LinuxFedora8 uses squid3.0 to configure a simple and transparent proxy for a single Nic

LinuxFedora8 install and configure squid Proxy Server 1. non-transparent proxy 1. the installation of squid3.0 is omitted. My system has just been updated, and it is 3.0, but it should not be difficult to install it 2. if there are no special requirements, the default configuration file will be OK, in/etc/squid. conf. If you have modified it together, you can copy D to the same directory as squid. conf. default. Whereissquid.

Install and configure the squid Proxy Server in Linux Fedora 8

1. Non-transparent proxy

1 ". The installation of squid3.0 is omitted. My system has just been updated, and it is 3.0, but it should not be difficult to install it.

2. if there are no special requirements, the default configuration file will be OK, in/etc/squid. conf. If you have modified it together, you can copy D to the same directory as squid. conf. default.

Whereis squid. You can check where the security is. You can also run rpm-ql squid.

Sudo/usr/sbin/squid-z, initialize directory

Sudo/etc/rc. d/init. d/squidstart

In this case, the default port is port 3128, And the firewall is not accessible. In Firewall-trusted port-add Port 3128, tcp

Trusted Services-> WWW Selection

In addition, make sure that squid is enabled in the service. For the initial default cache directory,/var/spool/squid and/var/log/squid, I changed their owner, but it is estimated that it is redundant (squid users and groups have long been there and forget whether they are built by themselves or on behalf of the system, haha)

Sudo chown-R squid: squid ~~~

3. Set the ip: port in the ie client.

2. Change to transparent proxy

1 ". Similarly, there are no special requirements, or use the default, just add a transparent after http_port 3128

2. The key is to configure iptables to control forwarding.

Echo "1">/proc/sys/net/ipv4/ip_forward

Iptables-t nat-a prerouting-I eth0-p tcp -- dport 80-j REDIRECT -- to-ports 3128

3. If you enter it in the command line, you need to re-enter the system and iptables every time you restart the system. This can be solved as follows:

Iptable configuration in/etc/rc. run the touch command in the d/directory to create the firewall file, run the chmod u + xfirewll command to change the file attributes, and edit/etc/rc. d/rc. add/etc/rc at the end of the local file. d/firewall to ensure that the script is automatically executed at startup.

Echo "starting ip forward"
Echo 1>/proc/sys/net/ipv4/ip_forward
Echo "starting iptables rules"
Modprobe ip_tables
Modprobe ip_nat_ftp
/Sbin/iptables-F-t nat

Iptables-t nat-a prerouting-I eth0-p tcp-m tcp -- dport 80-jREDIRECT -- to-ports3128 # forward all packets on port 80 # to port 3128

// Iptables-t nat-a postrouting-o eth0-jMASQUERADE # spoofing port eth0, which is unavailable for A single network adapter

4. After configuring the above content, you can configure the client to access the Internet.

In ie, cancel proxy settings, direct the client gateway to the server ip address, set dns, and then you can access the Internet.

If dns is not set, only manual resolution is required, such as Baidu and 202.108.22.43.

The key is the dns settings here, which are vague on the Internet. I guess there are two methods:

<1>. Forwarding means that the Intranet dns requests are forwarded to the Internet dns server for resolution.

<2> Linux acts as a dns server at the same time. There are many articles about the dns server, but I am a newbie and have low requirements. I can only use it. (Specify the client dns as the server ip address)

A. I am using dnsmasq: in Linux, I can use Iptables and Dnsmasq for transparent DNS proxy. I didn't do this, but simply started dnsmasq.

B. bind is used. If you have time, let's talk about it.

5. It is found that the transparent proxy configured in this way cannot be connected to qq, but the proxy can be configured. This should be related to squid.