ubuntu squid build the simplest first-level agent + socat relay server to build the second-level agent

Others 2021-01-29 13:53:23 views: null

There are many tutorials on using squid to build an agent on the Internet, most of which are complicated. My application scenario is relatively simple, so there is no need to configure a password or anything, just for experimentation.

Scene requirements:

There is a server C (centos7), bastion machine B (centos7), and host A (ubuntu20.04) in the laboratory; the
network connection is as follows:

  • Server C can only connect to the local area network and the bastion host B, and cannot access the laboratory host A
  • The bastion host B can connect to the local area network and the laboratory host A, but cannot access the external network, such as baidu.
  • Host A can log in to server C through bastion host B, and can access the external network normally.

Then my requirement is that server C can connect to the external network so that some software can be installed.

Required software

  • Bastion machine B: need to install socat
  • Lab host A: Squid needs to be installed

Use squid to build a first-level agent on laboratory host A

This is built under the lab host A, ubuntu20.04

  1. Install squid
sudo apt-get update
sudo apt-get install squid
  1. Change configuration file
sudo vim /etc/squid/squid.conf
  • Will http_port 3128change the port you want, if you do not want squid to modify the contents of the request and the like, you can add transparent in the back. For example, here ishttp_port 6666 transparent
  • Will http_access deny allchangehttp_access allow all
  1. Restart squid
sudo systemctl restart squid

Restarting is relatively slow, so the first-level agent is set up, and no password is configured.

Use socat to build a relay agent on the bastion machine

Since server C cannot directly access the first-level agent on the laboratory host A, it also needs to use the bastion host as a relay.

  1. Install socat, because someone has already installed it on my bastion machine, it should be yum install socat.
  2. Start the relay agent: the nohup socat TCP4-LISTEN:监听端口,reuseaddr,fork TCP4:主机A的IP:6666>> /root/socat.log 2>&1 &
    above listening port to ensure that it is not occupied

Use proxy on server C

export http_proxy=http://堡垒机B局域网地址:监听端口
export http_proxy=http://堡垒机B局域网地址:监听端口

Authentication agent

curl www.baidu.com

return

<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=http://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn"></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=http://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&amp;tpl=mn&amp;u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>关于百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>&copy;2017&nbsp;Baidu&nbsp;<a href=http://www.baidu.com/duty/>使用百度前必读</a>&nbsp; <a href=http://jianyi.baidu.com/ class=cp-feedback>意见反馈</a>&nbsp;京ICP证030173号&nbsp; <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>

carry out

Guess you like

Origin blog.csdn.net/Fei20140908/article/details/111800929
Recommended
Domestic cloud input method - only Huawei has no cloud data upload security issues
Open Source Daily | Industrial open source project OGG 1.0; Sister, do you want to configure Firefox with me? Apple AI is far behind? Fedora 40
Ranking
Deploy Tomcat (Web) services Comments
jquery: event mechanism bind() on()
The simple and easy-to-understand basic encapsulation module makes Web testing easier!
Oracle Database on Linux solutions Chinese garbled
Talk about the REST API of Eureka Server
Instructions for companies applying for ISO certification
Spring mvc framework adds encryption/decryption of messages
Transport layer protocol-introduction of TCP protocol and the process of three-way handshake and four-time disconnection, and the difference with UDP protocol
MockMvc and Mockito - java.lang.AssertionError: JSON path "$" Expected: a collection with size <2> but: collection size was <0>
Redis cluster creation
Daily
More
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)

Code World

© 2018 codetd.com