设置 Squid 的目的当你在企业内部, Internet 断掉的情况下, 你可以默认路由走别的路径出去, 比如从 Squid 所在网络出口出去
- Part 1. restart the squid service
- the squid path is working in /usr/local/squid/sbin/squid
- Configuration file /usr/local/squid/etc/squid.conf
- sudo ./squid -s <--- start the process
- sudo ./squid -k reconfigure <----to reload the proces
- Part 2, Setup the squid on RedHat
- 1 . Linux system with gcc compiler and yum function
- sudo ./configure sudo make sudo make install
setup the conf file.
- configuration file /usr/local/squid/etc/squid.conf
- add acl local src 135.36.0.0/16
- *Adapt localnet in the ACL section to list your (internal) IP networks
- from where browsing should be allowed
- http_access allow localnet
- http_access allow localhost
- #*And finally deny all other access to this proxy
- http_access deny all
- Squid normally listens to port 3128
- #http_port 3128
- http_port 8000
- #*Uncomment and adjust the following to add a disk cache directory.
- #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
- cache deny all <--- do not use cache mode
- we are using port 8000, you can see that sudo netstat -tulnp |grep squid
- change the /usr/local/squid/var to 777, so nobody account can read and
- write log to
- /usr/local/squid/var/logs/
- sudo chmod -Rvf 777 /usr/local/squid/var
- shutdown the firewall, sudo service iptables stop and sudo chkconfig
- iptables off
- and make sure the firewall allow network to communication with this DMZ
- zone server
- add to startup script so the squid service will auto start after the system
- start
- -bash-4.1$ cat /etc/rc.local
- #!/bin/sh
- #This script will be executedafter* all the other init scripts.
- You can put your own initialization stuff in here if you don't
want to do the full Sys V style init stuff.
- touch /var/lock/subsys/local
- /usr/local/squid/sbin/squid -s
- add cron job to nobody account so to rotate the log
- sudo crontab -u nobody -e
- 0 4 */usr/local/squid/sbin/squid -k rotate <--- add this line
- sudo ./squid -s <--- start the process
- 9.
- /usr/local/squid/bin/squidclient -p 8000 http://www.google.com/ <----test if
- squid is working
来源: http://www.bubuko.com/infodetail-3098681.html