Complete steps to build a squid proxy server in linux

Preface

This article mainly introduces the relevant content about setting up a squid proxy server in linux. Let's take a look at the detailed introduction.

Experimental environment:

A Linux-based Web server that acts as an intranet web server (and also as an intranet client) 202.100.10.100

A Linux system acts as a gateway server, two network cards, and routing forwarding 192.168.133.131 and 202.100.10.1 is enabled

A Linux-based Web server acts as an external web server (and also as an external client) 192.168.133.131

Experimental steps:

1. Configure the IP addresses of the intranet web server, gateway server, and extranet web server, enable the routing forwarding of the gateway, turn off the firewall of the gateway, and test the connectivity between the intranet web server and the extranet web server to ensure that they can communicate with each other.

2. Install the web services of the intranet web server and the extranet web server, start the services, and create a new test page

3. Test the intranet client accessing the external web server, and the external client accessing the intranet web server

4. Intranet client accesses external web server

5. External network client accesses the internal network web server

Firewall SNAT and DNAT

1. Intranet client accesses external web server

2. View logs on the external web server

tail -f /var/log/httpd/access_log 

3. Set up address translation on the gateway

iptables -t nat -A POSTROUTING -s 192.168.133.0/24 -o eth2 -j SNAT --to-source 202.100.10.1

Or iptables -t nat -A POSTROUTING -s 192.168.133.0/24 -o eth2 -j MASQUERADE

4. Access the external web server from the intranet client again, and then check the external web server to see that the IP recorded in the log file is not the IP of the intranet client.

DNAT:

1. Set up on the gateway and map the intranet web server to the gateway's external network interface

iptables -t nat -A PREROUTING -i eth2 -d 202.100.10.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.133.131

2. Access the gateway's external network interface IP (actually accessing the intranet web server)

3. View the log files of the intranet web server

Squid Proxy Server

1. Configure the squid proxy server on the gateway server and install squid, yum install -y squid

1.1 Traditional Proxy Server

Start the Squid service service squid start

Because the squid.conf configuration file allows all private IPs to pass by default

1.2 Set up the browser on the intranet client, join the proxy, and test

Check the log file on the external server and you can see that the IP is the IP of the proxy server.

1.3 Close the proxy server of the gateway server and test again. The following figure shows that the client accesses the external web server through the proxy server

2. Transparent Proxy Server

2.1 Configure on the gateway server, set up transparent proxy and enable cache, vim /etc/squid/squid.conf

http_port 192.168.133.130: 3128 transparent #192.168.133.130 is the intranet interface IP

cache_dir ufs /var/spool/squid 100 16 256

iptables -t nat -A PREROUTING -i eth1 -s 192.168.133.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128 #-i interface is the intranet interface -s follows the intranet segment -j follows REDIRECT (redirection) 

2.2 Restart the squid service, then test on the intranet client, cancel the proxy set by the browser in the previous test, the transparent proxy does not need to be set on the client

2.3 View logs on the external web server

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.