Linux Proxy server implementation steps

Linux to do proxy server implementation steps

Now use Linux as a proxy service is more and more, I am a piece of cake on this aspect is not know how to find someone to learn. However, someone with money mainly, originally pay also does not matter if can learn something, ability can learn to hand also line.

But some people are too black, unexpectedly want me to 1000+RMB, I a small network management that come so much money, can only grope for oneself. Found on the internet for more than a tutorial, do not succeed, may be the younger brother is too stupid to understand the door of the master did not do a good job, and I found some information about iptables in the net, finally was my research out.

Now I'm going to write my practice and share it with you. May be the simplest way, we do not laugh brother Oh. If the master saw it, please give me a lot of advice. Cut the crap, now get to the point.

Linux as the simplest way to do proxy server, using RedHat9.0 as an example

Find a machine that can install Linux at least two network adapters

1. Install Linux, whether in graphics, or style can be, choose the smallest installation, in the installation can configure the IP and DNS (not set also line), all other default

When installed, enter the prompt

2. After entering the prompt, configure the following network card first:

Eth0 (External network adapter) configuration file The path is:/etc/sysconfig/network-scripts/ifcfg-eth0

Use Vi/etc/sysconfig/network-scripts/ifcfg-eth0 to modify the content of eth0, if installed when the match is not to be matched, check to see if the wrong is not the line.

The content of eth0 is: (note IP is assumed IP, #为注释不用写)

Device=eth0 #硬件设备名

Bootproto=static #配置方式

broadcast=218.28.9.255 #广播地址

Ipaddr=218.28.9.123 #是你的IP地址

netmask=255.255.255.0 #子网掩码

network=218.28.9.0 #整个网段的地址

Onboot=yes #是否启用网卡 (generally default is open)

Eth1 (intranet network card), configuration file path is:/etc/sysconfig/network-scripts/ifcfg-eth1

Modify the contents of eth0 with Vi/etc/sysconfig/network-scripts/ifcfg-eth1

The contents of the eth1 are:

Device=eth1 #硬件设备名

Bootproto=static #配置方式

broadcast=192.168.0.255 #广播地址

ipaddr=192.168.0.1 #是你的IP地址

netmask=255.255.255.0 #子网掩码

network=192.168.0.0 #整个网段的地址

Onboot=yes #是否启用网卡 (generally default is open)

The NIC is configured, you can use Ifconfig to check the network card with the wrong

3. Now to set up the extranet gateway, and ISP provided DNS

The configuration file path for the gateway is/etc/sysconfig/network with VI editing if the installation has been set well this does not have to change.

Content is:

Networking=yes #这个不知道是什么意思默认为yes don't change.

Hostname=rslinux #你的主机名 don't change.

gateway=218.28.9.120 #你的外网网关

Down plus DNS If you install it, you don't have to change it.

The DNS configuration file path is:/etc/resolv.conf with VI Edit

The syntax is:

NameServer 20.2102.224.68 (You can add more)

After all of the above basic work, I can use the route command to check the next road state if read out very smoothly then it is OK.

That's what I do after I'm done.

192.168.0.0 * 255.255.255.0 U 0 0 0 eth1

218.28.9.0 * 255.255.255.0 U 0 0 0 eth0

169.254.0.0 * 255.255.255.0 U 0 0 0 eth1

127.0.0.0 * 255.255.255.0 U 0 0 0 Lo

Default Hn.pds.kd.ADSL 255.255.255.0 U 0 0 0 eth0

3. Use the iptables to realize the double Nic Nat function, thus realizes the proxy server to surf the net

After the work is done, we modify the sysctl.conf, which is the IP forwarding file. Here we must have IP forwarding to be able to.

sysctl.conf Path is/etc/sysctl.conf

The inside can be written like this:

Net.ipv4.ip_forward=1

Net.ipv4.conf.default.rp_filter=1

Kernel.sysrq=0

4. Final edit rc.local file

Vi/etc/rc.d/rc.local #编辑起动批处理文件, add the following lines to the end of the file

Iptables-f #清除iptables表

Iptables-f-T Nat #清除iptables IP NAT Table

Iptables-t nat-a postrouting-o eth0-s 192.168.0.0/24-j Masquerade #把内网ip伪装为外网的以至接通internet

Echo 1>/proc/sys/net/ipv4/ip_forward #启动ip中转功能.

By this, the proxy server can be used after restarting the machine.

If you do not want to load so many services can be used NTSYSV command to remove the service only leave the Iptables service and networks services, the other services to remove all the hooks.

Note: Please pay attention to the above case, write wrong is not used