in Linux 1. What is a transparent proxy?
If you ask: How can I make my browser's browser use my Squid cache proxy server without any proxy settings? At this point you need to use a transparent proxy. The transparent proxy allows your client to not need to set any proxy. When the packet passes through the transparent proxy server, it is actually redirected to the proxy port of the Squid proxy server (such as 8080), that is, the local proxy server requests the required data and then Copy to the client. 2. What kind of environment do I need to implement a transparent proxy?
a. The client's windows PC gateway must be set to Squid proxy server, because since there is no proxy setting in your browser, you have to go through a Squid proxy server to be heavy when you want to access a site. Orientation, so this is the most basic condition.
b. The client must set up the DNS server correctly. Because now you don't have to set any proxy. Then the DNS must be resolved by the browser, that is, the DNS server set in the TCP/IP of the client's PC should correctly resolve the IP address of a certain site.
c. The server can install Squid proxy server, 1.x or 2.x version.
3. Configure Squid proxy, start transparent proxy function
Squid-2
Add the following line to your /etc/squid/squid.conf
http_port 8080 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on
Squid-1.1
Add the following line to /etc/squid.conf
http_port 8080 httpd_accel virtual 80 Httpd_accel_with_proxy on httpd_accel_uses_host_header on
4. Restart Squid. Use the following command:
#/usr/sbin/squid -k reconfigure
If the kernel does not support transparent proxy . Then you need to recompile the kernel and enable support for transparent proxy.
Here are the kernel projects you need to start:
[*] Network firewalls [ ] Socket Filtering [*] Unix domain sockets [*] TCP/IP networking [ ] IP: multicasting [ ] IP: advanced router [ ] IP: kernel level autoconfiguration [*] IP: firewalling [ ] IP: firewall packet netlink device [*] IP: always defragment (required for masquerading)
[*] IP: transparent proxy Support
5. The following commands are for the Linux 2.2.x kernel:
# Accept all on lookback /sbin/ipchains -A input -j ACCEPT -i lo #Accept my own IP, to Prevent loops (repeat for each interface/alias) /sbin/ipchains -A input -j ACCEPT -p tcp -d 192.168.11.1/32 80 #Send all traffic destined to port 80 to Squid on port 80 /sbin/ipchains -A Input -j REDIRECT 8080 -p tcp -s 192.168.11.0/24 -d 0/0 80
The following commands are for the Linux 2.0.x kernel:
# Accept all on loopback ipfwadm -I -a accept -W lo # Accept my own IP, to prevent loops (repeat for each interface/alias) ipfwadm -I -a accept -P tcp -D 192.168.11.1/32 80 # Send all traffic destined to port 80 To Squid on port 3128 ipfwadm -I -a accept -P tcp -S 192.168.11.0/24 -D 0/0 80 -r 8080
6. Questions to be aware of:
a This transparent proxy can only be used for the http protocol, not for the FTP protocol. b. The default gateway of the PC should be set to the Squid proxy server. c. The firewall redirection rules are in front of other input rules, pay attention to the order.
For example:
/etc/rc.d/rc.firewall:
#!/bin/sh # rc.firewall Linux kernel firewalling rules FW=/sbin/Ipfwadm
# Flush rules, for testing purposes for i in IOF # A # If we enabled accounting too do ${FW} -$i -f done
# Default policies: ${FW } -I -p rej # Incoming policy: reject (quick error) ${FW} -O -p acc # Output policy: accept ${FW} -F -p den # Forwarding policy: deny
# Input Rules:
# Loopback-interface (local access, eg, to local nameserver): ${FW} -I -a acc -S localhost/32 -D localhost/32
# Local Ethernet-interface:
# Redirect to Squid proxy server: ${FW} -I -a acc -P tcp -D default/0 80 -r 8080
# Accept packets from local Network: ${FW} -I -a acc -P all -S localnet/8 -D default/0 -W eth0
# Only required for other types of traffic (FTP, Telnet):
# Forward localnet with masquerading (udp and tcp, no icmp!): ${FW} -F -am -P tcp -S localnet/8 -D default/0 ${FW} -F -am -P udp -S localne t/8 -D default/0
Here all traffic from the local LAN with any destination gets redirected to the local port 8080. Rules can be viewed like this:
IP firewall input rules, Default policy: reject type prot source destination accounts acc all 127.0.0.1 127.0.0.1 n/a acc/r tcp 10.0.0.0/8 0.0.0.0/0 * -> 80 => 8080 acc all 10.0.0.0/8 0.0.0.0/0 n/a acc tcp 0.0.0.0/0 0.0.0.0/0 * -> *
Computer Store News: According to the latest report from a German technology website, Valves Steam B
This period win8.1 Mac OS X 10.9 Mavericks Two operating systems almost simultaneously released, i
STM32F103VCT6 comes with two 12-bit DAC, DAC conversion speed has not been found, some people say th
Today we will learn how to find and remove duplicate files on a Linux PC or server. Here is a tool
Using library files and writing library files on AIX
Introduction to three commonly used network security tools under Linux system
VMware vCenter Converter Standalone converts Linux troubleshooting
Install RedHat Linux with Oracle VM VirtualBox
Linux adsl dialing and sharing Internet
Getting Started with Linux Commands: Basics of System Security Commands
How to reinstall Linux under Linux operating system
Cache policy settings considerations
How to use the win10 system activation tool
Windows 7 PSD file format does not display thumbnail solutions
Anti-leakage tricks to the computer "bath"
Win10 Mobile RS2 Preview 14926 update and repair content summary
Openssl application programming
Win10 taskbar how to add icons? Win10 taskbar to add a tutorial to display the desktop icon
Win7 system added 2G memory capacity has not changed how to do graphics: