Linux Proxy Server Configuration

the working mechanism and basic function of squid 
Large server sites are mostly Unix-type operating systems, and it's important to understand that Unix.linux inherits all the features of Unix, so it's important to know about Linux. Squid is the most popular proxy server software under Linux, supporting the agent of Http,ftp,gopher,ssl,wais and other protocols;squid Its role is to establish a proxy server with an Internet address, instead of some machines that do not have a standard IP address (internal address) and deal with other hosts on the Internet. Machines with internal addresses if you want to find information on the Internet, Send this request to a proxy server with a standard IP address, and the proxy server sends the request through its standard IP address to the requested destination address. Then, the destination address of the server sends back the result to the proxy server, The proxy server then sends the data intact to the machine that originally had the internal IP address. This completes the process of an internal machine accessing the Internet. Several machines with internal addresses make up the intranet, and the role of proxy servers is to communicate the intranet and the Internet. Troubleshoot intranet access to the Internet. And this proxy is irreversible, the Internet host can not access any of the internal address of the machine, so that can guarantee the security of internal information. Squid not only realizes the efficient buffering of web information, but also supports FTP, Gopher,http request. Squid stores frequently accessed objects in memory and maintains a robust access object database within the hard disk. Squid also supports SSL protocol to buffer secure connections and provides sophisticated access control mechanisms. In addition, squid can be cascaded ( Hierarchically Linked) method to connect to another squid-based buffer proxy server for efficient (streamlined) buffering of access pages. Squid can work in many operating systems, such as AIX,UNIX,FREEBSD, Hp-ux,linux, etc. squid on the hardware requirements are, the memory must be large, should not be less than 128MB, the hard disk is best to use the server dedicated SCSI hard disk, CPU requirements are not high, more than 400MHZ can be. 
--------------------------------------------------------------------------------------------- 
Two configure Squid to enable intranet access to the Internet 
Router Some features are like a proxy server, will be connected to the router LAN port of all the machine can through it has a non-flocculation access to the Internet,wan port to connect to the modem to access the Internet, my machine is connected to one of the routers, Here according to my actual situation here to configure the proxy server to implement another LAN to access the Internet.
Router Address: 192.168.5.1, so the network segment that the router governs 192.168.5.* (* stands for 2-254), do the following on the machine of my Linux operating system. 
#netconfig (Enter the network Configuration tool to make the following configuration for the first NIC (hereinafter referred to as eth0) 
IP address:192.168.5.3 (set host IP) 
netmask:255.255.255.0 (Subnet mask default) 
Deault Gateway (IP): 192.168.5.1 (gateway address) 
Primary nameserver:202.103.24.68 (name server address provided by telco) 
#ifconfig eth1 Up (activates the second NIC (Eth1, the second NIC must be present)) 
#ifconfig eth1 192.168.4.1 netmask 255.255.255.0 (set eth1 IP and netmask) 
#vi/etc/sysconfig/network-scripts/ifcfg-eth1 (Create a file that records eth1 information, add the following) 
device=eth1 (device name) 
Onboot=yes (allow connection) 
bootproto=static (Get IP mode is static, that is, manually set the IP) 
ipaddr=192.168.4.1 (IP of the network card) 
netmask=255.255.255.0 (netmask for NIC) 
gateway=192.168.4.1 (Gateway) 
#service Network Restart (restart Web service) 
#ifconfig (View network information, you will see eth1 information) 
#ping www.baidu.com (verify that you can communicate with the Internet by eth0 connected to the router) 
#ping 192.168.4.2 (by eth1 to verify that the machine communicates with the 192.168.4 segment, you can change a machine in the. 5 segment to 192.168.4.2 (. 4 segment)) 
#vi/etc/squid/squid.conf (edit this file, modify the following) 
http_port 192.168.5.3:3128 (Remove comments, add eth0 ip,3128 is the default HTTP port, can be changed, but not with the other program's port number, can be viewed in the/etc/services file) 
cache_mgr [email protected](remove the comment, change the value to the Linux administrator's mailbox so that the client access to the Internet error, you can send an email to the mailbox to explain the problem) 
cache_mem MB (Remove comments, modify buffer memory to 170MB, typically host memory 1/3) 
Cache_dir Ufs/var/spool/squid (UFS is the storage type,/var/spool/squid is the cache data save directory, 16 is the number of first-level directories, 256 is the number of two-level directories, where the default setting)  
cache_effective_user Squid (remove comments, modify base value for squid users) 
cache_dffective_group Squid (add this line of content, set the cached data access users) 
http_access Allow all (remove comment, change set to let all, which allows all clients to access) 
#service squid Restart (restart squid) 

If some companies have special requirements for proxy servers, there are cases where a proxy server is required to host some connection requests. For example, a company headquarters, the need for agents to connect the company's remote room ERP services, through the agent, and access to the Internet is not required, but a company in the local city also has a division between B,a and B is through the VPN interconnection, in order to facilitate the diagram, a company in the headquarters to establish an agent for internal personnel, while this proxy server , also carries the B Division access request, because the VPN between A and b often port, very unstable, this will go to the B Division, unable to connect to the proxy server, resulting in division B, the interruption of the ERP operation. But we can take a solution to this problem. In the B division to establish an agent, let B division through the new agent training class company Room ERP server, at the same time can be between A and B through VPN backup redundancy. This can not only resolve VPN leased line instability resulting in B unreachable, there can be in the VPN normal situation, B division This proxy server down, go to a headquarters proxy server connection ERP. This can solve the VPN instability, but also can be redundant backup.

This article is from the "Xspjcxx" blog, make sure to keep this source http://xspjcxx.blog.51cto.com/8768190/1611549

Linux Proxy Server Configuration