I. background:
A dual-nic Server is installed with Ubuntu Server 12.04. The eth0 is empty, eth1 is connected to the LAN, IP address 192.168.1.1/24, and a Broadband Router is connected first.
Ii. Squid3
Try to install the latest Squid3.3 in the source code. If you encounter many problems, try 3.1.19 In Ubuntu.
$ Sudo apt-get install squid3
The configuration file is in/etc/squid3/squid. conf, this configuration file contains detailed descriptions, a total of more than 5700 lines, back up a copy to study it carefully, and then search from Baidu, Bing, and Google, finally, the configuration file is as follows:
Acl alldst all
Acl manager proto cache_object
Acl localhost src 127.0.0.1/32: 1
Acl to_localhost dst 127.0.0.0/8 0.0.0.0/32: 1
Acl localnet src 192.168.1.0/16 # modified
Acl SSL_ports port 443
Acl Safe_ports port 80 # http
Acl Safe_ports port 21 # ftp
Acl Safe_ports port 443 # https
Acl Safe_ports port 70 # gopher
Acl Safe_ports port 210 # wais
Acl Safe_ports port 1025-65535 # unregistered ports
Acl Safe_ports port 280 # http-mgmt
Acl Safe_ports port 488 # gss-http
Acl Safe_ports port 591 # filemaker
Acl Safe_ports port 777 # multiling http
Acl CONNECT method CONNECT
Forwarded_for delete # modified. Otherwise, the remote server receives the HTTP header data (X_Forwarded_for) containing the Intranet IP address)
Acl_uses_indirect_client on
Delay_pool_uses_indirect_client on
Http_access allow manager localhost
Http_access deny manager
Http_access deny! Safe_ports
Http_access deny CONNECT! SSL_ports
Http_access allow localnet # modified
Http_port 192.168.1.1: 3128 # modified
Cache_mem 1024 MB # set the condition on your own.
Maximum_object_size_in_memory 2048 KB # maximum memory cache object.
Cache_dir ufs/opt/cache 200000 16 256 #/opt is an independent partition with 240 GB allocated for cache.
Coredump_dir/var/spool/squid3
Logformat custcommon %> a [% tl] % 3> Hs % 8 Access_log/var/log/squid3/access. log custcommon
# Logformat squid % ts. % 03tu % 6tr %> a % Ss/% 03> Hs % # Access_log/var/log/squid3/access. log squid
# The default log format is modified here to facilitate reading.
# Original format 1361289819.737 21 192.168.1.100 TCP_DENIED/403 4295 GET http://askubuntu.com/tags-NONE/-text/html
# New lattice 192.168.1.100 [21/Feb/2013: 13: 29: 45 + 0800] 200 13813 TCP_MISS: direct get "http://common.cnblogs.com/editor/tiny_mce/plugins/insertCode/images/insertCode.gif" image/gif
#
# Add any of your own refresh_pattern entries above these.
Refresh_pattern ^ ftp: 1440 20% 10080
Refresh_pattern ^ gopher: 1440 0% 1440
Refresh_pattern-I (/cgi-bin/| \?) 0 0% 0
Refresh_pattern (Release | Packages(.gz) *) $0 20%
# Example lin deb packages
# Refresh_pattern (\. deb | \. udeb) $129600 100%
Refresh_pattern. 0 20% 4320
Intranet Firefox sets proxy 192.168.1.1: 3128 the Internet is normal!
Iii. PPPOE
1. Install and set
$ Sudo apt-get install pppoe
Remove the Broadband Router and connect the broadband CAT directly to eth0.
$ Sudo pppoeconf
When you enter the wizard installation mode, the answer is yes, especially when the automatic connection is started, and then fill in the broadband user name and password, the ADSL connection is set up. Instructions for manual management of ADSL are as follows:
$ Ifconfig ppp0 # view the ADSL connection status
$ Sudo pon dsl-provider # connect to ADSL manually
$ Sudo poff # manually disconnect ADSL
$ Sudo plog # view the ADSL connection log. Only the last connection is displayed.
