Linux to do proxy server implementation steps
Now use Linux as a proxy service is more and more, I am a piece of cake on this aspect is not know how to find someone to learn. However, someone with money mainly, originally pay also does not matter if can learn something, ability can learn to hand also line.
But some people are too black, unexpectedly want me to 1000+RMB, I a small network management that come so much money, can only grope for oneself. Found on the internet for more than a tutorial, do not succeed, may be the younger brother is too stupid to understand the door of the master did not do a good job, and I found some information about iptables in the net, finally was my research out.
Now I'm going to write my practice and share it with you. May be the simplest way, we do not laugh brother Oh. If the master saw it, please give me a lot of advice. Cut the crap, now get to the point.
Linux as the simplest way to do proxy server, using RedHat9.0 as an example
Find a machine that can install Linux at least two network adapters
1. Install Linux, whether in graphics, or style can be, choose the smallest installation, in the installation can configure the IP and DNS (not set also line), all other default
When installed, enter the prompt
2. After entering the prompt, configure the following network card first:
Eth0 (External network adapter) configuration file The path is:/etc/sysconfig/network-scripts/ifcfg-eth0
Use Vi/etc/sysconfig/network-scripts/ifcfg-eth0 to modify the content of eth0, if installed when the match is not to be matched, check to see if the wrong is not the line.
The content of eth0 is: (note IP is assumed IP, #为注释不用写)
Device=eth0 #硬件设备名
Bootproto=static #配置方式
broadcast=218.28.9.255 #广播地址
Ipaddr=218.28.9.123 #是你的IP地址
netmask=255.255.255.0 #子网掩码
network=218.28.9.0 #整个网段的地址
Onboot=yes #是否启用网卡 (generally default is open)
Eth1 (intranet network card), configuration file path is:/etc/sysconfig/network-scripts/ifcfg-eth1
Modify the contents of eth0 with Vi/etc/sysconfig/network-scripts/ifcfg-eth1
The contents of the eth1 are:
Device=eth1 #硬件设备名
Bootproto=static #配置方式
broadcast=192.168.0.255 #广播地址
ipaddr=192.168.0.1 #是你的IP地址
netmask=255.255.255.0 #子网掩码
network=192.168.0.0 #整个网段的地址
Onboot=yes #是否启用网卡 (generally default is open)
The NIC is configured, you can use Ifconfig to check the network card with the wrong
3. Now to set up the extranet gateway, and ISP provided DNS
The configuration file path for the gateway is/etc/sysconfig/network with VI editing if the installation has been set well this does not have to change.
Content is:
Networking=yes #这个不知道是什么意思默认为yes don't change.
Hostname=rslinux #你的主机名 don't change.
gateway=218.28.9.120 #你的外网网关
Down plus DNS If you install it, you don't have to change it.
The DNS configuration file path is:/etc/resolv.conf with VI Edit
The syntax is:
NameServer 20.2102.224.68 (You can add more)
After all of the above basic work, I can use the route command to check the next road state if read out very smoothly then it is OK.
That's what I do after I'm done.
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
218.28.9.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.255.255.0 U 0 0 0 Lo
Default Hn.pds.kd.ADSL 255.255.255.0 U 0 0 0 eth0
3. Use the iptables to realize the double Nic Nat function, thus realizes the proxy server to surf the net
After the work is done, we modify the sysctl.conf, which is the IP forwarding file. Here we must have IP forwarding to be able to.
sysctl.conf Path is/etc/sysctl.conf
The inside can be written like this:
Net.ipv4.ip_forward=1
Net.ipv4.conf.default.rp_filter=1
Kernel.sysrq=0
4. Final edit rc.local file
Vi/etc/rc.d/rc.local #编辑起动批处理文件, add the following lines to the end of the file
Iptables-f #清除iptables表
Iptables-f-T Nat #清除iptables IP NAT Table
Iptables-t nat-a postrouting-o eth0-s 192.168.0.0/24-j Masquerade #把内网ip伪装为外网的以至接通internet
Echo 1>/proc/sys/net/ipv4/ip_forward #启动ip中转功能.
By this, the proxy server can be used after restarting the machine.
If you do not want to load so many services can be used NTSYSV command to remove the service only leave the Iptables service and networks services, the other services to remove all the hooks.
Note: Please pay attention to the above case, write wrong is not used