CentOS 配置squid代理服务

|

2019-11-02 23:12

|

722

|

0

需求

根据某运营商项目需求，服务器通常规划于DMZ及核心两块网络环境中，顾名思义，核心域是非常重要的，一般用于部署数据库及存储服务器不提供任何外网访问权限，而DMZ域中可以一对一或一对多的方式进行端口映射从而提供网络服务，那么位于核心域中的服务器基本环境的纯内网部署就成为了首要问题，通常情况下可以采用挂载本地镜像源的方式部署基本服务，而其他服务则需要离线部署环境包或者编译方式进行安装，实为不方便，那么我们可以通过squid 代理服务代理一部分的网络访问便于后期部署及更新工作。

环境

有外网访问权限的服务器A：192.168.0.202
无外网访问权限的服务器B：192.168.0.203

root@nginx~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@nginx~]# rpm -qa | grep squid #Squid 版本
squid-migration-script-3.5.20-12.el7_6.1.x86_64
squid-3.5.20-12.el7_6.1.x86_64

在有外网访问权限的服务器A上部署squid 代理服务

[root@nginx~]# yum -y install squid

编辑 squid 的主配置文件 /etc/squid/squid.conf

http_port 3128
cache_mem 64 MB
maximum_object_size 4 MB
cache_dir ufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log
acl localnet src 192.168.0.0/24 #允许通过代理的地址段
http_access allow localnet
http_access deny all

[root@nginx~]# systemctl start squid && systemctl enable squid #启动服务及配置开机自启

在无外网访问权限的服务器B上配置代理信息

配置环境变量

export http_proxy=192.168.0.202:3128

## 无外网访问权限的服务器B通过代理上网
[root@mysql ~]# ping www.baidu.com
ping: www.baidu.com: Name or service not known
[root@localhost ~]# curl www.baidu.com
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=http://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.css><title>百度一下，你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn"></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=http://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>关于百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>©2017 Baidu <a href=http://www.baidu.com/duty/>使用百度前必读</a>  <a href=http://jianyi.baidu.com/ class=cp-feedback>意见反馈</a> 京ICP证030173号  <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>

squid服务端抓包看下情况

[root@nginx~]# tcpdump host 192.168.0.203
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:11:09.851706 IP 192.168.0.203.34638 > localhost.localdomain.squid: Flags [S], seq 538643763, win 29200, options [mss 1460,sackOK,TS val 256455018 ecr 0,nop,wscale 7], length 0
23:11:09.851815 IP localhost.localdomain.squid > 192.168.0.203.34638: Flags [S.], seq 4077638754, ack 538643764, win 28960, options [mss 1460,sackOK,TS val 278226035 ecr 256455018,nop,wscale 7], length 0
23:11:09.852265 IP 192.168.0.203.34638 > localhost.localdomain.squid: Flags [.], ack 1, win 229, options [nop,nop,TS val 256455018 ecr 278226035], length 0
23:11:09.852305 IP 192.168.0.203.34638 > localhost.localdomain.squid: Flags [P.], seq 1:128, ack 1, win 229, options [nop,nop,TS val 256455018 ecr 278226035], length 127
23:11:09.852317 IP localhost.localdomain.squid > 192.168.0.203.34638: Flags [.], ack 128, win 227, options [nop,nop,TS val 278226036 ecr 256455018], length 0
23:11:09.881000 IP localhost.localdomain.squid > 192.168.0.203.34638: Flags [P.], seq 1:544, ack 128, win 227, options [nop,nop,TS val 278226065 ecr 256455018], length 543
23:11:09.881071 IP localhost.localdomain.squid > 192.168.0.203.34638: Flags [P.], seq 544:2925, ack 128, win 227, options [nop,nop,TS val 278226065 ecr 256455018], length 2381
23:11:09.881497 IP 192.168.0.203.34638 > localhost.localdomain.squid: Flags [.], ack 544, win 237, options [nop,nop,TS val 256455045 ecr 278226065], length 0
23:11:09.881510 IP 192.168.0.203.34638 > localhost.localdomain.squid: Flags [.], ack 2925, win 274, options [nop,nop,TS val 256455045 ecr 278226065], length 0
23:11:09.881682 IP 192.168.0.203.34638 > localhost.localdomain.squid: Flags [F.], seq 128, ack 2925, win 274, options [nop,nop,TS val 256455045 ecr 278226065], length 0
23:11:09.881771 IP localhost.localdomain.squid > 192.168.0.203.34638: Flags [F.], seq 2925, ack 129, win 227, options [nop,nop,TS val 278226065 ecr 256455045], length 0
23:11:09.882124 IP 192.168.0.203.34638 > localhost.localdomain.squid: Flags [.], ack 2926, win 274, options [nop,nop,TS val 256455046 ecr 278226065], length 0
23:21:08.871943 ARP, Request who-has 192.168.0.203 tell gateway, length 46