Build Squid Proxy Server

Build Squid Proxy Server

Prepare the environment:

Client: 192.168.118.4

Squid Proxy Server: 192.168.118.3 (intranet IP) 1.1.1.1 (Internet IP)

Web server: 1.1.1.2

Goal: the client accesses the Web server through the Squid Proxy Server

I. Common proxy

1. First, shut down the firewalls of each host, and then implement intercommunication between the squid server and the other two machines.

2. Build an HTTP service for the Web Server

[[Email protected] ~] # Yum-y install httpd

[[Email protected] ~] # Service httpd start

[[Email protected] ~] # Cd/var/www/html/

[[Email protected] HTML] # echo "it is work"> index.html

Test whether access is successful

[[Email protected] HTML] # elinks -- dump 1.1.1.2

3. Install the squid service on the server

[[Email protected] ~] # Yum-y install squid

[[Email protected] ~] # Service squid start

[[Email protected] ~] # Cd/etc/squid/

[[Email protected] SQUID] # mv squid. conf squid. conf. Bak

[[Email protected] SQUID] # grep-ve "^ $ | ^ #" squid. conf. Bak> suqid. conf

[[Email protected] SQUID] # Vim squid. conf

Modify to allow access from all hosts

Http_access allow all

Add cache directory and advanced cache directory

Cache_dir ufs/var/spool/squid 100 16 256

Cache_mem 64 MB

[[Email protected] SQUID] # service squid restart

Test web server access

[[Email protected] SQUID] # elinks -- dump 1.1.1.2

4. Set the client browser

Taking Firefox as an Example

Preference-advanced-Network-settings-manually configure proxy-HTTP Proxy: 192.168.118.3 port: 3128

Then access web server 1.1.1.2 through a browser

Ii. Transparent proxy

1. It must be a gateway host in the network.

2. the Firewall Service and the Firewall Service must run on the same server.

3. Modify the squid Server

[[Email protected] SQUID] # Vim/etc/squid. conf

Modify

Http_port 3128 transparent

[[Email protected] SQUID] # service squid restart

Stop squid:. [OK]

Start squid:. [OK]

4. Modify firewall rules

[[Email protected] SQUID] # service iptables start

[[Email protected] SQUID] # iptables-T Nat-A prerouting-s 192.168.118.0/24-I eth0-P TCP -- dport 80-J redirect -- to-ports 3128

View firewall rules

[[Email protected] SQUID] # iptables-T nat-l

Save firewall rules

[[Email protected] SQUID] # service iptables save

5. Modify the client

Cancel browser proxy

Set the gateway to the IP address of the squid Server

[[Email protected] ~] # Route add default GW 192.168.118.3

[[Email protected] ~] # Route-n

Test web server access

[[Email protected] ~] # Elinks -- dump 1.1.1.2

Iii. Access Control List

1. implemented based on transparent transmission

2. modify the configuration file of the squid server host

3. [[email protected] ~] # Vim/etc/squid. conf

Add the following

ACL pc22 SRC 192.168.118.22/32 // declare an address whose source address is 192.168.118.22

ACL no_time time mtwhf-// declare a time period from to every day from Monday to Friday

ACL no_nodamin dstdomain Baidu.com QQ.com // declare two domains

ACL no_url urlpath_regex-I \. MP3 $ \. MP4 $ // declare two URL addresses: Music address and movie address.

ACL mynet SRC 192.168.118.0/24 // define a network segment

Http_access deny pc22 // reject access to the Internet from 192.168.118.22

Http_access deny mynet no_time no_nodamin no_url // reject the IP address range 192.168.118.0 for accessing the specified website and URL within the specified time range

Http_access allow mynet // allow access from all hosts in This CIDR Block

Modify

Http_access deny all // Deny Access From All Hosts

[[Email protected] ~] # Service squid restart

4. Verify the Intranet Client

[[Email protected] ~] # Elinks -- dump 1.1.1.2

Modify IP Address

[[Email protected] ~] # Ifconfig eth0 192.168.118.22

[[Email protected] ~] # Elinks -- dump 1.1.1.2

Access Error found

It can be concluded that the squid ACL Configuration takes effect.

Iv. Reverse Proxy

Use an intranet host as a Web server for access from an Internet host

1. Configure the following on the host whose Intranet Client IP address is 192.168.1.4

Install HTTP service

[[Email protected] ~] # Yum-y install httpd

[[Email protected] ~] # Vim/etc/httpd/CONF/httpd. conf

Add the following domain name-based VM

Namevirtualhost *: 80

<Virtualhost *: 80>

Servername www.tarena.com

DocumentRoot/var/www/html

</Virtualhost>

<Virtualhost *: 80>

Servername bbs.tarena.com

DocumentRoot/BBS

</Virtualhost>

Create a VM Home Page

[[Email protected] ~] # Echo "<center>

[[Email protected] ~] # Mkdir/BBS

[[Email protected] ~] # Echo "bbs.tarena.com">/BBS/index.html

Restart service

[[Email protected] ~] # Service httpd restart

Add domain name resolution

[[Email protected] BBS] # Vim/etc/hosts

Add

192.168.118.4 www.tarena.com WWW

192.168.118.4 bbs.tarena.com BBS

Verify that the VM can be accessed correctly

[[Email protected] BBS] # elinks -- dump www.tarena.com

Inside-Web

[[Email protected] BBS] # elinks -- dump bbs.tarena.com

Bbs.tarena.com

2. Modify the squid host configuration file

[[Email protected] ~] # Vim/etc/squid. conf

Modify

Http_access allow all

Http_port 80 vhost

Add

Cache_peer 192.168.118.4 parent 80 0 originserver

Restart service

[[Email protected] ~] # Service squid restart

3. Modify the host whose Internet IP address is 1.1.1.2

Add domain name resolution

[[Email protected] ~] # Vim/etc/hosts

Add

1.1.1.1 www.tarena.com WWW

1.1.1.1 bbs.tarena.com BBS

Verify

[[Email protected] ~] # Elinks -- dump www.tarena.com

Inside-Web

[[Email protected] ~] # Elinks -- dump bbs.tarena.com

Bbs.tarena.com

Can I access the web of an Intranet host successfully?

Build Squid Proxy Server