Article title: complete transparent proxy solution in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
By everywhere
Abstract: This article discusses how to implement transparent proxy through Ipchains and squid in Linux.
Hardware environment: 3Com RAS1500 IBM Pc Server 320
Software Environment: Redhat6.2 Squid 2.3.STABLE4
This article assumes that there is an application environment where a dial-up server in the network provides the dial-up access service for users. its IP address is 192.168.2.32, and there are 30 lines of the server, the available IP address is 192.168.2.1-192.168.2.30. That is to say, the dial-up user obtains an internal IP address ranging from 1 to 31. in the network, a Linux server is set for the dial-up user, which runs the proxy server implemented by Squid, IPChains rules are configured. The Squid proxy provides proxy buffer for the customer's www access to increase its Internet access speed. However, the use of IPChains can make the proxy transparent to the customer and provide Internet access for non-www access.
The network topology is as follows:
Of course, if you want to use a transparent proxy to speed up Lan Internet access, the principle is the same. only the ip addresses allowed to pass through are different. here, I only allow the ip addresses of dial-up users to pass through the transparent proxy.
1. install and configure Squid
1. 1. what is Squid?
Squid is a high-performance proxy cache server. Squid supports FTP, gopher, and HTTP protocols. Unlike general proxy cache software, Squid uses a separate, non-modular, I/O-driven process to process all client requests.
Squid caches data elements in the memory and DNS query results. In addition, Squid also supports non-modular DNS queries to negatively cache failed requests. Squid supports SSL and access control. Because of the use of ICP (lightweight Internet Cache Protocol), Squid can implement a layered proxy array to maximize bandwidth savings.
Squid is composed of a major service program squid, a DNS query program dnsserver, several programs that rewrite requests and perform authentication, and several management tools. After Squid is started, it can derive a specified number of dnsserver processes in advance, and each dnsserver process can execute a separate DNS query, in this way, the time for the server to wait for DNS query is greatly reduced.
1.2.Squid download and installation
Download the software from Squid's official site http://www.squid-cache.org;
1) copy the file to the/usr/local directory.
2) unbind the file tar xvzf squid-2.3.STABLE4-src.tar.gz.
3) after unlocking, a new directory squid-2.3.STABLE4 is generated in/usr/local
4) enter squid
Cd squid-2.3.STABLE4
5) Execute./configure and use./confgure -- prefix =/directory/you/want to specify the installation directory. The default installation directory is/usr/local/squid.
6) execute make all.
7) execute make install
8) after the installation is complete, the executable file of squid is located in the bin subdirectory of the installation directory, and the configuration file is located in the etc subdirectory.
1.3.Squid configuration
The Squid configuration file is/usr/local/squid/etc/squid. conf. After the installation is successful, the system has a default configuration file. you only need to modify this configuration file. First, I will use Squid to list the options that must be opened in the configuration file of transparent proxy as follows:
Description: defines the port on which squid listens for HTTP client connection requests. The default value is 3128. if the HTTPD acceleration mode is used, the value is 80. You can specify multiple ports, but all the specified ports must be on one command line.
* Cache_mem (bytes)
Note: This option is used to specify the ideal memory value that squid can use. This part of memory is used to store the following objects:
In-Transit objects (input object)
Hot Objects)
Negative-Cached objects (passive storage objects)
Note that this does not indicate that the memory used by squid must not exceed this value. In fact, this option only defines one aspect of the memory used by squid, squid also uses memory in other aspects. Therefore, the actual memory used by squid may exceed this value. The default value is 8 MB.
* Cache_dir Directory-Name Mbytes Level-1 Level2
Note: the specified squid is used to store the size of the object's swap space and its directory structure. You can use multiple cache_dir commands to define multiple such swap spaces, and these swap spaces can be distributed across different disk partitions. "Directory" indicates the top-level directory of the swap space. If you want to use the entire disk as the swap space, you can mount the entire disk as a mount point. The default value is/var/spool/squid. "Mbytes" defines the total amount of available space. Note that the squid process must have the read and write permissions on the directory. "Level-1" indicates the number of first-Level subdirectories that can be created under the top-Level Directory. the default value is 16. Similarly, "Level-2" is the number of Level-2 sub-directories that can be created. the default value is 256. Why define so many subdirectories? This is because if there are too few subdirectories, the number of files stored in a sub-directory will be greatly increased, which will also lead to a significant increase in the system's time to find a file, this reduces the overall performance of the system. Therefore, to reduce the number of files in each directory, we must increase the number of directories used. If only the first-level sub-directory is used, the number of sub-directories under the top-level directory is too large, so we use the two-level sub-directory structure.
How can we determine the number of subdirectories required by your system? We can use the formula below to estimate.
Known amount:
DS = total available swap space (unit: KB)/swap space
OS = average size of each object = 20 k
NO = average number of objects stored in each second-level sub-directory = 256
Unknown quantity:
L1 = number of first-level sub-directories
L2 = number of list subdirectories
Calculation formula:
L1 x L2 = DS/OS/NO
Note that this is an indefinite equation and there can be multiple solutions.
* Cache_swap_low (percent, 0-100)
Cache_swap_high (percent, 0-100)
Note: squid uses a large amount of swap space to store objects. After a certain period of time, the swap space will be used up, so you must regularly clear objects lower than a certain horizontal line according to a certain indicator. Squid uses the so-called "least recently used algorithms" (LRU) to do this. When the used swap space reaches cache_swap_high, squid clears the objects whose values are lower than a certain horizontal line according to the LRU calculation. This cleanup continues until the used space reaches cache_swap_low. The two values are expressed in percentages. if you are using a large swap space, we suggest you reduce the gap between the two values, because one percentage point may be several hundred megabytes of space, this will inevitably affect squid performance. Default value:
Cache_swap_low 90
Cache_swap_high 95
* Maximum_object_size
Note: objects larger than this value will not be stored. If you want to increase the access speed, lower this value. if you want to save the bandwidth to the maximum extent and reduce the cost, increase this value. Unit: K. default value:
Maximum_object_size 4096 KB
* Cache_dir Directory-Name Mbytes Level-1 Level2
Note: the specified squid is used to store the size of the object's swap space and its directory structure. You can use multiple cache_dir commands to define multiple such swap spaces, and these swap spaces can be distributed across different disk partitions. "Directory" indicates the top-level directory of the swap space. If you want to use the entire disk as the swap space, you can mount the entire disk as a mount point. The default value is/var/spool/squid. "Mbytes" defines the total amount of available space. Note that the squid process must have the read and write permissions on the directory. "Level-1" indicates the number of first-Level subdirectories that can be created under the top-Level Directory. the default value is 16. Similarly, "Level-2" is the number of Level-2 sub-directories that can be created. the default value is 256. Why define so many subdirectories? This is because if there are too few subdirectories, the number of files stored in a sub-directory will be greatly increased, which will also lead to a significant increase in the system's time to find a file, this reduces the overall performance of the system. Therefore, to reduce the number of files in each directory, we must increase the number of directories used. If only the first-level sub-directory is used, the number of sub-directories under the top-level directory is too large, so we use the two-level sub-directory structure.
How can we determine the number of subdirectories required by your system? We can use the formula below to estimate.
Known amount:
DS = total available swap space (unit: KB)/swap space
OS = average size of each object = 20 k
NO = average number of objects stored in each second-level sub-directory = 256
Unknown quantity:
L1 = number of first-level sub-directories
L2 = number of list subdirectories
Calculation formula:
L1 x L2 = DS/OS/NO
Note that this is an indefinite equation and there can be multiple solutions.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
