码迷,mamicode.com
首页 > 其他好文 > 详细

CentOS 6.7 下 Squid 代理服务器 的 安装与配置

时间:2016-05-13 14:38:02      阅读:842      评论:0      收藏:0      [点我收藏+]

标签:

 GFW 封锁了 HTTP/Socks5 代理,HTTP 代理是关键词过滤,Socks5 代理则是封锁协议。不过某些特殊的低端口并没有这么处理,已知的有 21,25。

20端口已经被封杀,21端口目前会被限速400Kbps,换算后约合50KB/S,建议使用25端口,不限速。

 

一、系统环境

操作系统:CentOS release 6.7 (Final)

Squid版本:squid-3.1.10-20.el6_5.3.x86_64

SELINUX=disabled

HTTP Service: stoped

 

二、安装Squid服务

2.1 检查squid软件是否安装

# rpm -qa|grep squid

 

2.2 如果未安装,则使用yum 方式安装

# yum -y install squid

技术分享

 

2.3 设置开机自启动

# chkconfig squid on  //自动运行squid服务

 

2.4 配置squid,修改或增加红色部分

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all http_access allow all # Squid normally listens to port
3128 http_port 191.101.9.188:25 transparent # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /var/spool/squid 5000 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 strip_query_terms off visible_hostname 191.101.9.188 cache_mgr xxxxx@qq.com cache_store_log none cache_access_log none cache_mem 512 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 128 MB maximum_object_size_in_memory 128 MB dns_nameservers 8.8.8.8 8.8.4.4 client_lifetime 1 minutes half_closed_clients off fqdncache_size 65535 ipcache_size 65535 ipcache_low 90 ipcache_high 95

 

三、配置防火墙

开放25端口

# iptables -I INPUT -p tcp --dport 25 -j ACCEPT

# service iptables save

或编辑 vi /etc/sysconfig/iptables

# Completed on Thu May 12 13:14:52 2016
# Generated by iptables-save v1.4.7 on Thu May 12 13:14:52 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [74:9756]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
COMMIT
# Completed on Thu May 12 13:14:52 2016

重启 service iptables restart

 

ps:

http://bbs.itzmx.com/thread-8815-1-1.html

http://www.cnblogs.com/mchina/p/3812190.html

http://blog.163.com/na_llong/blog/static/1135416092013714104354316/

CentOS 6.7 下 Squid 代理服务器 的 安装与配置

标签:

原文地址:http://www.cnblogs.com/phpdragon/p/5488048.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!