If you select a Linux host as a proxy server, you do not need to configure High Performance of the host. He can be the worst machine in your company (There should always be a nic, there are two of the best, you can also bind two IP addresses, one is the Internet IP address and the other is the Intranet IP address ), however, if you configure it as a proxy server, you can achieve high performance. Of course, he is only responsible for this service. The practice is: to install linux on the worst server, select the squid service for installation.
After the squid service is installed, initialize it with the command squid-Z.
Then start the proxy service, VI/etc/squid. conf (edit the main configuration file of squid service), and remove the comments of cache_dir ufs/var/spool/squid 100 16 256 in the configuration file, remove the comments of lines 1944 and change the IP address to the Intranet IP address of the proxy. After modification, save and exit.
After the service is started, the Service squid start is OK.
After completing the preceding steps, you can build a simple proxy server.
If you want to implement access control, it is also easy to do. You still need VI/etc/squid. conf is a template for configuring access control in about 8000 lines. You only need to figure it out. For example, if you do not want employees to access the Internet for a certain period of time, you can add the ACL worktime-in the master configuration file.
Http_access worktime deny
Service squid restart
In this way, they will not be able to access the Internet at-, is it very simple.
Some people say that it is too inconvenient to enter the IP address and port of the proxy server in your browser to access the Internet through proxy. Linux can help you solve this problem by setting a transparent proxy. After setting the proxy, the client does not need to set the proxy configuration of the browser. The procedure is as follows:
In the main configuration file, set http_port 3128
Http_accel_port 80
Http_accel_with_proxy on
Remove the comments of http_accel_uses_host_header on.
Add another http_accel_host virtual line (if this line exists, you don't need to add it. Directly remove the comment)
Restart service squid restart
Enable route forwarding Echo 1>/proc/sys/NET/IPv4/ip_forward
Execute port redirection iptables-T Nat-A prerouting-I eth0-P TCP -- dport 80-J redirect -- to-port 3128
The client directs the default gateway to the IP address of the proxy server.
Using Linux as a server also has an important advantage: fast speed, stable, not vulnerable to attacks, and not easy to go down.
Okay, so much about using Linux as a proxy server. There are still many good settings that we need to explore and Practice on our own.
