CentOS 6.7 下 Squid Proxy 伺服器 的 安裝與配置

標籤：

 GFW 封鎖了 HTTP/Socks5 代理，HTTP 代理是關鍵詞過濾，Socks5 代理則是封鎖協議。不過某些特殊的低連接埠並沒有這麼處理，已知的有 21，25。

20連接埠已經被封殺，21連接埠目前會被限速400Kbps，換算後約合50KB/S，建議使用25連接埠，不限速。

 

一、系統內容

作業系統：CentOS release 6.7 (Final)

Squid版本：squid-3.1.10-20.el6_5.3.x86_64

SELINUX=disabled

HTTP Service: stoped

 

二、安裝Squid服務

2.1 檢查squid軟體是否安裝

# rpm -qa|grep squid

 

2.2 如果未安裝，則使用yum 方式安裝

# yum -y install squid

 

2.3 設定開機自啟動

# chkconfig squid on  //自動運行squid服務

 

2.4 配置squid，修改或增加紅色部分

## Recommended minimum configuration:#acl manager proto cache_objectacl localhost src 127.0.0.1/32 ::1acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1# Example rule allowing access from your local networks.# Adapt to list your (internal) IP networks from where browsing# should be allowedacl localnet src 10.0.0.0/8    # RFC1918 possible internal networkacl localnet src 172.16.0.0/12    # RFC1918 possible internal networkacl localnet src 192.168.0.0/16    # RFC1918 possible internal networkacl localnet src fc00::/7       # RFC 4193 local private network rangeacl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443acl Safe_ports port 80        # httpacl Safe_ports port 21        # ftpacl Safe_ports port 443        # httpsacl Safe_ports port 70        # gopheracl Safe_ports port 210        # waisacl Safe_ports port 1025-65535    # unregistered portsacl Safe_ports port 280        # http-mgmtacl Safe_ports port 488        # gss-httpacl Safe_ports port 591        # filemakeracl Safe_ports port 777        # multiling httpacl CONNECT method CONNECT## Recommended minimum Access Permission configuration:## Only allow cachemgr access from localhosthttp_access allow manager localhosthttp_access deny manager# Deny requests to certain unsafe portshttp_access deny !Safe_ports# Deny CONNECT to other than secure SSL portshttp_access deny CONNECT !SSL_ports# We strongly recommend the following be uncommented to protect innocent# web applications running on the proxy server who think the only# one who can access services on "localhost" is a local user#http_access deny to_localhost## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS## Example rule allowing access from your local networks.# Adapt localnet in the ACL section to list your (internal) IP networks# from where browsing should be allowedhttp_access allow localnethttp_access allow localhost# And finally deny all other access to this proxy
#http_access deny allhttp_access allow all# Squid normally listens to port 3128http_port 191.101.9.188:25 transparent# Uncomment and adjust the following to add a disk cache directory.cache_dir ufs /var/spool/squid 5000 16 256# Leave coredumps in the first cache dircoredump_dir /var/spool/squid# Add any of your own refresh_pattern entries above these.refresh_pattern ^ftp:        1440    20%    10080refresh_pattern ^gopher:    1440    0%    1440refresh_pattern -i (/cgi-bin/|\?) 0    0%    0refresh_pattern .        0    20%    4320strip_query_terms offvisible_hostname 191.101.9.188cache_mgr [email protected]cache_store_log nonecache_access_log nonecache_mem 512 MBcache_swap_low 90cache_swap_high 95maximum_object_size 128 MBmaximum_object_size_in_memory 128 MBdns_nameservers 8.8.8.8 8.8.4.4client_lifetime 1 minuteshalf_closed_clients offfqdncache_size 65535ipcache_size 65535ipcache_low 90ipcache_high 95

 

三、配置防火牆

開放25連接埠

# iptables -I INPUT -p tcp --dport 25 -j ACCEPT# service iptables save

或編輯 vi /etc/sysconfig/iptables

# Completed on Thu May 12 13:14:52 2016# Generated by iptables-save v1.4.7 on Thu May 12 13:14:52 2016*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [74:9756]-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT COMMIT# Completed on Thu May 12 13:14:52 2016

重啟 service iptables restart

 

ps：

http://bbs.itzmx.com/thread-8815-1-1.html

http://www.cnblogs.com/mchina/p/3812190.html

http://blog.163.com/na_llong/blog/static/1135416092013714104354316/

CentOS 6.7 下 Squid Proxy 伺服器 的 安裝與配置