码迷,mamicode.com
首页 > 其他好文 > 详细

centos7安装squid代理

时间:2017-08-04 10:58:50      阅读:227      评论:0      收藏:0      [点我收藏+]

标签:squid dns iptables 代理

局域网只有一台服务器可以上互联网,其他机器需要使用代理上网,windows下可以用ccproxy,linux建议使用squid(dns解析需要配合iptables)

1、安装squid

yum install squid.x86_64

2、配置squid配置文件。

vi /etc/squid/squid.conf


#

# Recommended minimum configuration:

#

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

#acl localnet src 10.0.0.0/8# RFC1918 possible internal network

#acl localnet src 172.16.0.0/12# RFC1918 possible internal network

acl localnet src 192.168.0.0/16# RFC1918 possible internal network 允许192.168.0.0/16网段

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines


acl SSL_ports port 443

acl Safe_ports port 80# http

acl Safe_ports port 21# ftp

acl Safe_ports port 443# https

acl Safe_ports port 70# gopher

acl Safe_ports port 210# wais

acl Safe_ports port 1025-65535# unregistered ports

acl Safe_ports port 280# http-mgmt

acl Safe_ports port 488# gss-http

acl Safe_ports port 591# filemaker

acl Safe_ports port 777# multiling http

acl CONNECT method CONNECT


#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports


# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports


# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager


# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost


#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#


# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost


# And finally deny all other access to this proxy

http_access deny all


# Squid normally listens to port 3128   端口修改为808端口

http_port 808 


# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid 100 16 256


# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid


#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:144020%10080

refresh_pattern ^gopher:14400%1440

refresh_pattern -i (/cgi-bin/|\?) 00%0

refresh_pattern .020%4320


到这里squid就配置完了。

由于客户端pc的dns解析都没有权限,所以还要把客户端的dns解析也由squid服务器这台主机转发出去。

1) echo "1" > /proc/sys/net/ipv4/ip_forward

2)iptables 配置

iptables -t nat -A PREROUTING -s -p udp --dport 53 -j DNAT --to 8.8.8.8

iptables -t nat -A POSTROUTING -p udp --dport 53 -j SNAT --to 192.168.144.49

iptables -A FORWARD -j ACCEPT


客户端配置

export http_proxy=http://192.168.144.49:808

export https_proxy=https://192.168.144.49:808

客户端配置dns

chattr -i /etc/resolv.conf  (ubuntu)

vi /etc/resolv.conf

nameserver 192.168.144.49

验证一下

root@host-192-168-145-197:~# ping www.sina.com

PING wwwus.sina.com (66.102.251.33) 56(84) bytes of data.

ok,dns可以用了。

curl www.sina.com

返回一大串代理,OK,代理配置成功了。


https的配置需要生成证书,可以参考以下文章。

http://www.linuxidc.com/Linux/2017-02/140398.htm

本文出自 “高迪的个人博客” 博客,请务必保留此出处http://gaodi2002.blog.51cto.com/5940761/1953459

centos7安装squid代理

标签:squid dns iptables 代理

原文地址:http://gaodi2002.blog.51cto.com/5940761/1953459

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!