Forward proxy server is located between the client and the origin server (origin server), in order to obtain the content from the origin server, the client transmits a request to the proxy and specify the destination (origin server), and then transmit the request to the proxy server and original content will get back to the client, the client can use the forward proxy.
Typical uses forward proxy is a way to provide access to the Internet is inside the firewall LAN clients. Forward proxy cushioning properties may also be used (provided by the mod_cache) reduce network usage. Forward proxy allows clients to access any site by hiding it and the client itself, so you have to take security measures to ensure that only authorized to service clients. And except that the reverse proxy, forward proxy is a typical end-user agent knows the way and take the initiative to use.
Borrowing know almost two graphs to explain the forward proxy: https://www.zhihu.com/question/24723688
effect
The original resource access can not be accessed, such as google
Do caching, to accelerate access to resources
For client access licensing, Internet authentication
Proxy can record user access records (access management), external users to hide information
General Agent
General Agent: instead of web services to access the public network for all hosts on the LAN, hosts on the LAN need to specify a proxy server in your browser, ip address and listening port number of the installation package squid
[root@ECS58979490c134 ~]# yum -y install squid
Edit the main configuration file /etc/squid/squid.conf
[root@ECS58979490c134 ~]# vim /etc/squid/squid.confhttp_port 3128 //squid默认监听的端口号cache_mem 8MB //默认缓存容量8MBcache_dir ufs /var/spool/squid 100 16 256 //设置缓存目录的大小,缓存文件的格式,大小100M,一级子目录16个,每个一级子目录下有256个二级子目录access_log /var/log/squid/access.log squid //访问日志文件,默认开启visible_hostname proxy.eflycloud.com //默认用环回口的主机名作为代理服务器的主机名。手动指定主机名时必须与物理接口绑定maximum_object_size //允许缓存数据的最大值。不设置时,不限制reply_body_max_size //允许通过代理服务器访问的最大目标对象http_access allow all //默认拒绝所有主机[root@ECS58979490c134 ~]# cat /etc/hosts127.0.0.1localhost.localdomain localhost::1 localhost6.localdomain6 localhost6192.168.1.254 proxy.eflycloud.com proxy //物理接口绑定主机名
Start Service
[root@ECS58979490c134 ~]# service squid start
init_cache_dir /var/spool/squid... Starting squid: .[ OK ]
[root@ECS58979490c134 ~]# netstat -anptu | grep :3128
Tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 10439/(squid)
The client browser proxy settings
Transparent Proxy
Transparent Proxy: clients do not need to specify a proxy server in the browser the machine's IP address and port to listen, give the client the impression that the public network directly with the inquiry. However, you need to specify the client or add transparent proxy server as a gateway.
Configure transparent proxy server
[root@ECS58979490c134 ~]# vim /etc/squid/squid.conf
http_port 3128 transparent //透明传输
[root@ECS58979490c134 ~]#service squid restart
Write firewall rules, the access request destination port is 80 to 3128 ports. If you do not specify a port is all requests will go to the 3128 port
[root@ECS58979490c134 ~]# service iptables start //开启防火墙服务
[root@ECS58979490c134 ~]#setup[root@ECS58979490c134 ~]# iptables -t filter -F //清空表filter防火墙规则
[root@ECS58979490c134 ~]# iptables -t nat -F //清空表nat防火墙规则
[root@ECS58979490c134 ~]# iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128 //PREROUTING 在路由之前,-i 数据包从哪个口进来,-s 源IP地址, –p 协议, –dport 目标端口, --to-ports 转到哪个端口
[root@ECS58979490c134 ~]# service iptables save //永久生效
The client interface to the network gateway point to the proxy server's ip address
[root@ECS58979490c164 ~]# route add default gw 192.168.1.254
Rui Jiang Yunguan website link: https://www.eflycloud.com/home?from=RJ0035