A simple record of squid transparent proxy server configuration
Environment: VirtualBox + CentOS 6.0 + squid-3.1.4-1.el6.i686
0, check squid is installed by default, no installation of the first installation
The code is as follows:
[Root@slyar ~]# Rpm-qa Squid
squid-3.1.4-1.el6.i686
1, the virtual machine add dual network card, all set up bridge, configure Ip,eth0 as an extranet, eth1 as the intranet, pay attention to the configuration file in the network card MAC address and equipment matching!
The code is as follows:
[Root@slyar ~]# Vim/etc/sysconfig/network-scripts/ifcfg-eth0
Device= "Eth0"
Onboot=yes
Type=ethernet
hwaddr=08:00:27:bc:6a:0d
ipaddr=172.17.1.221
Prefix=24
gateway=172.17.1.254
dns1=172.16.5.133
Name= "System eth0"
< P>[root@slyar ~]# Vim/etc/sysconfig/network-scripts/ifcfg-eth1
Device= "Eth1"
Onboot=yes
Type=ethernet
Hwaddr=08:00:27:20:52:b2
ipaddr=192.168.1.254
Prefix=24
Name= "System eth1"
< P>[root@slyar ~]#/etc/init.d/network restart #重新启动网卡
After the configuration is not available, pay attention to using the route command to see the default route. Recommended eth1 do not set the gateway, save the trouble, of course, if you are willing to configure the default route is not called.
2, the configuration squid and transparent mode
The code is as follows:
[Root@slyar ~]# Cp/etc/squid/squid.conf/etc/squid/squid.conf.bak
[Root@slyar ~]# vim/etc/squid/squid.conf
For the sake of convenience, I directly change the following line to http_access allow all, the reader can modify the allowable scope.
The code is as follows:
# and finally deny all other access to this proxy
Http_access Deny All
Be sure to add the following statement at the bottom of the configuration file, or squid will not start!
The code is as follows:
Visible_hostname localhost
If you want to use transparent mode, add the keyword "Transparent" behind the port.
Without the use of transparent mode, this line does not need to be changed, after the 3rd step can jump to the 7th step test directly.
The code is as follows:
# Squid normally listens to port 3128
Http_port 3128 Transparent
3. Start Squid
The code is as follows:
[Root@slyar ~]# Service Squid restart
4, for transparent agent configuration iptables, set forwarding
In order to save trouble, directly create a shell script, open the traffic between the network card Exchange, open NAT, set DNS forwarding, set 80 port traffic all forward to the 3128 port to squid processing.
The code is as follows:
[Root@slyar ~]# vim squid.sh #创建脚本文件
The code is as follows:
#!/bin/bash
echo "1" >/proc/sys/net/ipv4/ip_forward
Modprobe Iptable_nat
/sbin/iptables-t nat-a Postrouting-j Masquerade
Iptables-t nat-a prerouting-p UDP--dport 53-j dnat--to 172.16.5.133
Iptables-t nat-a prerouting-i eth1-p tcp-s 192.168.1.0/24--dport 80-j REDIRECT--to-ports 3128
< P>[root@slyar ~]# chmod o+x squid.sh #给脚本执行权限
[Root@slyar ~]#./squid.sh #启动脚本
5. Save the Iptables to the configuration file
The code is as follows:
[Root@slyar ~]# Service Iptables Save
6. Reboot Iptables
The code is as follows:
[Root@slyar ~]# Service iptables restart
7, test squid transparent agent
Client settings IP Address: 192.168.1.x/24
Gateway: 192.168.1.254
DNS server: 192.168.1.254
8, open IE, do not set the agent (because it is transparent agent), input www.jb51.net If you can open on the success.
9, the additional Non-transparent agent test method: Open IE-tools-Internet Options-Connection-LAN settings-proxy server, set server IP to 192.168.1.254, Port 3128, OK.