squid缓存服务器————透明代理

squid透明模式 配置双网卡，squid以网关的形式存在 在传统模式的基础上配置 https://blog.51cto.com/14557905/2481920 先给squid服务器加一块网卡

[root@squid init.d]# cd /etc/sysconfig/network-scripts/
[root@squid network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@squid network-scripts]# vim ifcfg-ens36
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens36"
DEVICE="ens36"
ONBOOT="yes"
IPADDR=192.168.10.1
NETMASK=255.255.255.0
[root@squid network-scripts]# systemctl restart network
[root@squid network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.247.206  netmask 255.255.255.0  broadcast 192.168.247.255
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.0  broadcast 192.168.10.255
[root@squid network-scripts]# vim /etc/sysctl.conf 
net.ipv4.ip_forward=1
[root@squid network-scripts]# sysctl -p
net.ipv4.ip_forward = 1

[root@web httpd]# ping 192.168.247.206
PING 192.168.247.206 (192.168.247.206) 56(84) bytes of data.
64 bytes from 192.168.247.206: icmp_seq=1 ttl=64 time=0.740 ms
64 bytes from 192.168.247.206: icmp_seq=2 ttl=64 time=0.802 ms
[root@web httpd]# route add -net 192.168.10.0/24 gw 192.168.247.206
[root@web httpd]# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.637 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.648 ms

[root@squid network-scripts]# ping 192.168.247.160
PING 192.168.247.160 (192.168.247.160) 56(84) bytes of data.
64 bytes from 192.168.247.160: icmp_seq=1 ttl=64 time=1.26 ms
64 bytes from 192.168.247.160: icmp_seq=2 ttl=64 time=0.521 ms

设置win10虚拟机的网段为192.168.10.0，网卡为仅主机模式 修改配置文件

[root@squid network-scripts]# vim /etc/squid.conf
http_port 192.168.10.1:3128 transparent
//修改，transparent 为透明模式
[root@squid network-scripts]# service squid stop
[root@squid network-scripts]# service squid start 
正在启动 squid...
[root@squid network-scripts]# netstat -natp | grep 3128
tcp        0      0 192.168.10.1:3128       0.0.0.0:*               LISTEN    

配置iptables规则 -t nat表 -I PREROUTING 进路由 -i 入口 -s 源地址 -p tcp协议 --dport 目标端口 -j 操作 REDIRECT重定向到 --to 3128端口

[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
[root@squid network-scripts]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT

win10客户机关闭手动代理，访问web