实验环境
主机用途 | IP |
---|
客户端 | 10.10.100.11 |
网关 | 10.10.100.12 ,192.168.65.160 |
网站 | 192.168.65.161 |
客户端配置
网关配置
sysctl -w net.ipv4.ip_forward=1
- 2.配置squid代理
- nano /etc/squid/squid.conf
http_port 3128
http_port 3129 intercept
http_access allow all #为了方便起见允许了全部规则(偷个懒~~)
- 3.配置iptable规则(重定向流量,允许端口)
ip add
以下环境非实验环境的图片 仅供参考~~🤭
iptables -t nat -I PREROUTING -i ens37 -s 10.10.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3129
iptables -t nat -I PREROUTING -i eth37 -s 10.10.100.0/24 -p tcp --dport 443 -j REDIRECT --to 3129
iptables -I INPUT -p tcp --dport 3129 -j ACCEPT
网站配置
route add default gw 192.168.65.160
测试
- 客户端是否能ping通网站(如果没做特殊配置的话)
- 网页测试
注意事项
配置内帮助文档
# TAG: http_port
# Usage: port [mode] [options]
# hostname:port [mode] [options]
# 1.2.3.4:port [mode] [options]
#
# The socket addresses where Squid will listen for HTTP client
# requests. You may specify multiple socket addresses.
# There are three forms: port alone, hostname with port, and
# IP address with port. If you specify a hostname or IP
# address, Squid binds the socket to that specific
# address. Most likely, you do not need to bind to a specific
# address, so you can use the port number alone.
#
# If you are running Squid in accelerator mode, you
# probably want to listen on port 80 also, or instead.
#
# The -a command line option may be used to specify additional
# port(s) where Squid listens for proxy request. Such ports will
# be plain proxy ports with no options.
#
# You may specify multiple socket addresses on multiple lines.
#
# Modes:
#
# intercept Support for IP-Layer NAT interception delivering
# traffic to this Squid port.
# NP: disables authentication on the port.
#
# tproxy Support Linux TPROXY (or BSD divert-to) with spoofing
# of outgoing connections using the client IP address.
# NP: disables authentication on the port.
#
# accel Accelerator / reverse proxy mode
#
# ssl-bump For each CONNECT request allowed by ssl_bump ACLs,
# establish secure connection with the client and with
# the server, decrypt HTTPS messages as they pass through
# Squid, and treat them as unencrypted HTTP messages,
# becoming the man-in-the-middle.
#
# The ssl_bump option is required to fully enable
# bumping of CONNECT requests.
#
# Omitting the mode flag causes default forward proxy mode to be used.
<-_
---
#标签:http_port
#使用:端口[模式][选项]
#主机名:port [mode] [options]
# 1.2.3.4:端口[模式][选项]
#
Squid监听HTTP客户端的套接字地址
#请求。
您可以指定多个套接字地址。
有三种形式:单独端口、带端口的主机名和
#带端口的ip地址。
如果您指定了主机名或IP
Squid将套接字绑定到特定的
#地址。
很可能,您不需要绑定到特定对象
# address,这样您就可以单独使用端口号。
#
#如果你在加速器模式下运行Squid,你会
#可能也想监听端口80,或者相反。
#
# -a命令行选项可以用来指定额外的
Squid监听代理请求的端口。
这样的港口
#使用没有选项的普通代理端口。
#
可以在多行中指定多个套接字地址。
#
#模式:
#
# intercept支持ip层NAT拦截交付
Squid港口的交通。
# np:在端口上禁用认证。
#
# TPROXY支持Linux TPROXY(或BSD转到)与欺骗
使用客户端IP地址的外出连接的编号。
# np:在端口上禁用认证。
#
#加速加速器/反向代理模式
#
# ssl-bump for每个连接请求允许的ssl_bump acl,
#与客户端建立安全连接
#服务器,解密通过的HTTPS消息
# squid,并将其视为未加密的HTTP消息,
#成为中间人。
#
# ssl_bump选项需要完全启用
#碰撞连接请求。
#
#省略mode标志将导致使用默认的转发代理模式。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)