- FreeBSD第二天 <构建内网DNS服务器及Squid代理服务器>
- 本系统主要是是为了学习FreeBSD这个系统,文中不少FREEBSD内容来自<构建高可用Linux服务器>
- 在此,感谢抚琴煮酒.
- 上午把昨天的内容在一台真实服务器上重新操作一次!安装了vim,bash,sudo,alex.
- 今天主要是内容是将其配置成DNS服务器及Squid代理服务器使用。
- 一、安装DNS. <发现portsnap里面的资源很多!光一个DNS服务器,就有不少可以选择。>
- 在这里我使用的是bind96
- # cd /usr/ports/dns/bind96
- # make install clean
- 配置:
- # vim /etc/namedb/named.conf
- --------------------------->因为只是用于转发,所以里面没有建正反向解析
- options {
- directory "/etc/namedb/working";
- pid-file "/var/run/named/pid";
- dump-file "/var/dump/named_dump.db";
- statistics-file "/var/stats/named.stats";
- forward only;
- forwarders { 202.96.128.86; };
- listen-on { 0.0.0.0; };
- ............省略其他未修改内容
- -------------------------------
- # /etc/rc.d/named start
- Cannot 'start' named. Set named_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
- # echo "named_enable="YES" " >> /etc/rc.conf
- # /etc/rc.d/named restart
- Stopping named.
- Waiting for_ PIDS: 30182.
- Starting named.
- 查看端口的侦听情况:
- # netstat -an | grep .53
- tcp6 0 0 ::1.953 *.* LISTEN
- tcp4 0 0 127.0.0.1.953 *.* LISTEN
- tcp4 0 0 127.0.0.1.53 *.* LISTEN
- tcp4 0 0 192.168.10.29.53 *.* LISTEN
- tcp4 0 0 192.168.1.29.53 *.* LISTEN
- 找台客户机测试下:
- # dig @192.168.10.29 www.51cto.com
- ; <<>> DiG 9.7.0-P1 <<>> @192.168.10.29 www.51cto.com
- ; (1 server found)
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30800
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
- ;; QUESTION SECTION:
- ;www.51cto.com. IN A
- ;; ANSWER SECTION:
- www.51cto.com. 464 IN A 118.144.78.38
- ;; Query time: 574 msec
- ;; SERVER: 192.168.10.29#53(192.168.10.29)
- ;; WHEN: Thu Nov 17 13:13:28 2011
- ;; MSG SIZE rcvd: 47
- 二、安装squid代理服务
- 找到位置
- # find /usr/ports/ -name "squid"
- /usr/ports/www/squid
- # cd /usr/ports/www/squid
- # make install clean
- 出现选项时,我选择了常规的选项,如SQUID_SNMP,SQUID_AUFS,SQUID_ARP_ACL等。
- 相关的提示内容:
- ===> post-installation information for squid-2.7.9_1:
- o You can find the configuration files for this package in the
- directory /usr/local/etc/squid.
- o The default cache directory is /var/squid/cache.
- The default log directory is /var/squid/logs.
- Note:
- You must initialize new cache directories before you can start
- squid. Do this by running "squid -z" as 'root' or 'squid'.
- If your cache directories are already initialized (e.g. after an
- upgrade of squid) you do not need to initialize them again.
- o The default configuration will deny everyone but local networks
- as defined in RFC 1918 access to the proxy service.
- Edit the "http_access allow/deny" directives in
- /usr/local/etc/squid/squid.conf to suit your needs.
- To enable Squid, set squid_enable=yes in either
- /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
- Please see /usr/local/etc/rc.d/squid for_ further details.
- Note:
- If you just updated your Squid installation from 2.6 or earlier,
- make sure to check your Squid configuration against the 2.7 default
- configuration file /usr/local/etc/squid/squid.conf.default.
- Additionally, you should check your configuration by calling
- 'squid -f /path/to/squid.conf -k parse' before starting Squid.
- 开工,修改squid.conf的配置文件:
- # mkdir /usr/cache
- # id squid
- uid=100(squid) gid=100(squid) groups=100(squid)
- # chown -R squid.squid /usr/cache
- # squid -z
- 2011/11/17 22:12:50| Creating Swap Directories
- # ls -l /usr/cache/
- total 66
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 00
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 01
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 02
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 03
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 04
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 05
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 06
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 07
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 08
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 09
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 0A
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 0B
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 0C
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 0D
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 0E
- drwxr-x--- 258 squid squid 3584 Nov 17 22:12 0F
- -rw-r----- 1 squid squid 48 Nov 17 22:13 swap.state
- 配置文件:
- # cat squid.conf 基础配置
- acl all src all
- acl manager proto cache_object
- acl localhost src 127.0.0.1/32
- acl localnet src 192.168.10.0/24
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- http_access allow manager localhost
- http_access deny manager
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localnet
- http_access deny all
- http_port 3128
- cache_mem 128 MB
- cache_dir ufs /usr/cache 1000 16 256
- minimum_object_size 0 KB
- maximum_object_size 4096 KB
- cache_swap_low 90
- cache_swap_high 95
- update_headers on
- access_log /var/squid/logs/access.log squid
- cache_store_log none
- logfile_rotate 5
- pid_filename /var/squid/logs/squid.pid
- coredump_dir /var/squid/cache
- 启动squid
- # squid -NdD1 &
- # netstat -anl | grep .3128
- tcp4 0 0 *.3128 *.* LISTEN
- 看看自己装的是哪个版本?
- # squid -v
- Squid Cache: Version 2.7.STABLE9
- 将其放到rc.conf 里,开机自动启动
echo "squid_enable="YES"" >> /etc/rc.conf - 现在找个客户机测试下!
- 我已经在我的P3(512M)主机上跑起来了。
转载于:https://blog.51cto.com/status/717069