Transparent Proxy 即不須user設定但會自動使用proxy上網(user端無感)
環境設定:
1.Server端:
環境設定:
服務:
NAT
DHCP
Proxy
網路設定:
eth0:140.137.215.238/24 GW:140.137.215.254 //對外ip
eth1:192.168.188.254/24 //內部GW
NAT
DHCP
Proxy
網路設定:
eth0:140.137.215.238/24 GW:140.137.215.254 //對外ip
eth1:192.168.188.254/24 //內部GW
2.Client:
網路設定DHCP
Server設定:
1.NAT:
# sysctl -w net.ipv4.ip_forward = 1
# sysctl -p
# iptables -t nat -A POSTROUTING -o eth0 -s 192.168.188.0/24 -j MASQUERADE
//表示由192.168.188.0/24來目的地eth0的封包偽裝成eth0的ip封包
//記得寫入rc.local,或建立script設定成開機執行
# sysctl -p
# iptables -t nat -A POSTROUTING -o eth0 -s 192.168.188.0/24 -j MASQUERADE
//表示由192.168.188.0/24來目的地eth0的封包偽裝成eth0的ip封包
//記得寫入rc.local,或建立script設定成開機執行
2.DHCP:
# cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf //拷貝範例檔
# vim /etc/dhcpd.conf
# vim /etc/dhcpd.conf
| ddns-update-style interim; ignore client-updates; subnet 192.168.188.0 netmask 255.255.255.0 { # --- default gateway option routers 192.168.188.254; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 168.95.1.1; option time-offset -18000; # Eastern Standard Time range dynamic-bootp 192.168.188.100 192.168.188.200; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address host ns { next-server marvin.redhat.com; hardware ethernet 12:34:56:78:AB:CD; fixed-address 207.175.42.254; } } //詳細設定介紹請參考鳥哥或我的另一篇文章 |
#/etc/init.d/dhcpd restart
3.squid
# vim /etc/squid/squid.conf
| http_port 3128 transparent //v.2.6 後的版本加這段即可 acl our_networks src 192.168.188.0/24 http_access allow our_networks //在正確的位置放上這兩行 |
# /etc/init.d/squid restart
4.再加一條NAT規則,將使用者的80port導向squid server
# iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.188.254 -p tcp --dport 80 -j REDIRECT --to-port 3128
//將192.168.188.0/24網段過來的網頁連線導向到3128port
//-s ! ip 表示除此ip以外,本例表示排除本機eth1的ip
測試://將192.168.188.0/24網段過來的網頁連線導向到3128port
//-s ! ip 表示除此ip以外,本例表示排除本機eth1的ip
用Client端dhcp並且不設定proxy上網,在server端/var/log/squid/store.log應該會增加很多資料
沒有留言:
張貼留言