squid实现透明网关若干经验总结
来源:互联网 发布:房屋租赁java 编辑:程序博客网 时间:2024/05/18 03:27
转载地址:http://forum.ubuntu.org.cn/viewtopic.php?f=54&t=380694
实现步骤:
服务器一定要两块网卡,eth0连接外网,ip10.0.2.15,eth1连接内网,ip192.168.0.254
1、安装ubuntu11.04 server版,下载相应的iso文件,刻盘安装即可,不多言,最好单独分配一个分区,20G左右吧,用作squid cache文件存放;
2、安装squid,命令: sudo apt-get install squid3,默认安装的是3.1.11版本;
3、配置squid参数,sudo vi /etc/squid3/squid.conf,内容如下:
4、安装dns服务,sudo apt-get install dnsmasq
5、安装squidclient,sudo apt-get install squidclient
6、创建squid启动脚本文件squidstart.sh,内容如下:
7、赋予脚本执行权限,chmod 777 squicstart.sh
8、squid初始化,/usr/sbin/squid -z
9、把启动脚本加入rc.local,开机自动执行
sudo vi /etc/rc.local
在exit0之前加入一行:/home/username/squidstart.sh
10、优化服务器:
sudo vi /etc/sysctl.conf
在最后添加:
使设置生效:sudo /sbin/sysctl -p
客户端网络配置,可配置在DHCP服务器里面:
网关:192.168.0.254
DNS:192.168.0.254
实现效果:浏览器80端口走squid透明代理服务器,其他端口直通,非常便捷,可大大加快网络的访问速度。
查看squid代理运行状态命令:
查看半连接数命令:
服务器一定要两块网卡,eth0连接外网,ip10.0.2.15,eth1连接内网,ip192.168.0.254
1、安装ubuntu11.04 server版,下载相应的iso文件,刻盘安装即可,不多言,最好单独分配一个分区,20G左右吧,用作squid cache文件存放;
2、安装squid,命令: sudo apt-get install squid3,默认安装的是3.1.11版本;
3、配置squid参数,sudo vi /etc/squid3/squid.conf,内容如下:
代码:
http_port 192.168.0.254:3128 transparent
visible_hostname XXXProxySvr
cache_mgr admin@XXX.gov.cn
cache_mem 1000 MB
cache_swap_low 90
cache_swap_high 95
#maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
#memory_replacement_policy heap LFUDA
#cache_dir aufs /squidcache 8000 16 256
#cache_access_log none
cache_log none
#cache_store_log none
memory_pools on
memory_pools_limit 256 MB
dns_nameservers 192.168.0.254
hierarchy_stoplist cgi-bin ?
access_log none
#access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320 ignore-reload
coredump_dir /var/spool/squid
#acl all src 0.0.0.0/0
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access deny all
visible_hostname XXXProxySvr
cache_mgr admin@XXX.gov.cn
cache_mem 1000 MB
cache_swap_low 90
cache_swap_high 95
#maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
#memory_replacement_policy heap LFUDA
#cache_dir aufs /squidcache 8000 16 256
#cache_access_log none
cache_log none
#cache_store_log none
memory_pools on
memory_pools_limit 256 MB
dns_nameservers 192.168.0.254
hierarchy_stoplist cgi-bin ?
