Experimental schematics
Step 1: Configure squid proxy server
#远程共享并挂载源码包
[root@squid ~]# smbclient -L //192.168.142.1
[root@squid ~]# mount.cifs //192.168.142.1/squid /mnt
#解压源码包
[root@squid ~]# cd /mnt
[root@squid mnt]# tar zxvf squid-3.4.6.tar.gz -C /opt
#安装编译环境
[root@squid mnt]# yum install gcc gcc-c++ make -y
#切入源码包目录
[root@squid mnt]# cd /opt/squid-3.4.6/
#配置configure组件项
[root@squid squid-3.4.6]# ./configure --prefix=/usr/local/squid \
>--sysconfdir=/etc \
>--enable-arp-acl \
>--enable-linux-netfilter \
>--enable-linux-tproxy \
>--enable-async-io=100 \
>--enable-err-language="Simplify_Chinese" \
>--enable-underscore \
>--enable-poll \
>--enable-gnuregex
#编译与安装
[root@squid squid-3.4.6]# make && make install
#建立服务命令软链接到系统中,便于管理
[root@squid squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin
#添加程序用户
[root@squid squid-3.4.6]# useradd -M -s /sbin/nologin squid
#修改服务目录的属主和属组
[root@squid squid-3.4.6]# chown -R squid.squid /usr/local/squid/var
#修改squid.conf配置文件
[root@squid squid-3.4.6]# vim /etc/squid.conf
http_port 3128
#在3128端口条目下追加以下条目
#指定缓存功能所使用的内存空间大小,建议设为物理内存的1/4
cache_mem 64 MB
#允许用户下载最大文件大小
reply_body_max_size 10 MB
#允许保存到缓存空间的站点对象大小
maximum_object_size 4096 KB
#添加程序用户
cache_effective_user squid
#添加用户组
cache_effective_group squid
#检查配置文件语法
[root@squid squid-3.4.6]# squid -k parse
#初始化缓存目录
[root@squid squid-3.4.6]# squid -z
#启动服务
[root@squid squid-3.4.6]# squid
#查看服务端口状态
[root@squid squid-3.4.6]# netstat -ntap | grep squid
tcp6 0 0 :::3128 :::* LISTEN 31862/(squid-1)
#切换启动进程目录
[root@squid squid-3.4.6]# cd /etc/init.d
#创建启动脚本
[root@squid init.d]# vim squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
start)
netstat -ntap | grep squid &> /dev/null
if [ $? -eq 0 ]
then
echo "squid is running"
else
echo "正在启动 squid...."
$CMD
fi
;;
stop)
$CMD -k kill &> /dev/null
rm -rf $PID &> /dev/null
;;
status)
[ -f $PID ] &> /dev/null
if [ $? -eq 0 ]
then
netstat -ntap | grep squid
else
echo "squid is not running"
fi
;;
restart)
$0 stop &> /dev/null
echo "正在关闭 squid..."
$0 start &> /dev/null
echo "正在启动 squid..."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法:$0{start|stop|reload|status|check|restart}"
;;
esac
#授予脚本执行权限
[root@squid init.d]# chmod +x squid
#添加脚本到service管理器
[root@squid init.d]# chkconfig --add squid
#添加服务开机自启动
[root@squid init.d]# chkconfig --level 35 squid on
#使用脚本可管理squid服务
[root@squid init.d]# service squid stop
[root@squid init.d]# service squid start
正在启动 squid....
[root@squid init.d]# netstat -ntap | grep squid
tcp6 0 0 :::3128 :::* LISTEN 48115/(squid-1)
#清除防火墙所有规则
[root@squid init.d]# iptables -F
#关闭增强型安全功能
[root@squid init.d]# setenforce 0
#设着防火策略,用以放通3128端口
[root@squid init.d]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPTStep Two: Configure the Web site server
[root@web ~]# systemctl stop firewalld.service
[root@web ~]# setenforce 0
[root@web ~]# yum install httpd -y
[root@web ~]# systemctl start httpdThe third step: Use the Client Access Web page
Use your browser to access 192.168.142.139
Step Four: Configure the client to use a proxy server, verify proxy service
1. Open the browser work menu, select "Internet Options" 
2. Select "LAN Settings", select "Use proxy server for your LAN" "and specify the server address and port 
3. Access 192.168.142.139 again
5. Back to the web server to view service logs, visible record is visiting address of the proxy server
[root@web ~]# vim /etc/httpd/logs/access_log
192.168.142.131 - - [04/Dec/2019:19:04:28 +0800] "GET /noindex/css/fonts/ExtraBold/OpenSans-ExtraBold.eot? HTTP/1.1" 404 248 "http://192.168.142.139/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"This shows that the traditional agency is using the address of the proxy server to access web services for Internet, when they were required to specify the server!
Squid is more than a traditional agency services, let's configure a transparent proxy service
Set Transparent Proxy
The first step: Configure your proxy card
1. Modify ens33 card information
[root@squid ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
#修改dhcp为static
BOOTPROTO=static
#末行追加IP地址、子网掩码和网关
IPADDR=192.168.100.1
NETMASK=255.255.255.0
[root@squid ~]# service network restart
Restarting network (via systemctl): [ 确定 ]2. Add the second card, and card information modification ens36
[root@squid ~]# cd /etc/sysconfig/network-scripts/
[root@squid network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@squid network-scripts]# vim ifcfg-ens36
#将33替换成36,并删除UUID条目
IPADDR=12.0.0.1
NETMASK=255.255.255.0
[root@squid network-scripts]# service network restart
Restarting network (via systemctl): [ 确定 ]3. Add the packet forwarding function as a gateway server
[root@squid network-scripts]# echo "1" >/proc/sys/net/ipv4/ip_forward4. Set up a firewall policy
#放通80端口,并重定向到3128代理端口
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
##放通https的443端口,并重定向到3128代理端口
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 443 -j REDIRECT --to 31285. Modify profile squid.conf
[root@squid ~]# vim /etc/squid.conf
#将原3128端口条目替换成以下条目,用以支持透明模式
http_port 192.168.100.1:3128 transparent6. overloaded agency services
[root@squid network-scripts]# service squid reloadStep two: Web server card information
[root@web ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
#修改dhcp为static
BOOTPROTO=static
#末行追加IP地址、子网掩码和网关
IPADDR=12.0.0.12
NETMASK=255.255.255.0
GATEWAY=12.0.0.1
[root@web ~]# service network restart
Restarting network (via systemctl): [ 确定 ]The third step: Use client access
1. Modify the address
2. Before setting cancel proxy service options 
3. Use your browser to access 12.0.0.12
4. Back to the web server to view service logs, visible record is visiting address outside the network card
12.0.0.1 - - [04/Dec/2019:22:41:39 +0800] "GET /noindex/css/fonts/ExtraBold/OpenSans-ExtraBold.eot? HTTP/1.1" 404 248 "http://12.0.0.12/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"Thus, transparent proxy is using an address outside the network card to access web services, through a matchmaker routing and firewall policy to the proxy server to access the Web from the directional handle!