Linux Proxy Server Configuration

   SQUID working mechanism and basic functions   Large server site servers are mostly UNIX-type operating systems, it is necessary to understand that Unix.linux inherits all the characteristics of UNIX, so it is necessary to understand Linux. Squid is the most popular proxy server software under Linux, and supports the agent of Http,ftp,gopher,ssl,wais and other protocols; Squid its role is to establish a proxy server with an Internet address, instead of some without a standard IP address (internal address ) and interact with other hosts on the Internet. A machine with an internal address if you want to find information on the Internet, first send this request to a proxy server with a standard IP address, and the proxy server sends the request through its standard IP address to the requested destination address. Then, The server of the target address sends the returned results back to the proxy server, and the proxy server sends the data to the machine that originally had the internal IP address intact. This completes the process of an internal machine accessing the Internet. Several machines with internal addresses make up the intranet, The role of proxy server is to communicate the intranet and the Internet, to solve the problem of intranet access to the Internet. And this proxy is irreversible, and the host on the Internet cannot access any machine with an internal address. This will ensure the security of internal information. Squid not only enables efficient caching of web information, it also supports ftp,gopher,http requests. Squid saves frequently accessed objects in memory, and maintains a robust database of Access objects within the hard disk. Squid also supports the SSL protocol to buffer secure connections and provides sophisticated access control mechanisms. In addition, squid can be cascaded (hierarchically linked) method to connect to another squid-based buffer proxy server for efficient (streamlined) buffering of access pages. Squid can work in many operating systems, such as Aix,unix,freebsd,hp-ux, Linux and so on. Squid on the hardware requirements are, the memory must be large, should not be less than 128MB, the hard disk is best to use the server dedicated SCSI hard disk, CPU requirements are not high, more than 400MHZ can be.  ---------------------------------------------------------------------------------------------  II   Configure Squid for intranet Access internet  routers some specialSign is like a proxy server, all the machines connected to the LAN port of the router can access the Internet via a Internet,wan port that is connected to the modem, and my machine is one of the routers. Here according to my actual situation here to configure the proxy server, implement another LAN to access the internet.  router address: 192.168.5.1, so the router governs the network segment 192.168.5.* (* for 2-254), Do the following on the machine of my Linux operating system .  #netconfig (Enter the network Configuration tool, the first NIC (hereinafter referred to as eth0) to do the following configuration)  ip address:192.168.5.3 (set host IP)  netmask:255.255.255.0 (subnet mask default)  deault gateway (IP): 192.168.5.1 (gateway address)  Primary  nameserver:202.103.24.68 (name server address provided by the telco)   #ifconfig  eth1 up (the second NIC (Eth1, the second NIC must be present) is activated  # ifconfig eth1 192.168.4.1 netmask 255.255.255.0 (set eth1 IP and netmask)   #vi  /etc/ Sysconfig/network-scripts/ifcfg-eth1 (Create a file that records eth1 information, add the following)  device=eth1 (device name)  onboot=yes (connection allowed)   bootproto=static (get IP mode is static, that is, manually set IP)  ipaddr=192.168.4.1 (IP of the network card)  netmask=255.255.255.0 (Mask of the NIC)   gateway=192.168.4.1 (Gateway)   #service  network restart (restart Network Service)   #ifconfig (view network information and see information about eth1)   #ping  www.baidu.com (by eth0 connected to the router to verify that the Internet canCommunication)   #ping  192.168.4.2 (by eth1 to verify that the machine communicates with the 192.168.4 segment, you can change the. 5 segment of a machine to 192.168.4.2 (. 4 segment))   #vi  / etc/squid/squid.conf (edit this file, modify the following)  http_port 192.168.5.3:3128 (remove comment, add eth0 ip,3128 is HTTP default port, can change, But cannot repeat with other program's port number, can view in the/etc/services file)  cache_mgr [email protected]  (Remove the comment and change the value to the Linux administrator's mailbox so that when the client accesses the Internet error, the mailbox can be sent a message stating the problem) Cache_mem (remove comments, modify buffer memory to 170MB, typically host memory 1/3) Cache_dir Ufs/var/spool/squid (UFS is the storage type,/var/spool/squid is the cache data save directory, 16 is the number of first-level directories, 256 is the number of two-level directories, the default setting is maintained) cache_effective _user Squid (remove comment, modify base value for squid user) Cache_dffective_group squid (add this line, set the cached data access user) Http_access allow all (remove comment, change set to allow All, which allows all clients to access) #service squid Restart (restart squid) if some companies have special needs for proxy servers, some cases require a proxy server to host some connection requests. For example, a company headquarters, the need for agents to connect the company's remote room ERP services, through the agent, and access to the Internet is not required, but a company in the local city also has a division between B,a and B is through the VPN interconnection, in order to facilitate the diagram, a company in the headquarters to establish an agent for internal personnel, while this proxy server , also carries the B Division access request, because the VPN between A and b often port, very unstable, this will go to the B Division, unable to connect to the proxy server, resulting in division B, the interruption of the ERP operation. But we can take a solution to this problem. In the B division to establish an agent, let B division through the new agent training class company Room ERP server, at the same time can be between A and B through VPN backup redundancy. This can not only resolve VPN leased line instability resulting in B unreachable, there can be in the VPN normal situation, B division This proxy server down, go to a headquarters proxy server connection ERP. This can solve the VPN instability, but also can be redundant backup.

This article is from the "Xspjcxx" blog, make sure to keep this source http://xspjcxx.blog.51cto.com/8768190/1611555

Linux Proxy Server Configuration