access_log none
#access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320 ignore-reload
coredump_dir /var/spool/squid
#acl all src 0.0.0.0/0
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access deny all
4、安装dns服务,sudo apt-get install dnsmasq
5、安装squidclient,sudo apt-get install squidclient
6、创建squid启动脚本文件squidstart.sh,内容如下:
代码:
#!/bin/bash
/usr/sbin/squid3
/sbin/sysctl -p
modprobe ip_tables
modprobe iptable_nat
modprobe iptable_filter
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/usr/sbin/squid3
/sbin/sysctl -p
modprobe ip_tables
modprobe iptable_nat
modprobe iptable_filter
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
7、赋予脚本执行权限,chmod 777 squicstart.sh
8、squid初始化,/usr/sbin/squid -z
9、把启动脚本加入rc.local,开机自动执行
sudo vi /etc/rc.local
在exit0之前加入一行:/home/username/squidstart.sh
10、优化服务器:
sudo vi /etc/sysctl.conf
在最后添加:
代码:
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established =900
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.conf.all.proxy_arp = 1
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.conf.all.proxy_arp = 1
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
使设置生效:sudo /sbin/sysctl -p
客户端网络配置,可配置在DHCP服务器里面:
网关:192.168.0.254
DNS:192.168.0.254
实现效果:浏览器80端口走squid透明代理服务器,其他端口直通,非常便捷,可大大加快网络的访问速度。
查看squid代理运行状态命令:
代码:
/usr/bin/squidclient -h 192.168.0.254 -p 3128 mgr:info
查看半连接数命令:
代码:
netstat -ant|grep -i time_wait |wc -l
_________________
评价: 5.26% wayoca
页首
2 楼 文章标题 : Re: squid实现透明网关若干经验总结
发表于 : 2012-07-12 9:53 实际运行状态:
代码:
root@XXX:/home/XXXX# /usr/bin/squidclient -h 192.168.0.254 -p 3128 mgr:info
HTTP/1.0 200 OK
Server: squid/3.1.11
Mime-Version: 1.0
Date: Thu, 12 Jul 2012 01:50:56 GMT
Content-Type: text/plain
Expires: Thu, 12 Jul 2012 01:50:56 GMT
Last-Modified: Thu, 12 Jul 2012 01:50:56 GMT
X-Cache: MISS from XXXXProxySvr
X-Cache-Lookup: MISS from AESOPProxySvr:3128
Via: 1.0 XXXXProxySvr (squid/3.1.11)
Connection: close
Squid Object Cache: Version 3.1.11
Start Time: Wed, 11 Jul 2012 04:54:36 GMT
Current Time: Thu, 12 Jul 2012 01:50:56 GMT
Connection information for squid:
Number of clients accessing cache: 84
Number of HTTP requests received: 336641
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 268.0
Average ICP messages per minute since start: 0.0
Select loop called: 39560769 times, 1.905 ms avg
Cache information for squid:
Hits as % of all requests: 5min: 32.5%, 60min: 28.0%
Hits as % of bytes sent: 5min: 14.2%, 60min: 15.4%
Memory hits as % of hit requests: 5min: 80.9%, 60min: 73.2%
Disk hits as % of hit requests: 5min: 0.0%, 60min: 0.4%
Storage Swap size: 0 KB
Storage Swap capacity: 0.0% used, 0.0% free
Storage Mem size: 1014184 KB
Storage Mem capacity: 100.0% used, 0.0% free
Mean Object Size: 0.00 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.08265 0.05633
Cache Misses: 0.12106 0.09219
Cache Hits: 0.00000 0.00000
Near Hits: 0.14252 0.05046
Not-Modified Replies: 0.00000 0.00000
DNS Lookups: 0.03868 0.00190
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 75379.926 seconds
CPU Time: 651.250 seconds
CPU Usage: 0.86%
CPU Usage, 5 minute avg: 3.58%
CPU Usage, 60 minute avg: 3.18%
Process Data Segment Size via sbrk(): 1191672 KB
Maximum Resident Size: 4825360 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
Total space in arena: 1191804 KB
Ordinary blocks: 1179449 KB 30363 blks
Small blocks: 0 KB 0 blks
Holding blocks: 35100 KB 9 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 12354 KB
Total in use: 1214549 KB 99%
Total free: 12354 KB 1%
Total size: 1226904 KB
Memory accounted for:
Total accounted: 1132468 KB 92%
memPool accounted: 1132468 KB 92%
memPool unaccounted: 94435 KB 8%
memPoolAlloc calls: 72666571
memPoolFree calls: 74087498
File descriptor usage for squid:
