How to configure squid proxy server under Linux system

Time:2020-10-26

Briefly record the configuration of squid transparent proxy server

Environment: VirtualBox + CentOS 6.0 + squid-3.1.4-1.el6.i686

0. Check whether squid is installed by default. If not, install it first

Copy code

The code is as follows:

[[email protected] ~]# rpm -qa squid
squid-3.1.4-1.el6.i686

1. Add dual network cards to the virtual machine, set all bridging, configure IP, eth0 as the external network, eth1 as the internal network, pay attention to the MAC address of the network card in the configuration file to match the device!
2015123112804623.png (500×238)

2015123113146760.png (498×237)

Copy code

The code is as follows:

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=”eth0″
ONBOOT=yes
TYPE=Ethernet
HWADDR=08:00:27:BC:6A:0D
IPADDR=172.17.1.221
PREFIX=24
GATEWAY=172.17.1.254
DNS1=172.16.5.133
NAME=”System eth0″

Copy code

The code is as follows:

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=”eth1″
ONBOOT=yes
TYPE=Ethernet
HWADDR=08:00:27:20:52:B2
IPADDR=192.168.1.254
PREFIX=24
NAME=”System eth1″

Copy code

The code is as follows:

[ [email protected] ~]#/ etc / init.d/network restart ා restart the network card

If you cannot access the Internet after configuration, please use the route command to see the default route. It is suggested that eth1 should not set up a gateway to save trouble. Of course, it doesn’t matter if you are willing to configure the default route.

2. Configure squid and transparent mode

Copy code

The code is as follows:

[[email protected] ~]# cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
[[email protected] ~]# vim /etc/squid/squid.conf

To save time, I changed the following line to http_ Access allow all. Readers can modify the allowed range.

Copy code

The code is as follows:

# And finally deny all other access to this proxy
http_access deny all

Remember to add the following statement at the bottom of the configuration file, otherwise squid cannot be started!

Copy code

The code is as follows:

visible_hostname localhost

If you want to use transparent mode, add the keyword “transparent” after the port.
If you don’t use transparent mode, you can skip to step 7 after step 3.

Copy code

The code is as follows:

# Squid normally listens to port 3128
http_port 3128 transparent

3. Start squid

Copy code

The code is as follows:

[[email protected] ~]# service squid restart

4. Configure iptables for transparent proxy and set forwarding

In order to save time, create a shell script directly, open the traffic exchange between network cards, enable NAT, set DNS forwarding, and set port 80 traffic to be forwarded to port 3128 for squid processing.

Copy code

The code is as follows:

[ [email protected] ~]# vim squid.sh #Create script file
Copy code

The code is as follows:

#!/bin/bash
echo “1” > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p udp –dport 53 -j DNAT –to 172.16.5.133
iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.1.0/24 –dport 80 -j REDIRECT –to-ports 3128</p>
[ [email protected] ~]# ./ squid.sh #Start script

5. Save the iptables specification to the configuration file

Copy code

The code is as follows:

[[email protected] ~]# service iptables save

6. Restart iptables

Copy code

The code is as follows:

[[email protected] ~]# service iptables restart

7. Test squid transparent proxy

Client IP address: 192.168.1.x/24

Gateway: 192.168.1.254

DNS server: 192.168.1.254

8. Open IE without setting proxy (because it is transparent proxy), enter www.jb51.net If you can open it, you will succeed.

9. Supplementary non transparent proxy test method: open IE – tools – Internet Options – connection – LAN settings – proxy server, set the server IP to 192.168.1.254, port 3128, OK.