实现步骤:
服务器一定要两块网卡,eth0连接外网,ip10.0.2.15,eth1连接内网,ip192.168.0.254
1、安装ubuntu11.04 server版,下载相应的iso文件,刻盘安装即可,不多言,最好单独分配一个分区,20G左右吧,用作squid cache文件存放;
2、安装squid,命令: sudo apt-get install squid3,默认安装的是3.1.11版本;
3、配置squid参数,sudo vi /etc/squid3/squid.conf,内容如下:
代码:
http_port 192.168.0.254:3128 transparent
visible_hostname XXXProxySvr
cache_mgr admin@XXX.gov.cn
cache_mem 1000 MB
cache_swap_low 90
cache_swap_high 95
#maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB
#memory_replacement_policy heap LFUDA
#cache_dir aufs /squidcache 8000 16 256
#cache_access_log none
cache_log none
#cache_store_log none
memory_pools on
memory_pools_limit 256 MB
dns_nameservers 192.168.0.254
hierarchy_stoplist cgi-bin ?
access_log none
#access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320 ignore-reload
coredump_dir /var/spool/squid
#acl all src 0.0.0.0/0
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access deny all
4、安装dns服务,sudo apt-get install dnsmasq
5、安装squidclient,sudo apt-get install squidclient
6、创建squid启动脚本文件squidstart.sh,内容如下:
代码:
#!/bin/bash
/usr/sbin/squid3
/sbin/sysctl -p
modprobe ip_tables
modprobe iptable_nat
modprobe iptable_filter
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
7、赋予脚本执行权限,chmod 777 squicstart.sh
8、squid初始化,/usr/sbin/squid -z
9、把启动脚本加入rc.local,开机自动执行
sudo vi /etc/rc.local
在exit0之前加入一行:/home/username/squidstart.sh
10、优化服务器:
sudo vi /etc/sysctl.conf
在最后添加:
代码:
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established =900
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.conf.all.proxy_arp = 1
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
使设置生效:sudo /sbin/sysctl -p
客户端网络配置,可配置在DHCP服务器里面:
网关:192.168.0.254
DNS:192.168.0.254
实现效果:浏览器80端口走squid透明代理服务器,其他端口直通,非常便捷,可大大加快网络的访问速度。
查看squid代理运行状态命令:
代码:
/usr/bin/squidclient -h 192.168.0.254 -p 3128 mgr:info
查看半连接数命令:
代码:
netstat -ant|grep -i time_wait |wc -l