squid缓存服务器————透明代理

squid缓存服务器————透明代理

[root@squid init.d]# cd /etc/sysconfig/network-scripts/ [root@squid network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36 [root@squid network-scripts]# vim ifcfg-ens36 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens36" DEVICE="ens36" ONBOOT="yes" IPADDR=192.168.10.1 NETMASK=255.255.255.0 [root@squid network-scripts]# systemctl restart network [root@squid network-scripts]# ifconfig ens33: flags=4163 mtu 1500 inet 192.168.247.206 netmask 255.255.255.0 broadcast 192.168.247.255 ens36: flags=4163 mtu 1500 inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255 [root@squid network-scripts]# vim /etc/sysctl.conf net.ipv4.ip_forward=1 [root@squid network-scripts]# sysctl -p net.ipv4.ip_forward = 1

[root@web ping 192.168.247.206 PING 192.168.247.206 (192.168.247.206) 56(84) bytes of data. 64 bytes from 192.168.247.206: icmp_seq=1 ttl=64 time=0.740 ms 64 bytes from 192.168.247.206: icmp_seq=2 ttl=64 time=0.802 ms [root@web route add -net 192.168.10.0/24 gw 192.168.247.206 [root@web ping 192.168.10.1 PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data. 64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.637 ms 64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.648 ms

[root@squid network-scripts]# ping 192.168.247.160 PING 192.168.247.160 (192.168.247.160) 56(84) bytes of data. 64 bytes from 192.168.247.160: icmp_seq=1 ttl=64 time=1.26 ms 64 bytes from 192.168.247.160: icmp_seq=2 ttl=64 time=0.521 ms

[root@squid network-scripts]# vim /etc/squid.conf 192.168.10.1:3128 transparent //修改，transparent 为透明模式 [root@squid network-scripts]# service squid stop [root@squid network-scripts]# service squid start 正在启动 squid... [root@squid network-scripts]# netstat -natp | grep 3128 tcp 0 0 192.168.10.1:3128 0.0.0.0:* LISTEN

配置iptables规则-t nat表-I PREROUTING 进路由-i 入口-s 源地址-p tcp协议 --dport 目标端口-j 操作 REDIRECT重定向到 --to 3128端口

[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128 [root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128 [root@squid network-scripts]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT

win10客户机关闭手动代理，访问web

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。