Three tricks for new users to use Linux as proxy servers

Article Title: newbie uses Linux as a proxy server. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Nowadays, there are more and more agents using Linux. I am a side dish and I don't know how to find someone to learn about this. However, this person is mainly responsible for money, and it doesn't matter if he has to pay for it. He can also learn his skills as long as he can learn something.

But some people are too dark to ask me for 1000 + RMB. I had to find out how much money I had for a small network administrator. I found more than N tutorials on the Internet, but I was not able to follow them. Maybe the younger brother was too stupid to understand what the master did, and I found some information about iptables on the Internet, I finally got it.

Now I will write down my practices and share them with you. Haha! Maybe it's the easiest way. Don't laugh at me. If the expert has read it, please give more advice. Now, let's start with the question.

The simplest way to use Linux as a proxy server is to use RedHat9.0 as an example.

To find a machine that can be installed with Linux, you must have at least two NICs.

1. install Linux, either in graphics or style. Select the minimum installation. During installation, you can configure the Internet IP address and DNS (not set ).

After installation, enter the prompt

2. After Entering the prompt, first configure the NIC:

Eth0 (Internet Nic) configuration file path:/etc/sysconfig/network-scripts/ifcfg-eth0

Use vi/etc/sysconfig/network-scripts/ifcfg-eth0 to modify the content of eth0, if the installation is good, you don't need to configure, check whether there is a mistake on the line.

The content of eth0 is: (Note the IP address as the hypothetical IP address, # Do not write for the annotation)

DEVICE = eth0 # hardware DEVICE name

BOOTPROTO = static # configuration method

BROADCAST = 218.28.9.255 # BROADCAST address

IPADDR = 218.28.9.123 # your IP address

NETMASK = 255.255.255.0 # Subnet Mask

NETWORK = 218.28.9.0 # address of the entire NETWORK segment

ONBOOT = yes # enable NIC (usually enabled by default)

Eth1 (intranet Nic), configuration file path:/etc/sysconfig/network-scripts/ifcfg-eth1

Modify eth0 content with vi/etc/sysconfig/network-scripts/ifcfg-eth1

The content of eth1 is:

DEVICE = eth1 # hardware DEVICE name

BOOTPROTO = static # configuration method

BROADCAST = 192.168.0.255 # BROADCAST address

IPADDR = 192.168.0.1 # your IP address

NETMASK = 255.255.255.0 # Subnet Mask

NETWORK = 192.168.0.0 # IP address of the entire NETWORK segment

ONBOOT = yes # enable NIC (usually enabled by default)

After the NIC is configured, you can use ifconfig to check if the NIC is correct.

3. Set the Internet gateway and the DNS provided by the ISP.

The path of the gateway configuration file is/etc/sysconfig/network. Use vi to edit it. If you have set this during installation, you do not need to change it.

Content:

NETWORKING = yes # I don't know what it means. The default value is yes.

HOSTNAME = rslinux # Do not change your host name

GATEWAY = 218.28.9.120 # Your Internet GATEWAY

Add the DNS. If it is set during installation, you don't need to change it.

The DNS configuration file path is/etc/resolv. conf and is edited by vi.

Syntax:

Nameserver limit 2102.224.68 (multiple entries can be added)

After all the above basic work is done, I can use the route command to check the path state. If the reading is successful, it indicates no problem.

This is the case after I finish it.

192.168.0.0*255.255.255.0 U 0 0 0 eth1

218.28.9.0*255.255.255.0 U 0 0 eth0

169.254.0.0*255.255.255.0 U 0 0 0 eth1

127.0.0.0*255.255.255.0 U 0 0 0 lo

Default hn. pds. kd. ADSL 255.255.255.0 U 0 0 eth0

3. Use IPTABLES to implement the dual-nic NAT Function, so that the proxy server can access the Internet.

After the above work is done, we modify sysctl. conf, that is, the IP Forwarding file. Here we must use IP forwarding.

The sysctl. conf path is/etc/sysctl. conf.

It can be written as follows:

Net. ipv4.ip _ forward = 1

Net. ipv4.conf. default. rp_filter = 1

Kernel. sysrq = 0

4. Edit the rc. local file.

Vi/etc/rc. d/rc. local # edit the start batch file and add the following lines at the end of the file

Iptables-F # Clear the iptables table

Iptables-F-t nat # Clear the iptables IP nat table

Iptables-t nat-a postrouting-o eth0-s 192.168.0.0/24-j MASQUERADE # disguise the Intranet ip address as an internet ip address and connect it to the internet

Echo 1>/proc/sys/net/ipv4/ip_forward # enable the ip address transfer function.

At this point, the proxy server can be used after the machine is restarted.

If you do not want to load so many services, you can use the ntsysv command to remove the services, leaving only the iptables service and the networks Service removed.

Note: The above case is case sensitive and cannot be used if an error is entered.

Well, this is the end. If you have too many questions, please don't mind. I just want to make it clear.