Description
The transparent proxy provides the same service functionality as the traditional proxy, but its "transparent" implementation relies on the default routing and firewall redirection policy, so it is more appropriate to serve the LAN host rather than serving the clients in the Internet. Its basic principle can be described in the previous Article Squid traditional agent
.
.
Installation Environment:
.
.
The installation steps are as follows: (Install squid see previous article)
.
.
1. After the squid is installed, change the server and host to host-only mode
Add a NIC to the proxy server and change to the corresponding IP address as in the experimental environment above
.
.
2. Turn on the routing feature
echo "1" > /proc/sys/net/ipv4/ip_forward #开启路由功能iptables -Fiptables -t nat -F #清空注册表setenforce 0
.
.
3. Configure SQUID to support transparent proxy
vim /etc/squit.confhttp_port 192.168.100.1:3128 transparent #设置监听端口及透明模式
.
.
4. Set the redirection policy for iptables
iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3128 #加策略,nat表,路由处理后,指定内网口,针对源地址段落,重定向到3128iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 443 -j REDIRECT --to 3128iptables -I INPUT -p tcp --dport 3128 -j ACCEPT #在input链中,针对tcp协议,目标端口3128,允许转发
.
.
3 h Turn on services, use Win7 to access 12.0.0.12, view access logs
service squid krestart
.
.
The Access IP address in the log is 12.0.0.1, transparent proxy settings succeeded
Squid Transparent Agent