Abstract: Companies generally for security reasons, in the same LAN only one machine can access the extranet, operational dimensions of the overall restrictions, but in the later work, need to install some software on the machine, and commands, so other machines need to access the extranet to simplify the work, but can not disrupt the original operation of the maintenance of the setting, So you need to be an agent on a machine that can access the extranet.
The first step, two steps are in the ability to access the external network of the machine operation, the third step is not able to access the extranet machine operation.
1, check the machine
In the operation found that access to the extranet machine itself can not use the Yum installation software, it is necessary to configure the Yum installation source. If you can, this step can be ignored.
[Root@localhost test]# lsb_release-a
lsb Version: : Core-4.0-amd64:core-4.0-ia32:core-4.0-noarch: GRAPHICS-4.0-AMD64:GRAPHICS-4.0-IA32:GRAPHICS-4.0-NOARCH:PRINTING-4.0-AMD64:PRINTING-4.0-IA32: Printing-4.0-noarch
distributor Id:redhatenterpriseserver
Description: Red Hat Enterprise Linux Server Release 5.7 (tikanga) release
: 5.7
codename: tikanga
[root@localhost test]#-CD/ETC/YUM.REPOS.D /
[root@localhost test]# wget Http://mirrors.163.com/.help/CentOS5-Base-163.repo
The files obtained in the intermediate wget need to modify the $releasever to 5
# Centos-base.repo # The Mirror system uses the connecting IP address of the client and the ' # Update status of each MIRR or to pick mirrors which are updated to and # geographically close to the client.
You are should use this for CentOS updates # unless to are manually other picking.
# # If The mirrorlist= does not work for your, as a fall back you can try the # remarked out Baseurl= line instead. # [Base] name=centos-5-base-163.com baseurl=http://mirrors.163.com/centos/5/os/$basearch/#mirrorlist =http:// Mirrorlist.centos.org/?release=5&arch= $basearch &repo=os gpgcheck=1 gpgkey=http://mirror.centos.org/ centos/rpm-gpg-key-centos-5 #released Updates [updates] name=centos-5-updates-163.com baseurl=http://mirrors.163.co m/centos/5/updates/$basearch/#mirrorlist =http://mirrorlist.centos.org/?release=5&arch= $basearch &repo= Updates gpgcheck=1 gpgkey=http://mirror.centos.org/centos/rpm-gpg-key-centos-5 #packages used/produced in the build But not released [addONS] name=centos-5-addons-163.com baseurl=http://mirrors.163.com/centos/5/addons/$basearch/#mirrorlist =http:// Mirrorlist.centos.org/?release=5&arch= $basearch &repo=addons gpgcheck=1 gpgkey=http://mirror.centos.org/ Centos/rpm-gpg-key-centos-5 #additional packages to useful [extras] name=centos-5-extras-163.com Baseurl=htt p://mirrors.163.com/centos/5/extras/$basearch/#mirrorlist =http://mirrorlist.centos.org/?release=5&arch=$ Basearch&repo=extras gpgcheck=1 gpgkey=http://mirror.centos.org/centos/rpm-gpg-key-centos-5 #additional Packages that extend functionality of existing packages [Centosplus] name=centos-5-plus-163.com baseurl=http://mirrors .163.com/centos/5/centosplus/$basearch/#mirrorlist =http://mirrorlist.centos.org/?release=5&arch= $basearch &repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/rpm-gpg-key-centos-5 #contrib- Packages by Centos Users [contrib] name=centos-5-contrib-163.com Baseurl=http://mirrors.163.com/centos/5/contrib/$basearch/#mirrorlist =http://mirrorlist.centos.org/?release=5&arch= $basearch &repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/rpm-gpg-key-centos-5
Yum Clean all clears the original cache
Yum List get Yum lists
If the list data appears as follows this setting succeeds
Sqlite-devel.i386 3.3.6-7 Base sqlite-devel.x86_64 3.3.6-7 Base Squashfs-too Ls.x86_64 3.0-4 Base Squirrelmail.noarch 1.4.8-21.el5.centos Base srptools.x86_64 0.0.4-10.el5 Base sssd.x86_64 1.5.1-70.el5 Base sssd-client.i386 1.5.1-70.el5 Base sssd- Client.x86_64 1.5.1-70.el5 Base sssd-tools.x86_64
1.5.1-70.el5 Base
2. Install Squid
Squid Introduction and its simple configuration
Front ready Yum command, can be installed directly online
Yum Install Squid
After the installation is complete, Cd/etc/squid/, modify the contents of the squid.conf file, before you modify it, you can back up the file first:
CP squid.conf Squid.conf_bak
It then finds http_access deny all in the file and modifies it to http_access allow all to indicate that all users can access the agent.
and find Http_port 3128 modified to http_port 192.168.3.171:3128 here IP and port is Squid's proxy IP and port,
This IP is able to access the IP address of the extranet machine, if it is the local, you can not modify the address, the following start Squid agent
[Root@localhost squid]# squid-k parse
[root@localhost squid]#
[root@localhost squid]#] [
root@localhost squid]# squid-z
2014/07/22 14:43:01| Creating Swap directories
[root@localhost squid]#
[root@localhost squid]#
[root@localhost squid]# Service squid start
starting squid: [ OK ]
[root@localhost squid]#
[root@localhost squid ]#
[root@localhost squid]#
[root@localhost squid]# netstat-nltp
Active Internet connections (only servers)
Proto recv-q send-q Local address Foreign address State pid/program name
TCP 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4341/portmap
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 22862/(squid)
tcp 0 0 0.0.0.0:792 0.0.0.0:* LISTEN 4426/rpc.statd
3, configuration can not access the external network of machine agents
Set up a proxy machine to access the external network in other intranet machines that require access to the extranet
Export http_proxy=http://192.168.3.171:3128
The effect of export only to this landing operation, not global, detailed content can refer to: Linux environment variable Export command detailed
This allows the intranet machine that cannot access the external network to access the external network through the machine that can access the extranet, to facilitate the installation of some software, commands and other operations.
4, testing
Execute on the configured intranet machine: Curl www.baidu.com, the following content is the access network success:
[cosw@platdevsxyd01 ~]$ Curl www.baidu.com <! DOCTYPE html> <!--STATUS ok-->