Linux Proxy Server-squid positive proxy experiment, squid positive
1. Introduction to the proxy server squid
Squid cache (Squid for short) is a popular free software (GNU General Public License) proxy server and Web cache Server. Squid has a wide range of uses, from cache-related requests as front cache servers of Web servers to improving the speed of Web servers, to cache the World Wide Web for a group of people to share network resources, domain Name System and other network search, to help network security by filtering traffic, to the LAN through the proxy to access the Internet. Squid is designed to run in Unix systems.
Squid can be used as a proxy or cache.
Squid can be both a forward proxy and a reverse proxy.
Forward proxy, squid is followed by the client, and the client needs to go online through Squid; reverse proxy, squid is followed by the server, and the server needs to go through squid to return data to the user.
Forward proxy is used in enterprise office environments. Employees need to use squid proxy to access the Internet, which can save network bandwidth resources. Reverse Proxy is used to build a cache server for static website items (images, html, streaming media, js, css, etc.). It is used in the website architecture.
2. Lab Objectives
Build a proxy server on the gateway so that the Intranet can access the Internet WEB services (that is, forward proxy) through the proxy server)
3. Experiment Topology
4. Experiment steps
(1) Build an intranet test host and gateway as shown in the topology, so that internal and external networks can Ping each other)
(Reference: http://www.cnblogs.com/liaoyuanyang/p/6749416.html)
(2) build a WEB service on the Internet Test host (not installed by default), and make the Intranet test host and gateway accessible
Intranet test host access to WEB:
Gateway WEB access:
(Reference: http://www.cnblogs.com/liaoyuanyang/p/6750257.html)
(3) install the squid software on the gateway (not installed by default) and configure it
[Root @ lyy ~] # Yum install squid-y // install squid
[Root @ lyy ~] # Gedit/etc/squid. conf // enter the squid configuration file
Modify the configuration file as follows:
[Root @ lyy ~] # Service squid start // start the squid service
[Root @ lyy ~] # Squid-z // initialize the cache directory
(4) configure the firewall for the Gateway
To enable the Intranet test host to use the proxy server, open port 3128 in the firewall rules of the Gateway:
[root@lyy ~]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
(5) set the proxy server in the browser of the Intranet host
Open the Firefox browser -- edit -- preferences -- Advanced -- Network -- settings -- manually configure the proxy
5. Result Testing
Access the WEB again on the Intranet:
Use Wireshark on an Internet Test host to view the message information:
It can be found that the source address is the gateway address, not the Intranet address. This indicates that the proxy server takes effect!