问题:局域网内目前有2台服务器,一台可以上网,另一台无法上网,目前解决此问题通过代理解决;
1、系统环境
操作系统:CentOS release 6.8 (Final)
Squid版本:squid-3.1.10-20.el6_5.3.x86_64
SELINUX=disabled #这个我没配置
HTTP Service: stoped #这个我没配置
2、安装Squid服务,squid我安装在192.168.0.15这个机器,还有一台不能上网的内网192.168.0.11;
检查squid软件是否安装
# rpm -qa|grep squid
如果未安装,则使用yum 方式安装
# yum -y install squid
设置开机自启动
//自动运行squid服务
chkconfig squid on
//建立缓存目录
squid -z
3、修改squid的配置文件
配置文件位置在:/etc/squid/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.0.11/18
acl SSL_ports port 443
# http
acl Safe_ports port 80
# ftp
acl Safe_ports port 21
# https
acl Safe_ports port 443
# gopher
acl Safe_ports port 70
# wais
acl Safe_ports port 210
# unregistered ports
acl Safe_ports port 1025-65535
# http-mgmt
acl Safe_ports port 280
# gss-http
acl Safe_ports port 488
# filemaker
acl Safe_ports port 591
# multiling http
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
# listens port 3128
http_port 3128
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
strip_query_terms off
visible_hostname 192.168.0.15
cache_mgr [email protected]
cache_store_log none
cache_access_log none
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
#下载文件最大128M
maximum_object_size 128 MB
#下载文件最大128M
maximum_object_size_in_memory 128 MB
dns_nameservers 8.8.8.8 8.8.4.4
client_lifetime 1 minutes
half_closed_clients off
fqdncache_size 65535
ipcache_size 65535
ipcache_low 90
ipcache_high 95
4、配置防火墙
vi /etc/sysconfig/iptables
#开放端口3128对所有ip
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
或者
#开放端口3128对指定ip
-A INPUT -s 192.168.0.11 -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT
重启 service iptables restart
启动:service squid start
重启:service squid restart
停止:service squid stop
5、配置内网其他机器代理上网,如内网192.168.0.11机器上配置yum可以使用代理
vi /etc/yum.conf
增加如下部分
proxy=:3128
proxy=:3128
proxy=ftp://192.168.0.15:3128
如下图:
yum命令在11机器就可以下载了
6、wget代理配置
打开vi /etc/wgetrc 文件
https_proxy = :80/
http_proxy = :80/
ftp_proxy = :80/
use_proxy = on
注意不要忘记写ftp_proxy, 否则在下载ftp内容时会无法解析