Squid实现代理上网
Squid
说明 squid是一款高效的http代理服务器程序,而且更经常被用来做缓存服务器。 官网:http://www.squid-cache.org
这里是给纯内网机器实现上网功能
环境
系统: Ubuntu20.0.4
上网机器
ens33 可以上网
ens34 纯内网
root@out-test:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:79:d3:4e brd ff:ff:ff:ff:ff:ff
inet 172.0.0.100/24 brd 172.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe79:d34e/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:79:d3:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.100/24 brd 192.168.0.255 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe79:d358/64 scope link
valid_lft forever preferred_lft forever
没有做NAT转发
root@out-test:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
内网机器
root@in-test:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:73:bd:da brd ff:ff:ff:ff:ff:ff
inet 192.168.0.200/24 brd 192.168.0.255 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe73:bdda/64 scope link
valid_lft forever preferred_lft forever
网卡配置
root@in-test:~# cat /etc/netplan/00-installer-config.yaml
network:
ethernets:
ens34:
dhcp4: no
addresses:
- 192.168.0.200/24
nameservers:
addresses: [8.8.8.8,8.8.4.4]
version: 2
安装squid
上网机器
# 安装
apt-get install squid3
# 查看版本
squid3 -v
配置文件
cat /etc/squid/squid.conf
# 定义本地网络范围为192.168.0.0/24
acl localnet src 192.168.0.0/24
# 允许本地网络和 localhost 访问代理
http_access allow localnet
http_access allow localhost
# 禁止所有其他访问
http_access deny all
# Squid 监听的端口
http_port 3128
# 允许 SSL/HTTPS
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access allow CONNECT SSL_ports
重启
systemctl restart squid.service
使用
内网机器
# 写入到 /etc/profile
export http_proxy="http://192.168.0.100:3128"
export https_proxy="http://192.168.0.100:3128"
效果
内网机器
root@in-test:~# curl https://www.baidu.com
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta conss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.cden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input t=wd class=s_ipt value maxlength=255 autocomplete=off autofocus=autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 clahttp://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=https://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baij_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponenz_come=1")+ '" name="tj_login" class="lb">登录</a>');
</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=f <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>©2017 Baidu <a href=http://www.baidu.com/duty/>使用百度前必读</a> <a 30173号 <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>
外网机器
root@out-test:~# tail -f /var/log/squid/access.log
1721285751.863 257 192.168.0.200 TCP_REFRESH_UNMODIFIED/304 426 GET http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease - HIER_DIRECT/91.189.91.81 -
1721285752.124 260 192.168.0.200 TCP_MISS/304 420 GET http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease - HIER_DIRECT/91.189.91.81 -
1721285752.428 302 192.168.0.200 TCP_MISS/304 420 GET http://archive.ubuntu.com/ubuntu/dists/focal-security/InRelease - HIER_DIRECT/91.189.91.81 -
1721285773.438 2393 192.168.0.200 TCP_MISS/200 1243740 GET http://archive.ubuntu.com/ubuntu/pool/main/v/vim/vim_8.1.2269-1ubuntu5.23_amd64.deb - HIER_DIRECT/91.189.91.81 application/vnd.debian.binary-package
1721285775.823 2383 192.168.0.200 TCP_MISS/200 582202 GET http://archive.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_8.1.2269-1ubuntu5.23_amd64.deb - HIER_DIRECT/91.189.91.81 application/vnd.debian.binary-package
1721285778.603 2779 192.168.0.200 TCP_MISS/200 5880456 GET http://archive.ubuntu.com/ubuntu/pool/main/v/vim/vim-runtime_8.1.2269-1ubuntu5.23_all.deb - HIER_DIRECT/91.189.91.81 application/vnd.debian.binary-package
1721285778.895 292 192.168.0.200 TCP_MISS/200 88349 GET http://archive.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_8.1.2269-1ubuntu5.23_all.deb - HIER_DIRECT/91.189.91.81 application/vnd.debian.binary-package
1721286116.269 1362 192.168.0.200 TCP_TUNNEL/200 8247 CONNECT www.baidu.com:443 - HIER_DIRECT/103.235.47.188 -
1721286549.203 356 192.168.0.200 TCP_TUNNEL/200 8218 CONNECT www.baidu.com:443 - HIER_DIRECT/183.2.172.42 -
1721287417.978 370 192.168.0.200 TCP_TUNNEL/200 8247 CONNECT www.baidu.com:443 - HIER_DIRECT/183.2.172.42 -
还能使用 apt 进行安装软件等