1. 首頁
  2. 問答
  3. Ubuntu 16.04:使用2個網卡配置Squid代理

Ubuntu 16.04:使用2個網卡配置Squid代理

2016-10-12 68 views
0

我試圖用兩個網卡設置Squid。我相信所有的東西都已經安裝好了,但它不能正常工作,是否有人能夠借給我一些幫助?Ubuntu 16.04:使用2個網卡配置Squid代理

我的配置:

的/ etc /網絡/接口

源/etc/network/interfaces.d/*

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto enp4s0 
iface enp4s0 inet static 
    address 192.168.1.115 
    netmask 255.255.255.0 
    network 192.168.1.0 
    broadcast 192.168.1.255 
    gateway 192.168.1.1 
    dns-nameserver 8.8.8.8 8.8.4.4 

auto enx00ee22aa05d2 
iface enx00ee22aa05d2 inet static 
    address 192.168.21.1 
    netmask 255.255.255.0

/etc/squid/squid.conf中

acl localnet src 192.168.21.0/24 # RFC1918 possible internal network 

acl SSL_ports port 443 
acl Safe_ports port 80  # http 
acl Safe_ports port 21  # ftp 
acl Safe_ports port 443  # https 
acl Safe_ports port 70  # gopher 
acl Safe_ports port 210  # wais 
acl Safe_ports port 1025-65535 # unregistered ports 
acl Safe_ports port 280  # http-mgmt 
acl Safe_ports port 488  # gss-http 
acl Safe_ports port 591  # filemaker 
acl Safe_ports port 777  # multiling http 
acl CONNECT method CONNECT 

# Deny requests to certain unsafe ports 
http_access deny !Safe_ports 

# Deny CONNECT to other than secure SSL ports 
http_access deny CONNECT !SSL_ports 

# Only allow cachemgr access from localhost 
http_access allow localhost manager 
http_access deny manager 

# Example rule allowing access from your local networks. 
# Adapt localnet in the ACL section to list your (internal) IP networks 
# from where browsing should be allowed 
#http_access allow localnet 
http_access allow localhost 

# And finally deny all other access to this proxy 
http_access deny all 

# Squid normally listens to port 3128 
http_port 3128 transparent 

#Default: 
access_log /var/log/squid/access.log 

# Leave coredumps in the first cache dir 
coredump_dir /var/spool/squid 

# 
# Add any of your own refresh_pattern entries above these. 
# 
refresh_pattern ^ftp:  1440 20% 10080 
refresh_pattern ^gopher: 1440 0% 1440 
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 
refresh_pattern (Release|Packages(.gz)*)$  0  20%  2880 
# example lin deb packages 
#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 
refresh_pattern .  0 20% 4320

的/etc/sysctl.conf

net.ipv4.ip_forward=1 
net.ipv6.conf.all.forwarding=1

/etc/iptables.up.rules

*nat -A PREROUTING -i enx00ee22aa05d2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.21.1:3128 -A PREROUTING -i enx00ee22aa05d2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -s 192.168.2.0/24 -o enp4s0 -j MASQUERADE COMMIT

的/etc/rc.local

iptables -t nat -A POSTROUTING -s 192.168.21.0/24 –o enp4s0 -j MASQUERADE

重新啓動魷魚服務器,連接到新的網絡,並獲得以下IP地址

IP address: 192.168.21.100 
Subnet: 255.255.255.0 
Router: 192.168.21.1

當您嘗試了 '捲曲http://www.google.co.uk' 你會得到如下

捲曲:(6)無法解析主機:www.google.co.uk

任何人都可以建議對這個?

感謝您的幫助

來源

2016-10-12 JustheDev

回答

0

你要爲第二個網卡「enx00ee22aa05d2」成爲別人的主網關控制?如果是這樣的話,你需要像下面這樣設置一個網關:

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto enp4s0 
iface enp4s0 inet static 
    address 192.168.1.115 
    netmask 255.255.255.0 
    network 192.168.1.0 
    broadcast 192.168.1.255 
    gateway 192.168.1.1 
    dns-nameserver 8.8.8.8 8.8.4.4 

auto enx00ee22aa05d2 
iface enx00ee22aa05d2 inet static 
    address 192.168.21.1 
    netmask 255.255.255.0 
    network 192.168.21.0 
    broadcast 192.168.21.255 
    gateway 192.168.21.1

魷魚的配置看起來完美無瑕。

來源

2017-08-31 17:26:39

相關問題

 相關問題