prerouting-i eth1-p tcp-s 192.168.1.0/24--dport 80-j REDIRECT--to-ports 3128</p> <p>[ [Email protected] ~]# chmod o+x squid.sh #给脚本执行权限
[Email protected] ~]#/squid.sh #启动脚本
5. Save the iptables designation to the configuration file
[[Email protected] ~]# service Iptables Save
6. Restart Iptables
[Email protected] ~]# service iptables restart
7, test squid transparent agent
Client settings IP Address: 192.168.1.x/24
Gateway: 192.168.1.254
DNS server: 192.168.1.254
8, open IE, do not set the proxy (because it is transparent proxy), input www.jb51.net If you can open the success.
9, supplemental non-transparent agent test method: Open IE-tools-Internet Options-Connection-LAN settings-proxy server, set the server IP to 192.168.1.254, Port 3128, OK.
A detailed explanation of the process of configuring Squid Proxy server under Linux system