Build Squid Proxy Server
Prepare the environment:
Client: 192.168.118.4
Squid Proxy Server: 192.168.118.3 (intranet IP) 1.1.1.1 (Internet IP)
Web server: 1.1.1.2
Goal: the client accesses the Web server through the Squid Proxy Server
I. Common proxy
1. First, shut down the firewalls of each host, and then implement intercommunication between the squid server and the other two machines.
2. Build an HTTP service for the Web Server
[[Email protected] ~] # Yum-y install httpd
[[Email protected] ~] # Service httpd start
[[Email protected] ~] # Cd/var/www/html/
[[Email protected] HTML] # echo "it is work"> index.html
Test whether access is successful
[[Email protected] HTML] # elinks -- dump 1.1.1.2
3. Install the squid service on the server
[[Email protected] ~] # Yum-y install squid
[[Email protected] ~] # Service squid start
[[Email protected] ~] # Cd/etc/squid/
[[Email protected] SQUID] # mv squid. conf squid. conf. Bak
[[Email protected] SQUID] # grep-ve "^ $ | ^ #" squid. conf. Bak> suqid. conf
[[Email protected] SQUID] # Vim squid. conf
Modify to allow access from all hosts
Http_access allow all
Add cache directory and advanced cache directory
Cache_dir ufs/var/spool/squid 100 16 256
Cache_mem 64 MB
[[Email protected] SQUID] # service squid restart
Test web server access
[[Email protected] SQUID] # elinks -- dump 1.1.1.2
4. Set the client browser
Taking Firefox as an Example
Preference-advanced-Network-settings-manually configure proxy-HTTP Proxy: 192.168.118.3 port: 3128
Then access web server 1.1.1.2 through a browser
Ii. Transparent proxy
1. It must be a gateway host in the network.
2. the Firewall Service and the Firewall Service must run on the same server.
3. Modify the squid Server
[[Email protected] SQUID] # Vim/etc/squid. conf
Modify
Http_port 3128 transparent
[[Email protected] SQUID] # service squid restart
Stop squid:. [OK]
Start squid:. [OK]
4. Modify firewall rules
[[Email protected] SQUID] # service iptables start
[[Email protected] SQUID] # iptables-T Nat-A prerouting-s 192.168.118.0/24-I eth0-P TCP -- dport 80-J redirect -- to-ports 3128
View firewall rules
[[Email protected] SQUID] # iptables-T nat-l
Save firewall rules
[[Email protected] SQUID] # service iptables save
5. Modify the client
Cancel browser proxy
Set the gateway to the IP address of the squid Server
[[Email protected] ~] # Route add default GW 192.168.118.3
[[Email protected] ~] # Route-n
Test web server access
[[Email protected] ~] # Elinks -- dump 1.1.1.2
Iii. Access Control List
1. implemented based on transparent transmission
2. modify the configuration file of the squid server host
3. [[email protected] ~] # Vim/etc/squid. conf
Add the following
ACL pc22 SRC 192.168.118.22/32 // declare an address whose source address is 192.168.118.22
ACL no_time time mtwhf-// declare a time period from to every day from Monday to Friday
ACL no_nodamin dstdomain Baidu.com QQ.com // declare two domains
ACL no_url urlpath_regex-I \. MP3 $ \. MP4 $ // declare two URL addresses: Music address and movie address.
ACL mynet SRC 192.168.118.0/24 // define a network segment
Http_access deny pc22 // reject access to the Internet from 192.168.118.22
Http_access deny mynet no_time no_nodamin no_url // reject the IP address range 192.168.118.0 for accessing the specified website and URL within the specified time range
Http_access allow mynet // allow access from all hosts in This CIDR Block
Modify
Http_access deny all // Deny Access From All Hosts
[[Email protected] ~] # Service squid restart
4. Verify the Intranet Client
[[Email protected] ~] # Elinks -- dump 1.1.1.2
Modify IP Address
[[Email protected] ~] # Ifconfig eth0 192.168.118.22
[[Email protected] ~] # Elinks -- dump 1.1.1.2
Access Error found
It can be concluded that the squid ACL Configuration takes effect.
Iv. Reverse Proxy
Use an intranet host as a Web server for access from an Internet host
1. Configure the following on the host whose Intranet Client IP address is 192.168.1.4
Install HTTP service
[[Email protected] ~] # Yum-y install httpd
[[Email protected] ~] # Vim/etc/httpd/CONF/httpd. conf
Add the following domain name-based VM
Namevirtualhost *: 80
<Virtualhost *: 80>
Servername www.tarena.com
DocumentRoot/var/www/html
</Virtualhost>
<Virtualhost *: 80>
Servername bbs.tarena.com
DocumentRoot/BBS
</Virtualhost>
Create a VM Home Page
[[Email protected] ~] # Echo "<center>
[[Email protected] ~] # Mkdir/BBS
[[Email protected] ~] # Echo "bbs.tarena.com">/BBS/index.html
Restart service
[[Email protected] ~] # Service httpd restart
Add domain name resolution
[[Email protected] BBS] # Vim/etc/hosts
Add
192.168.118.4 www.tarena.com WWW
192.168.118.4 bbs.tarena.com BBS
Verify that the VM can be accessed correctly
[[Email protected] BBS] # elinks -- dump www.tarena.com
Inside-Web
[[Email protected] BBS] # elinks -- dump bbs.tarena.com
Bbs.tarena.com
2. Modify the squid host configuration file
[[Email protected] ~] # Vim/etc/squid. conf
Modify
Http_access allow all
Http_port 80 vhost
Add
Cache_peer 192.168.118.4 parent 80 0 originserver
Restart service
[[Email protected] ~] # Service squid restart
3. Modify the host whose Internet IP address is 1.1.1.2
Add domain name resolution
[[Email protected] ~] # Vim/etc/hosts
Add
1.1.1.1 www.tarena.com WWW
1.1.1.1 bbs.tarena.com BBS
Verify
[[Email protected] ~] # Elinks -- dump www.tarena.com
Inside-Web
[[Email protected] ~] # Elinks -- dump bbs.tarena.com
Bbs.tarena.com
Can I access the web of an Intranet host successfully?
Build Squid Proxy Server