2. DNS
DNS settings can be set to get from ISP in the pppoeconf wizard. If you prefer to set your own DNS
$ Sudo vi/etc/resolv. conf
Nameserver 8.8.8.8
3. network interface. Note: The content starting with auto dsl-provider is added by the pppoeconf Wizard:
$ Cat/etc/network/interfaces
# This file describes the network interfaces available on your system
# And how to activate them. For more information, see interfaces (5 ).
# The loopback network interface
Auto lo
Iface lo inet loopback
Auto eth1
Iface eth1 inet static
Address 192.168.1.1
Netmask 255.255.255.0
Network 192.168.1.0
Broadcast 192.168.1.255
# Gateway 192.168.1.254
Dns-nameservers 8.8.8.8
Dnd-search domain.com
Auto dsl-provider
Iface dsl-provider inet ppp
Pre-up/sbin/ifconfig eth0 up # line maintained by pppoeconf
Provider dsl-provider
Auto eth0
Iface eth0 inet manual
4. Automatic redial of ADSL disconnection. Find the following lines in the/etc/ppp/options file:
# Do not exit after a connection is terminated; instead try to reopen
# The connection.
# Persist
Remove "#" before # persist, try to disconnect ADSL, restart the network, unplug the ADSL network cable, and then plug in again for a moment. ADSL will be reconnected soon. Is this time ,,, a little long.
Iv. Iptables
Iptables is installed in Ubuntu, but iptables is not started by default, and iptables is not set as a service like RHEL/CentOS. Copy an iptables configuration file from Centos and modify the file as follows:
# Copied from Centos6
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
-A input-m state -- state ESTABLISHED, RELATED-j ACCEPT
-A input-p icmp-j ACCEPT
-A input-I lo-j ACCEPT
-A input-m state-s 192.168.1.0/24 -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT # Only allow intranet connection to ssh
-A input-m state-s 192.168.1.0/24 -- state NEW-m tcp-p tcp -- dport 3128-j ACCEPT # Only allow intranet connection to the proxy service
-A input-j REJECT -- reject-with icmp-host-prohibited
-A forward-j REJECT -- reject-with icmp-host-prohibited
COMMIT
Edit the network configuration file and add a sentence to the configuration file of the corresponding Nic.
Pre-up iptables-restore/etc/iptables
My configuration is as follows:
$ Sudo vi/etc/network/interfaces
Auto dsl-provider
Iface dsl-provider inet ppp
Pre-up/sbin/ifconfig eth0 up # line maintained by pppoeconf
Pre-up iptables-restore/etc/iptables
Provider dsl-provider
Restart the network
$ Sudo/etc/init. d/networking restart
Test with nmap:
Before configuring iptables
Nmap scan report for 113.227.36.81
Host is up (0.25 s latency ).
Not shown: 992 closed ports
PORT STATE SERVICE
22/tcp open ssh
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1025/tcp filtered NFS-or-IIS
1434/tcp filtered ms-SQL-m
4444/tcp filtered krb524
After
Nmap scan report for 113.227.56.133
Host is up (0.48 s latency ).
Not shown: 999 filtered ports
PORT STATE SERVICE
113/tcp closed auth
Nmap scan report for 192.168.1.1
Host is up (0.00022 s latency ).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3128/tcp open squid-http
Intranet Firefox sets proxy 192.168.1.1: 3128 the Internet is normal!
Next, try transparent proxy ~~~~~
Reference: http://www.linuxidc.com/Linux/2010-04/25301.htm
Configure Squid proxy http and rsync http://www.linuxidc.com/Linux/2013-05/84642.htm
Linux Firewall iptables detailed explanation of usage rules http://www.linuxidc.com/Linux/2012-08/67952.htm
Squid: high-speed Web Access http://www.linuxidc.com/Linux/2013-04/83512.htm
CentOS 6.2 compilation and installation Squid configuration reverse proxy server http://www.linuxidc.com/Linux/2012-11/74529.htm
Simple configuration of Squid proxy and reverse proxy http://www.linuxidc.com/Linux/2014-04/99465.htm
CentOS 6.4 DNS + Squid + Nginx + MySQL to build a high availability Web Server http://www.linuxidc.com/Linux/2014-04/99984.htm
Squid: Click here
Squid: Click here
For more information about Ubuntu, see Ubuntu special page http://www.linuxidc.com/topicnews.aspx? Tid = 2
This article permanently updates the link address: Http://www.linuxidc.com/Linux/2014-09/107371.htm
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
