1. What is a proxy server? The so-called proxy server refers to a program that represents an external server that connects the Internet WWW resource representing the internal private network. Customers are talking to the proxy server, which receives the customer request, then connects the real server, requests the data and returns the response data to the customer. The proxy server has played an intermediate transfer. In the proxy method, the private network's packets never enter the Internet directly, but to process processes. Similarly, the data of the external network cannot directly enter the private network, but to reach the private network after proxy processing, there can be access control, address transition, and so on. Currently, there are many proxy software software, such as Netscape Suit Proxy, MS Proxy, Wingate, Squid, etc. These proxy servers can not only play the role of firewalls, but also accelerate local area network users to Internet access, because the proxy server has a large buffer, saving each page, and directly access the page next time Put out from the buffer without having to access the original server again. 2. What is a transparent agent? Transparent in transparent agent technology refers to the existence of the client does not feel the agent. It is not necessary to set any agents in the browser. The customer only needs to set the default gateway. The packet of the customer's access external network is sent to the default gateway. At this time, the default gateway runs with a proxy server. The data is actually redirected to the proxy port (such as 8080), that is, the required data is requested from the local proxy server and then copies to the client. Theoretically transparent agent can be universal for any protocol. However, in this case the client must set up the DNS server correctly. Because the browser does not set any agents. Then the DNS query must be parsed by browser, that is, the correct DNS server must be set by the client in TCP / IP, which is completed DNS resolution. For example: Accessing the Web site on the Internet from a private network.
The private network address is 192.168.1. *, Where the client is 192.168.1.100, the firewall machine network card is 192.168.1.1. Transparent web agents are installed on firewall machines and configure ports 8080. The kernel uses iptables to redirect the connection to the firewall port 80 to the proxy service. The Netscape on the private web is configured to directly connect. A private network client requires a DNS server. The default route for private networks (alias gateways) point to firewall machines. Netscape on the client machine accesses http://slashdot.org.
1.Netscape By looking for "slashdot.org", get its address is 207.218.152.131. Then it uses port 1050 to establish a connection with this address and issue a request to the Web site. 2. When the package is sent by the client (Port 1050) to Slashdot.org (Port 80) via a firewall, they redirect 8080 ports to the proxy service. The transparent agent uses port 1025 and 207.218.152.131 port 80 (this is the original package of the destination address). 3. When the agent service receives the page from the Web site, copy it to Netscape by the established connection. 4. Netscape Displays this page. 5. From the perspective of SlashDot.org, the connection is port 80 of ports 1025 to 207.218.152.131 of 1.2.3.4 (dial-up IP address). From the perspective of the client, the connection is port 80 that is connected from 192.168.1.100 (client) port 1050 (Slashdot.org), but it is actually dialogue with the transparent proxy server. This is the operation process of the transparent agent. 3. Nuclear compilation Generally speaking, the machine where the transparent agent is located is often the entrance to the entire local area network, so the machine often needs to configure firewall rules to protect internal networks. Therefore, in the compile core, we must consider compiling firewall support options. Generally speaking, open as follows when using the make menuconfig command configuration:?
[*] NetWorking support ?? [*] sysctl support ?? [*] network packet filtering ?? [*] TCP / IP networking ?? [*] / proc filesystem support ?? [*] kernel / user netlink socket ?? [*] NetLink Device Emulation ?? [*] Connection Tracking (Required for Masq / Nat) ?? [*] FTP Protocol Support? [*] IP Tables Support (Required for Filtering / Masq / Nat)? <*> Limited match Support ?? [*] MAC Address Match Support ?? [*] Netfilter Mark Match Support? [*] TOS Match Support ?? [*] Connection State Match Support ?? [*] packet Filtering? [*] REJECT TARGET Support? [*] Full Nat ?? [*] Masquerade Target Support ?? [*] redirect target support ?? [*] packet mangling ?? [*] TOS TARGET Support ?? [*] Mark Target Support? [*] Log target support then make dep; make clean; make bzimage command to compile the kernel. If you are using the module, you also need to use the following command to generate and install the module Make Make Mook; make MODULES-INSTALL. Copy System.map to the / Boot directory, copy the / usr / src / linux / arch / i386 / boot / bzimage into the / boot directory and changed to VMLinuz-2.4.7. Finally, install the new kernel and restart: lilo; shutdown -r now. ? 4.SQUID installation configuration download: You can download from Squid main website:? Http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.stable1-src.tar.gz can also be from local Download:? Http://www.linuxaid.com.cn/download/solution/squid-2.4.stable1-src.tar.gz Edit Installation: •
Root @ proxy src] # tar xvfz squid-2.4.stable1-src.tar.gz? [root @ proxy src] # cd squid-2.4.stable1? [root @ proxy src] # ./configure? [root @ proxy src ] # Make All? [Root @ proxy src] # make install configuration: edit /usr/local/squid/etc/squid.conf, modify the following, make sure the following configuration:?
httpd_accel_host virtual ?? httpd_accel_port 80 ?? httpd_accel_with_proxy on ?? httpd_accel_uses_host_header on ?? cache_effective_user nobody ?? cache_effective_group nobody ?? http_access allow all? (all http_access commands are commented out, leaving only this, in fact, strictly speaking should only limit Allow local area network users to use the agent, specifically refer to the content of the Access Control Lists in the Squid manual to limit the access agent)? Cache_dir ufs / usr / local / squid / cache 100 16 256? Cache_dir type directory-name mbytes level-1 level2 (Description : Specify the size of the Squid to store the swap space of the object and its directory structure. You can use multiple cache_dir commands to define multiple such swap spaces, and these swap spaces can be distributed differently from different disk partitions. "Directory" indicates that the exchange Space top-level directory. If you want to use the entire disk as a swap space, you can use the directory as a load point to go up the entire disk mount. Default value /var/spool/squid."mbytes defines the available space Target it is that the Squid process must have read and write power to the directory. "Level-1" is the number of first-level subdirectories that can be established in this top-level directory, the default value is 16. Similarity "Level-2" is the number of the second-level catalog that can be created. The default is 256. Why do so many subdirectorys? This is because if the subdirectory is too small, it is stored in a subdirectory. The number of files will greatly increase, which will also cause the system to find a certain file to increase, so that the overall performance of the system has dropped sharply. So, in order to reduce the number of files in each directory, we must increase the number of directories used. If only one-level subdirectory is used, the number of subdirectory in the top-level directory is too big, so we use the two-level subdirectory structure. So how do you determine the number of sub-directory you need your system? We can use the following The formula is estimated.
DS = available exchange space (unit KB) / exchange space Number OS = Average size of each object = 20K NO = Average number of objects stored in each secondary subdirectory = 256 Unknown quantity:
L1 = number of primary subdirectory L2 = number of secondary subdirectory Calculation formula: L1 x l2 = DS / OS / NO (Note This is an unknown equation, there can be multiple solutions) and create a cache subdirectory and modify it Directory owner is Nobody:
? [root @ proxy Squid] # / usr / local / squid / cache? [root @ proxy squid] # chown nobody: nobody / usr / local / squid / cache
Modify the owner of the Squid record directory to allow Squid access: • [root @ proxy squid] # chown nobody: noBody / usr / local / squid / logs Last start Squid :? [root @ iptable logs] # / usr / local / squid / Bin / Runcache & View Procedures: (Linux Knowledge Treasure)
