标签:art 服务器ip port 网卡ip tran 主机 访问 cto sysctl
正向代理(透明)
服务端:eno16777728: inet 192.168.10.10 主机模式
eno33554968: inet 192.168.1.180 桥接模式
客户端:Address 192.168.10.20
Netmask 255.255.255.0
Gateway 192.168.10.10
DNS Server 8.8.8.8
114.114.114.114
服务端:
[root@linuxprobe ~]# yum install squid
[root@linuxprobe ~]# systemctl restart squid
[root@linuxprobe ~]# systemctl enable squid
ln -s ‘/usr/lib/systemd/system/squid.service‘ ‘/etc/systemd/system/multi-user.target.wants/squid.service‘
[root@linuxprobe ~]# iptables -F
[root@linuxprobe ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
通过iptables命令实现DNS地址解析服务53端口的数据转发功能,并且允许Squid服务器转发IPv4数据包:
[root@linuxprobe ~]# iptables -t nat -A POSTROUTING -p udp --dport 53 -o eno33554968 -j MASQUERADE # 实现DNS地址解析服务53端口的数据转发功能
[root@linuxprobe ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward=1 # 允许Squid服务器转发IPv4数据包
[root@linuxprobe ~]# sysctl -p # 让转发参数立即生效
net.ipv4.ip_forward = 1
SNAT数据转发功能的具体配置参数如下:
[root@linuxprobe ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
# 使用iptables防火墙管理命令把所有客户端主机对网站80端口的请求转发至Squid服务器本地的3128端口上
[root@linuxprobe ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eno33554968 -j SNAT --to 192.168.1.180
# 桥接网卡IP地址
[root@linuxprobe ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
Squid服务程序透明代理模式的配置:
[root@linuxprobe ~]# vim /etc/squid/squid.conf
59 http_port 3128 transparent # 在主配置文件中服务器端口号后面追加上transparent单词(“透明的”)
62 cache_dir ufs /var/spool/squid 100 16 256 # 设置缓存的保存路径
[root@linuxprobe ~]# systemctl stop squid # 先关闭squid服务
[root@linuxprobe ~]# squid -k parse # 检查主配置文件是否有错误
[root@linuxprobe ~]# squid -z # 对Squid服务程序的透明代理技术进行初始化
[root@linuxprobe ~]# systemctl restart squid
客户端:
[root@linuxprobe ~]# ping www.baidu.com
[root@linuxprobe ~]# vim /etc/squid/squid.conf
26 acl client src 192.168.10.20 # 限制网站的访问地址
31 http_access allow client
32 http_access deny all
[root@linuxprobe ~]# systemctl restart squid
[root@linuxprobe ~]# vim /etc/squid/squid.conf
26 acl deny_keyword url_regex -i cto # -i 关键字词
32 http_access deny deny_keyword
[root@linuxprobe ~]# systemctl restart squid
[root@linuxprobe ~]# vim /etc/squid/squid.conf
26 acl deny_keyword url_regex http://www.51cto.com
32 http_access deny deny_keyword
[root@linuxprobe ~]# systemctl restart squid
[root@linuxprobe ~]# vim /etc/squid/squid.conf
26 acl deny_keyword url_regex 51cto.com
32 http_access deny deny_keyword
[root@linuxprobe ~]# systemctl restart squid
[root@linuxprobe ~]# vim /etc/squid/squid.conf
26 acl badfile url_regex -i \.mp3$ \.rar$
32 http_access deny badfile
[root@linuxprobe ~]# systemctl restart squid
反向代理
服务端:eno16777728: 桥接模式
服务端:
[root@linuxprobe ~]# yum install squid
[root@linuxprobe ~]# systemctl restart squid
[root@linuxprobe ~]# systemctl enable squid
ln -s ‘/usr/lib/systemd/system/squid.service‘ ‘/etc/systemd/system/multi-user.target.wants/squid.service‘
[root@linuxprobe ~]# vim /etc/squid/squid.conf
59 http_port 192.168.1.183:80 vhost # 桥接网卡IP地址
60 cache_peer 183.131.146.19 parent 80 0 originserver # 网站源服务器IP地址
[root@linuxprobe ~]# systemctl restart squid
浏览器:192.168.1.183
标签:art 服务器ip port 网卡ip tran 主机 访问 cto sysctl
原文地址:https://www.cnblogs.com/dinghailong128/p/12178417.html