proxy server on centos6.3 x86_64

set network

wan  eth0

dhcp on  eth3

ip 192.168.0.1

netmask 255.255.240.0

#yum install dhcp

#nano /etc/dhcp/dhcpd.conf

#####Add Data in to files

——————————————————————————————-

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see ‘man 5 dhcpd.conf’
#
# create new
# specify domain name
option domain-name
“rc.com”;
# specify DNS’s hostname or IP address
option domain-name-servers
#ns.rc.com;
202.129.27.133,8.8.8.8;
# default lease time
default-lease-time 600;
# max lease time
max-lease-time 7200;
# this DHCP server to be declared valid
authoritative;
# specify network address and subnet mask
subnet 192.168.0.0 netmask 255.255.240.0 {
# specify the range of lease IP address
range dynamic-bootp 192.168.0.10 192.168.15.254;
# specify broadcast address
option broadcast-address 192.168.15.255;
# specify default gateway
option routers 192.168.0.1;
}
———————————————————————————————————————

#nano  /etc/sysconfig/dhcpd

DHCPDARGS=eth3

#service  dhcpd start

——————————————————————————————————————–

Install  Squid Proxy Server

#yum install squid

#nano  /etc/squid/squid.conf

###ADD Data to files

——————————————————————————————————————-

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl our_networks src 192.168.0.0/20
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow our_networks
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on “localhost” is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
#http_port 3128
http_port 3128 transparent
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 5000 16 256

cache_mem 400 MB
# LOGFILE OPTIONS
# —————————————————————————–
#  TAG: access_log
access_log /var/log/squid/access.log squid

#  TAG: cache_store_log
#Default:
# cache_store_log /var/log/squid3/store.log
cache_store_log none
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
visible_hostname 192.168.0.1
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320
——————————————————————————————————————-

#service squid start

Config Firwall

#yum install  iptables -y

#setup

————————————————————

Enable [*]Firewall

save ให้เรียบร้อย

————————————————————-

#service iptables start

#chkconfig iptables on

#service iptables restart

เข้าไปใน /home/admin
chmod a+x net.sh
./net.sh

ถ้ารัน script แล้วก็ตามด้วย
/etc/init.d/iptables save
/etc/init.d/iptables restart

 

หมายเหตุ ก่อนจะใช้คำสั่ง chmod a+x net.sh   ให้สร้างไฟล์นี้ก่อน

ข้อความใน script  net.sh เพิ่มข้อความนี้เข้าไปในไฟล์ net.sh

————————————————————————————————————————-

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -F
iptables -t mangle -F
iptables -t filter -F
iptables -X
iptables -A FORWARD -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -s 192.168.0.0/20 -o eth0 -j ACCEPT

iptables -t nat -A PREROUTING -i eth3 -p tcp –dport 80 -j REDIRECT –to-port 3128

iptables -A FORWARD -d 192.168.0.0/20 -m state –state ESTABLISHED,RELATED -i eth0 -j ACCEPT

iptables -t nat -I PREROUTING -i eth3 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
———————————————————————————————————————————-

reboot server

enjoy!!!!

Categories: ข่าวประชาสัมพันธ์, เขียนโปรแกรม | ใส่ความเห็น

เมนูนำทาง เรื่อง

แสดงความเห็นเกี่ยวกับเรื่องนี้

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / เปลี่ยนแปลง )

Twitter picture

You are commenting using your Twitter account. Log Out / เปลี่ยนแปลง )

Facebook photo

You are commenting using your Facebook account. Log Out / เปลี่ยนแปลง )

Google+ photo

You are commenting using your Google+ account. Log Out / เปลี่ยนแปลง )

Connecting to %s

บลอกที่ WordPress.com .

%d bloggers like this: