[CentOS 5.6] squid ¸¦ ÀÌ¿ëÇÑ proxy ¼³Á¤ - ½ÇÀü v w f s
< CentOS squid ÇÁ·Ï½Ã ¼³Á¤ >
***** [ »çÀü Áغñ ] *****
squid ¼¹ö : ÀÎÅͳÝÀÌ µÇ´Â ¿ÜºÎ¸Á NIC (eth0), ÀÎÅͳÝÀÌ µÇÁö ¾Ê´Â ³»ºÎ¸Á NIC (eth1) Áغñ
Ŭ¶óÀ̾ðÆ® : ÀÎÅͳÝÀÌ µÇÁö ¾Ê´Â ³»ºÎ¸Á NIC (eth0) ¸¸ Áغñ
¾Ë¸Â°Ô ³×Æ®¿öÅ© ¼³Á¤À» Àâ¾ÆÁØ´Ù. ¿¹¸¦ µé¸é
- squid ¼¹ö -
ip link show (OS°¡ ÀνÄÇÏ°í ÀÖ´Â ³×Æ®¿öÅ© µð¹ÙÀ̽º¸¦ Ç¥½ÃÇØÁÖ´Â ¸í·É¾î)
cd /etc/sysconfig/network-scripts
vi ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.100.100
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=168.126.63.1
vi ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.16.0.100
NETMASK=255.255.255.0
service network restart
ifconfig
- Ŭ¶óÀ̾ðÆ® -
ip link show
cd /etc/sysconfig/network-scripts
vi ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.16.0.10
NETMASK=255.255.255.0
service network restart
ifconfig
À§¿Í °°Àº ¿¹½Ã·Î ³×Æ®¿öÅ© ¼³Á¤À» ÇØÁá´Ù¸é
squid ¼¹ö - ¿ÜºÎ¸Á(eth0) : 192.168.100.100 / ³»ºÎ¸Á(eth1) : 172.16.0.100
Ŭ¶óÀ̾ðÆ® - ¿ÜºÎ¸Á : ¾øÀ½ / ³»ºÎ¸Á(eth0) : 172.16.0.10
¸¸ÀÏ Å¬¶óÀ̾ðÆ®¿¡¼ ¿ÜºÎ¸ÁÀÌ µÇ´Â NIC °¡ ÀÖ´Ù¸é Å×½ºÆ®¸¦ À§ÇÏ¿© Àӽ÷Π¿ÜºÎ¸Á NIC ¸¦ ³»¸°´Ù.
¿¹) ifconfig eth0 down
ÀÌÁ¦ ¿ÜºÎ·Î ÀÎÅͳÝÀÌ µÇÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®¿¡¼ squid ¼¹ö¸¦ ÅëÇÏ¿© ÀÎÅͳÝÀÌ µÇ°Ô²û ¼³Á¤ Çغ¸°Ú´Ù.
***** [ squid ¼¹ö ] *****
yum install -y squid
vi /etc/squid/squid.conf
#http_access allow manager localhost (:34 ÁÖ¼®)
#http_access deny manager (:35 ÁÖ¼®)
http_access allow all (Ãß°¡)
http_port 3128 (:63 È®ÀÎ)
service squid start
netstat -nlpt | grep 3128
TCP_3128 Æ÷Æ® ¿ÀÇÂ
***** [ Ŭ¶óÀ̾ðÆ® ] *****
vi /etc/bashrc
export http_proxy=[squid¼¹öIP]:3128
export https_proxy=[squid¼¹öIP]:3128
source /etc/bashrc
Å×½ºÆ® : curl www.daum.net ¶Ç´Â wget www.daum.net ¶Ç´Â yum install -y °£´ÜÇÑÆÐÅ°Áö
(Âü°í1)
proxy ¼¹ö¸¦ ÅëÇÏ°Ô ¼³Á¤À» Çصµ ping 8.8.8.8 µî ¿ÜºÎ·Î ÇÎÀº ¾ÈµÊ
(Âü°í2)
¸¸ÀÏ http_access allow all ÀÌ ¾Æ´Ï¶ó ƯÁ¤ ¾ÆÀÌÇÇ ¶Ç´Â ´ë¿ª¿¡ ´ëÇؼ¸¸ Çã¿ëÀ» ÇÏ°í ½Í´Ù°í ÇÑ´Ù¸é
Çã¿ë ±×·ì ¼³Á¤À» ÇØÁà¾ßÇÔ ¾Æ·¡¿¡¼´Â Çã¿ëÇÒ ±×·ì¸íÀ» members ÇßÀ½.
vi /etc/squid/squid.conf (´Ù Áö¿ì°í ¾Æ·¡·Î ´ëü)
http_port 3128
acl members src [Ŭ¶óÀ̾ðÆ®IP]/32
http_access allow members
http_access deny all
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
-----------------------------------------------------
Ãß°¡·Î ¿ìºÐÅõ ¿¡¼ squid ¼¹ö ¼³Á¤ ÇÏ´Â ¹æ¹ýµµ Ãß°¡ÇÔ
-----------------------------------------------------
< Ubuntu 14.04 + squid3 ÇÁ·Ï½Ã ¼³Á¤ >
----- [ squid ¼¹ö ] -----
(squid ÆÐÅ°Áö ¼³Ä¡½Ã apt-get µµ ¹«¹æÇÏÁö¸¸ aptitude »ç¿ë ±ÇÀ¯)
sudo aptitude install -y squid3
sudo vi /etc/squid3/squid.conf
#http_access allow localhost manager (:1041 ÁÖ¼® ó¸®)
#http_access deny manager (:1042 ÁÖ¼® ó¸®)
http_access allow all (Ãß°¡)
http_port 3128 (:1461 È®ÀÎ)
sudo service squid3 restart
netstat -nlpt | grep 3128
TCP_3128 Æ÷Æ® ¿ÀÇÂ