大家好，又见面了，我是你们的朋友全栈君。

文章目录

1. 服务器配置
2. Squid 服务器部署
3. 客户端访问测试

1. 服务器配置

服务器	主机名	IP地址	主要软件
Squid 服务器	squid_server	外网ens33：192.168.10.20 \| 内网ens37：10.0.0.100	squid
Web 服务器	web_server	内网 10.0.0.200	apache
Win10 客户端		外网 192.168.10.85	edge 浏览器

在这里插入图片描述

2. Squid 服务器部署

2.1 修改 Squid 配置文件

[root@squid_server ~]# vim /etc/squid.conf

# And finally deny all other access to this proxy
http_access allow all
http_access deny all

# Squid normally listens to port 3128
##60行，修改，添加提供内网服务的网卡IP地址，和支持透明代理选项transparent
http_port 192.168.10.20:3128 transparent
cache_effective_user squid
cache_effective_group squid
cache_mem 64 MB
reply_body_max_size 10 MB
maximum_object_size 4096 KB

[root@squid_server ~]# systemctl restart squid

2.2 开启路由转发，实现本机中不同网段的地址转发

[root@squid_server ~]#echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@squid_server ~]#sysctl -p
net.ipv4.ip_forward = 1

2.3 修改防火墙规则

[root@squid_server ~]#iptables -F
[root@squid_server ~]#iptables -t nat -F
[root@squid_server ~]#iptables -t nat -I PREROUTING -i ens33 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
#用于转发 http 协议，将访问端口重定向到 3128
[root@squid_server ~]#iptables -t nat -I PREROUTING -i ens33 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
#用于转发 https 协议，将访问端口重定向到 3128
[root@squid_server ~]#iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
#定义防火墙入站规则，允许 3128 的连接请求

3. 客户端访问测试

客户端 192.168.10.85 访问 web 服务器 10.0.0.200
在这里插入图片描述

关闭手动代理
网关指向 squid 代理 ens33 IP

查看 Squid 访问日志的新增记录（192.168.10.20）

在客户端多刷新几次页面，查看访问情况

[root@squid_server ~]#tail -f /usr/local/squid/var/logs/access.log
1635941728.519  31737 192.168.10.85 TCP_TUNNEL/200 6844 CONNECT cp601.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/184.29.187.90 -
1635941729.950  28933 192.168.10.85 TCP_TUNNEL/200 6842 CONNECT cp601.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/184.29.187.90 -
1635941766.747  69937 192.168.10.85 TCP_TUNNEL/200 6591 CONNECT disc601.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/184.29.187.90 -
1635941822.746 133072 192.168.10.85 TCP_TUNNEL/200 6617 CONNECT geover.prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/104.85.33.217 -
1635941886.914   1612 192.168.10.85 TCP_TUNNEL/200 4900 CONNECT v10.events.data.microsoft.com:443 - HIER_DIRECT/20.42.73.25 -
1635941897.422    476 192.168.10.85 TCP_TUNNEL/200 3968 CONNECT settings-win.data.microsoft.com:443 - HIER_DIRECT/40.119.249.228 -
1635941899.775    446 192.168.10.85 TCP_TUNNEL/200 4017 CONNECT settings-win.data.microsoft.com:443 - HIER_DIRECT/40.119.249.228 -
1635941912.755  11406 192.168.10.85 TCP_TUNNEL/200 4901 CONNECT v10.events.data.microsoft.com:443 - HIER_DIRECT/20.42.73.25 -
1635944385.775      0 192.168.10.20 TCP_MISS/403 4076 GET http://www.msftconnecttest.com/connecttest.txt - HIER_NONE/- text/html
1635944385.775     49 192.168.10.85 TCP_MISS/403 4137 GET http://www.msftconnecttest.com/connecttest.txt - ORIGINAL_DST/192.168.10.20 text/html
1635944910.531      3 192.168.10.85 TCP_MISS/403 5244 GET http://10.0.0.200/ - ORIGINAL_DST/10.0.0.200 text/html
1635944910.611      2 192.168.10.85 TCP_MISS/200 5405 GET http://10.0.0.200/noindex/css/open-sans.css - ORIGINAL_DST/10.0.0.200 text/css
1635944910.611      3 192.168.10.85 TCP_MISS/200 19666 GET http://10.0.0.200/noindex/css/bootstrap.min.css - ORIGINAL_DST/10.0.0.200 text/css
1635944910.649      1 192.168.10.85 TCP_MISS/200 4280 GET http://10.0.0.200/images/poweredby.png - ORIGINAL_DST/10.0.0.200 image/png
1635944910.649      1 192.168.10.85 TCP_MISS/200 2650 GET http://10.0.0.200/images/apache_pb.gif - ORIGINAL_DST/10.0.0.200 image/gif
1635944910.729      0 192.168.10.85 TCP_MISS/404 494 GET http://10.0.0.200/noindex/css/fonts/Bold/OpenSans-Bold.woff - ORIGINAL_DST/10.0.0.200 text/html
1635944910.730      0 192.168.10.85 TCP_MISS/404 496 GET http://10.0.0.200/noindex/css/fonts/Light/OpenSans-Light.woff - ORIGINAL_DST/10.0.0.200 text/html
1635944910.854      0 192.168.10.85 TCP_MISS/404 495 GET http://10.0.0.200/noindex/css/fonts/Light/OpenSans-Light.ttf - ORIGINAL_DST/10.0.0.200 text/html
1635944910.854      1 192.168.10.85 TCP_MISS/404 493 GET http://10.0.0.200/noindex/css/fonts/Bold/OpenSans-Bold.ttf - ORIGINAL_DST/10.0.0.200 text/html
1635944910.879      1 192.168.10.85 TCP_MISS/404 464 GET http://10.0.0.200/favicon.ico - ORIGINAL_DST/10.0.0.200 text/html

可以看到前面几次的访问较慢，后面速度较快，因为后面访问直接返回的 squid 服务器中的缓存数据，客户端的响应速度得到了很大的提升。

查看 Web 访问日志的新增记录（10.0.0.200）

[root@web_server ~]#tail -f /var/log/httpd/access_log
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET / HTTP/1.1" 403 4897 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1" 404 241 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1" 404 239 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1" 404 238 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1" 404 240 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET / HTTP/1.1" 403 4897 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1" 404 241 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1" 404 239 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1" 404 240 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
10.0.0.100 - - [03/Nov/2021:21:08:33 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1" 404 238 "http://10.0.0.200/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"

访问记录来自于 squid 代理服务器的外网卡，代理服务器的外网口代替客户机在访问，使得 web 服务端无法得知客户的真实 IP。

发布者：全栈程序员-站长，转载请注明出处：https://javaforall.net/126268.html原文链接：https://javaforall.net

Squid 代理服务之透明代理服务器架构搭建

文章目录

1. 服务器配置

2. Squid 服务器部署

2.1 修改 Squid 配置文件

2.2 开启路由转发，实现本机中不同网段的地址转发

2.3 修改防火墙规则

3. 客户端访问测试

发表回复

Squid 代理服务之透明代理服务器架构搭建

文章目录

1. 服务器配置

2. Squid 服务器部署

2.1 修改 Squid 配置文件

2.2 开启路由转发，实现本机中不同网段的地址转发

2.3 修改防火墙规则

3. 客户端访问测试

相关推荐

手机设备上touchstart与click的区别

周鸿祎：做一个产品彻底改变世界

监控RuntimeException「建议收藏」

QuoteName\生成Sql语句

发包工具isic安装详解[通俗易懂]

Linux keypad 设备树,matrix_keypad 矩阵按键驱动分析

发表回复