设置Squid的目的当你在企业内部,Internet断掉的情况下,你可以默认路由走别的路径出去,比如从Squid 所在网络出口出去
Part 1. restart the squid service
the squid path is working in /usr/local/squid/sbin/squid Configuration file /usr/local/squid/etc/squid.conf
sudo ./squid -s <--- start the process sudo ./squid -k reconfigure <----to reload the proces
Part 2, Setup the squid on Redhat
1 . Linux system with gcc compiler and yum function
-
sudo ./configure sudo make sudo make install
-
setup the conf file. configuration file /usr/local/squid/etc/squid.conf
add acl local src 135.36.0.0/16 *Adapt localnet in the ACL section to list your (internal) IP networks
-
from where browsing should be allowed http_access allow localnet http_access allow localhost #*And finally deny all other access to this proxy http_access deny all
-
Squid normally listens to port 3128 #http_port 3128
http_port 8000
#*Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256 cache deny all <--- do not use cache mode
- we are using port 8000, you can see that sudo netstat -tulnp |grep squid
-
change the /usr/local/squid/var to 777, so nobody account can read and write log to /usr/local/squid/var/logs/ sudo chmod -Rvf 777 /usr/local/squid/var
-
shutdown the firewall, sudo service iptables stop and sudo chkconfig iptables off and make sure the firewall allow network to communication with this DMZ zone server
-
add to startup script so the squid service will auto start after the system start -bash-4.1$ cat /etc/rc.local
#!/bin/sh
#*This script will be executed after all the other init scripts.
- You can put your own initialization stuff in here if you don't
- want to do the full Sys V style init stuff. touch /var/lock/subsys/local /usr/local/squid/sbin/squid -s
-
add cron job to nobody account so to rotate the log sudo crontab -u nobody -e
0 4 * * * /usr/local/squid/sbin/squid -k rotate <--- add this line
-
sudo ./squid -s <--- start the process
/usr/local/squid/bin/squidclient -p 8000 http://www.google.com <----test if squid is working