In linux, iptables proxy is used for Internet access. 1. Gateway/proxy server (proxyserver) iptables: the firewall software iptables in linux has two features: 1, firwall2, nat address translation rpm-qa | grepiptablesiptables-1.2.11-3.1.RHEL4serviceiptalbesstar in linux
IptablesProxy surfing
1. Gateway/proxy server)
Iptables: firewall software in linux
Iptables has two functions: 1. firwall
2. nat address translation
Rpm-qa | grep iptables
Iptables-1.2.11-3.1.RHEL4
Service iptalbes start
Iptables has two tables: 1. when you use the filter table, it is regarded as a firewall.
2. when you use a nat table, it considers you as a proxy for Internet access.
Iptables-t nat-L
Below the nat table is the Chain)
1. PREROUTING
2. POSTROUTING
3. OUTPUT
Iptables-t nat-A (add) POSTROUTING (add a postrouting chain)-s202.106.20.0/24 (which network segment is active/which computers are going online)-j (perform an action) MASQUERADE (IP address disguise)
Target
Prot
Source
Destination
Echo "1">/proc/sys/net/ipv4/ip_forward
To enable the proxy to access the internet permanently, we need to write a script (executable file) in linux)
All scripts are stored in cd/bin.
Cd/bin
Touch daili
Chmod a + x daili
Vi daili
#! /Bin/bash
Adsl-stop
Adsl-start
Route add default ppp0
Iptables-t nat-F
Iptables-t filter-F
Echo "1">/proc/sys/net/ipv4/ip_forward
Iptables-t nat-a postrouting-s 202.106.20.0/24-j MASQUERADE
Iptables-t nat-a postrouting-s 192.168.0.0/24-j MASQUERADE
If you want to automatically drive the following machine to access the Internet at every boot, execute the following command:
Vi/etc/rc. local
Write/bin/daili to rc. local.
(Note: The Gateway of the nat client points to the ip address of the computer used as a proxy to access the Internet)
Squid proxy (cache proxy)
Port: tcp 3128
Rpm-qa | grep squid
Squid-2.5.STABLE6-3
Vi/etc/squid. conf
Http_port 3128
Cache_mem 8 MB
Cache_dir ufs/var/spool/squid 100 16 256
(100 is the amount of 256 MB that can be stored in this directory. this can be changed. it will create 16 sub-directories in this directory to store webpages, and sub-directories will be created under 16 sub-directories)
Acl LAN1 src 202.106.20.0/24
Acl LAN2 src 192.168.0.0/24
Http_access allow localhost LAN1 LAN2
Http_access deny
Squid-z
Service squid start
(Note: the squid client needs to set the ip address of the proxy server under the LAN connection settings in Internet options in IE browser and the squid port 3128)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