Maximum number of file descriptors: 65535
Largest file desc currently in use: 626
Number of file desc currently in use: 367
Files queued for open: 0
Available number of file descriptors: 65168
Reserved number of file descriptors: 100
Store Disk files open: 0
Internal Data Structures:
49742 StoreEntries
49742 StoreEntries with MemObjects
49716 Hot Object Cache Items
0 on-disk objects
HTTP/1.0 200 OK
Server: squid/3.1.11
Mime-Version: 1.0
Date: Thu, 12 Jul 2012 01:50:56 GMT
Content-Type: text/plain
Expires: Thu, 12 Jul 2012 01:50:56 GMT
Last-Modified: Thu, 12 Jul 2012 01:50:56 GMT
X-Cache: MISS from XXXXProxySvr
X-Cache-Lookup: MISS from AESOPProxySvr:3128
Via: 1.0 XXXXProxySvr (squid/3.1.11)
Connection: close
Squid Object Cache: Version 3.1.11
Start Time: Wed, 11 Jul 2012 04:54:36 GMT
Current Time: Thu, 12 Jul 2012 01:50:56 GMT
Connection information for squid:
Number of clients accessing cache: 84
Number of HTTP requests received: 336641
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 268.0
Average ICP messages per minute since start: 0.0
Select loop called: 39560769 times, 1.905 ms avg
Cache information for squid:
Hits as % of all requests: 5min: 32.5%, 60min: 28.0%
Hits as % of bytes sent: 5min: 14.2%, 60min: 15.4%
Memory hits as % of hit requests: 5min: 80.9%, 60min: 73.2%
Disk hits as % of hit requests: 5min: 0.0%, 60min: 0.4%
Storage Swap size: 0 KB
Storage Swap capacity: 0.0% used, 0.0% free
Storage Mem size: 1014184 KB
Storage Mem capacity: 100.0% used, 0.0% free
Mean Object Size: 0.00 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.08265 0.05633
Cache Misses: 0.12106 0.09219
Cache Hits: 0.00000 0.00000
Near Hits: 0.14252 0.05046
Not-Modified Replies: 0.00000 0.00000
DNS Lookups: 0.03868 0.00190
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 75379.926 seconds
CPU Time: 651.250 seconds
CPU Usage: 0.86%
CPU Usage, 5 minute avg: 3.58%
CPU Usage, 60 minute avg: 3.18%
Process Data Segment Size via sbrk(): 1191672 KB
Maximum Resident Size: 4825360 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
Total space in arena: 1191804 KB
Ordinary blocks: 1179449 KB 30363 blks
Small blocks: 0 KB 0 blks
Holding blocks: 35100 KB 9 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 12354 KB
Total in use: 1214549 KB 99%
Total free: 12354 KB 1%
Total size: 1226904 KB
Memory accounted for:
Total accounted: 1132468 KB 92%
memPool accounted: 1132468 KB 92%
memPool unaccounted: 94435 KB 8%
memPoolAlloc calls: 72666571
memPoolFree calls: 74087498
File descriptor usage for squid:
Maximum number of file descriptors: 65535
Largest file desc currently in use: 626
Number of file desc currently in use: 367
Files queued for open: 0
Available number of file descriptors: 65168
Reserved number of file descriptors: 100
Store Disk files open: 0
Internal Data Structures:
49742 StoreEntries
49742 StoreEntries with MemObjects
49716 Hot Object Cache Items
0 on-disk objects
0 0
- squid实现透明网关若干经验总结
- 利用Squid搭建透明代理网关服务器
- Squid代理服务器&&搭建透明代理网关服务器
- Linux下squid搭建透明代理网关服务器
- 有关Oracle透明网关的若干使用方法介绍
- iptables NAT+squid实现透明代理
- 透明网关
- 透明网关
- 透明网关
- iptables网关(linuxBox)和squid(squidBox)不在同一台机器的时候,如何作透明代理?
- Trophie + HAVP + Squid 实现高效防毒网关(只针对HTTP)
- Trophie + HAVP + Squid 实现高效防毒网关(只针对HTTP)
- linux下代理服务器配置 用squid+iptables实现透明代理
- iptables+NAT+squid 透明代理上网实现方案
- iptables+NAT+squid 透明代理上网实现方案
- [ZT]squid中实现https的透明代理
- [经验总结]用python实现校园网IP网关登录工具
- 分布式系统若干经验总结
- 内容分发网络CDN自结
- android新手,开发环境配置
- 关于地图学的一些基础知识
- jQuery API .index()
- 在Android浏览器中通过WebView调用相机拍照/选择文件 上传到服务器
- squid实现透明网关若干经验总结
- 学习笔记-轻量级Java EE:模式--单例模式
- tomcat 301与java301
- vc中多线程注意事项
- FTP、FTPS和SFTP
- Tomcat给我的java.lang.OutOfMemoryError: PermGen
- IOS NSIndexSet的使用小节
- IOS多线程编程之Grand Central Dispatch(GCD)介绍和使用
- 数组排序
