Linux intranet machine Access external network proxy settings __linux

Source: Internet
Author: User
Tags curl gpg sqlite

Abstract: Companies generally for security reasons, in the same LAN only one machine can access the extranet, operational dimensions of the overall restrictions, but in the later work, need to install some software on the machine, and commands, so other machines need to access the extranet to simplify the work, but can not disrupt the original operation of the maintenance of the setting, So you need to be an agent on a machine that can access the extranet.

The first step, two steps are in the ability to access the external network of the machine operation, the third step is not able to access the extranet machine operation.
1, check the machine
In the operation found that access to the extranet machine itself can not use the Yum installation software, it is necessary to configure the Yum installation source. If you can, this step can be ignored.

[Root@localhost test]# lsb_release-a
lsb Version:    : Core-4.0-amd64:core-4.0-ia32:core-4.0-noarch: GRAPHICS-4.0-AMD64:GRAPHICS-4.0-IA32:GRAPHICS-4.0-NOARCH:PRINTING-4.0-AMD64:PRINTING-4.0-IA32: Printing-4.0-noarch
distributor Id:redhatenterpriseserver
Description:    Red Hat Enterprise Linux Server Release 5.7 (tikanga) release
:        5.7
codename:       tikanga
[root@localhost test]#-CD/ETC/YUM.REPOS.D /
[root@localhost test]# wget Http://
The files obtained in the intermediate wget need to modify the $releasever to 5

# Centos-base.repo # The Mirror system uses the connecting IP address of the client and the ' # Update status of each MIRR  or to pick mirrors which are updated to and # geographically close to the client.
You are should use this for CentOS updates # unless to are manually other picking.
# # If The mirrorlist= does not work for your, as a fall back you can try the # remarked out Baseurl= line instead. # [Base] baseurl=$basearch/#mirrorlist =http:// $basearch &repo=os gpgcheck=1 gpgkey= centos/rpm-gpg-key-centos-5 #released Updates [updates] baseurl= m/centos/5/updates/$basearch/#mirrorlist = $basearch &repo= Updates gpgcheck=1 gpgkey= #packages used/produced in the build But not released [addONS] baseurl=$basearch/#mirrorlist =http:// $basearch &repo=addons gpgcheck=1 gpgkey= Centos/rpm-gpg-key-centos-5 #additional packages to useful [extras] Baseurl=htt p://$basearch/#mirrorlist =$ Basearch&repo=extras gpgcheck=1 gpgkey= #additional Packages that extend functionality of existing packages [Centosplus] baseurl=http://mirrors$basearch/#mirrorlist = $basearch &repo=centosplus gpgcheck=1 enabled=0 gpgkey= #contrib- Packages by Centos Users [contrib] Baseurl=$basearch/#mirrorlist = $basearch &repo=contrib gpgcheck=1 enabled=0 gpgkey=
Yum Clean all clears the original cache
Yum List get Yum lists
If the list data appears as follows this setting succeeds

Sqlite-devel.i386 3.3.6-7                                                                          Base sqlite-devel.x86_64 3.3.6-7 Base Squashfs-too                                                                     Ls.x86_64 3.0-4                                                                          Base Squirrelmail.noarch                                                                              1.4.8-21.el5.centos Base srptools.x86_64                                                              0.0.4-10.el5                                                                                  Base sssd.x86_64          1.5.1-70.el5                                                    Base sssd-client.i386 1.5.1-70.el5 Base sssd-                                                              Client.x86_64 1.5.1-70.el5                                                                            Base sssd-tools.x86_64
 1.5.1-70.el5 Base

2. Install Squid
Squid Introduction and its simple configuration
Front ready Yum command, can be installed directly online

Yum Install Squid
After the installation is complete, Cd/etc/squid/, modify the contents of the squid.conf file, before you modify it, you can back up the file first:
CP squid.conf Squid.conf_bak
It then finds http_access deny all in the file and modifies it to http_access allow all to indicate that all users can access the agent.
and find Http_port 3128 modified to http_port here IP and port is Squid's proxy IP and port,
This IP is able to access the IP address of the extranet machine, if it is the local, you can not modify the address, the following start Squid agent

[Root@localhost squid]# squid-k parse
[root@localhost squid]# 
[root@localhost squid]#] [ 
root@localhost squid]# squid-z
2014/07/22 14:43:01| Creating Swap directories
[root@localhost squid]# 
[root@localhost squid]# 
[root@localhost squid]# Service squid start
starting squid:                                            [  OK  ]
[root@localhost squid]# 
[root@localhost squid ]# 
[root@localhost squid]# 
[root@localhost squid]# netstat-nltp
Active Internet connections (only servers)
Proto recv-q send-q Local address               Foreign address             State       pid/program name   
TCP        0      0       *                   LISTEN      4341/portmap        
tcp        0      0      *                   LISTEN      22862/(squid)       
tcp        0      0       *                   LISTEN      4426/rpc.statd

3, configuration can not access the external network of machine agents
Set up a proxy machine to access the external network in other intranet machines that require access to the extranet
Export http_proxy=

The effect of export only to this landing operation, not global, detailed content can refer to: Linux environment variable Export command detailed

This allows the intranet machine that cannot access the external network to access the external network through the machine that can access the extranet, to facilitate the installation of some software, commands and other operations.

4, testing

Execute on the configured intranet machine: Curl, the following content is the access network success:

[cosw@platdevsxyd01 ~]$ Curl <! DOCTYPE html> <!--STATUS ok--> 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.