前不久为公司做了一个Squid Proxy Server测试,达到以下要求,供大家参考
1:NT4.0域用户认证, 只部分用户上internet网, 全部用户能上公司intranet.
2:网站过滤
3:on-access 防病毒, 病毒库升级速度快.
4:上网记录分析. 可以为经理级人员提供相关员工上网记录分析. 需密码验证.
5:mrtg流量分析
因为以下英文较简单,就没必要转成中文了
硬件配置
找了DELL台式机GX270,内存增至1GRAM, 一张网卡,放在公司firewall后边,default gateway设成firewall address
Redhat Linux 9.0 Installation
1:Insert the boot diskette into CD drive and reboot, Your BIOS settings may need to be changed to allow you to boot from the diskette or CD-ROM. After a short delay, a screen containing the boot: prompt should appear. Press ENTER continuous, Click Skip when prompt you to test the CD media.
2:Using your mouse select the relative option refer to the following for the installation:
Language Selection: English (English)
Keyboard Configuration: U.S. English
Mouse Configuration: PS/2
Installation Type: Server
Disk Partitioning Setup: Manually Partition with Disk Druid.
File System (ext3)SizeDescription
/boot 150MB
<swap> 2048MB
/ 5000MB
/var Remained space For proxy log
/cache1 10000MB For proxy cache
/cache2 10000MB For proxy cache
3:Boot Loader Configuration:
Network Configuration:
Eth0
IP address10.160.1.114
submask 255.255.252.0
Gateway 10.160.1.10
Primary DNS 10.160.1.1
10.160.1.3
Firewall Configuration: No Firewall
Additional language support: English (USA)
Time Zone Selection: Asia/ShangHai
Set Root Password: xxxxxxxx
Package Group Selection (included the following only):
Applications: Editors: Vim-enhanced only
Text-base Internet: Add Lynx
Servers:Server configuration tools: Default
Web Server: move squid only
Network Servers: Telnet-server only
Development tools: Default
Proceed with Install
Do not create boot disk
Install will complete and system will reboot.
seewo 回复于:2005-01-18 18:02:52Logon as root,add user: support,squid
#useradd -c "Remote support User" support
#passwd support
#useradd -g squid -s /bin/false -c "For Squid Only" squid
#chown –R squid.squid /cache1
#chown –R squid.squid /cache2
#chmod 770 /cache1
#chmod 770 /cache2
#mkdir /etc/squid
#vi /etc/rc.d/rc.local add: 因为公司DHCP的默认网关不是默认gateway,而是另外一台路由器,故在此增加本地路由
echo "" >/etc/issue
echo "" >/etc/issue.net
/sbin/hdparm -c 1 /dev/hda
touch /var/lock/subsys/local
/sbin/ip route add 10.0.0.0/8 via 10.160.1.21
/sbin/ip route add 172.160.0.0/12 via 10.160.1.21
/sbin/ip route add 192.168.0.0/16 via 10.160.48.21
#vi /etc/hosts add:在些增加内部某些主机的IP映射, 如下要用到的域名服务器, 可以多域.
Compile and Install Squid-2.5.STABLE7
Download squid2.5Stable7 and save it to /usr/local/src after connect internet:
#wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE7.tar.gz
#tar zxvf squid-2.5STABLE7.tar.gz
#./configure --prefix=/usr/local/squid --sysconfdir=/etc/squid --enable-auth=ntlm --enable-ntlm-auth-helpers=SMB --disable-internal-dns --enable-storeio=aufs,ufs --with-aufs-threads=32 --enable-cache-digests --enable-underscores --enable-removal-policies
#make
#make install
#make clean
#strip /usr/local/squid/sbin/squid
#strip /usr/local/squid/bin/squidclient
#strip /usr/local/squid/libexec/dnsserver
#strip /usr/local/squid/libexec/unlinkd
#strip /usr/local/squid/libexec/cachemgr.cgi
Delete Squid-2.5.STABLE7 folder and Squid-2.5.STABLE7.tar.gz
#mkdir /var/log/squid
#chown -R squid.squid /var/log/squid
Move the cache manager program to /var/www/cgi-bin/
#mv /usr/lib/squid/cachemgr.cgi /var/www/cgi-bin/cachemgr.cgi
Start the http and squid proxy server automatically during boot
#cp /usr/local/squid/sbin/squid /etc/init.d/squid
#ln –s /etc/rc.d/init.d/http /etc/rc3.d/S86httpd
#ln –s /etc/rc.d/init.d/squid /etc/rc3.d/S876squid
Modify /etc/httpd/conf/httpd.conf please refer to Appendix I;
Modify /etc/squid/squid.conf file please refer to Appendix II;
Create wpad.dat on /var/www/html Please refer to Appendix III.
Create swap space
#/etc/init.d/squid –z
Reboot
Appendix I:
/etc/httpd/conf/httpd.conf
Listen 10.160.1.114:8000
ServerAdmin Seewo@msn.com
ServerName ServerName:8000
AddType application/x-ns-proxy-autoconfig .dat
DocumentRoot /var/www/html
AccessFileName .htaccess
AllowOverride All
Appendix II:
/etc/squid/squid.conf
# NETWORK OPTIONS
http_port 10.160.1.114:80
http_port 10.160.1.114:8080
icp_port 0
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl localserver dst 10.160.1.0/255.255.252.0
no_cache deny localserver
# OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 256MB
cache_swap_low 93
cache_swap_high 95
maximum_object_size 20480 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LRU
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
cache_dir aufs /cache1 10000 16 123
cache_dir aufs /cache2 10000 16 123
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none<
