1. 首页
  2. 问答
  3. Ubuntu 16.04:使用2个网卡配置Squid代理

Ubuntu 16.04:使用2个网卡配置Squid代理

2016-10-12 33 views
0

我试图用两个网卡设置Squid。我相信所有的东西都已经安装好了,但它不能正常工作,是否有人能够借给我一些帮助?Ubuntu 16.04:使用2个网卡配置Squid代理

我的配置:

的/ etc /网络/接口

源/etc/network/interfaces.d/*

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto enp4s0 
iface enp4s0 inet static 
    address 192.168.1.115 
    netmask 255.255.255.0 
    network 192.168.1.0 
    broadcast 192.168.1.255 
    gateway 192.168.1.1 
    dns-nameserver 8.8.8.8 8.8.4.4 

auto enx00ee22aa05d2 
iface enx00ee22aa05d2 inet static 
    address 192.168.21.1 
    netmask 255.255.255.0

/etc/squid/squid.conf中

acl localnet src 192.168.21.0/24 # RFC1918 possible internal network 

acl SSL_ports port 443 
acl Safe_ports port 80  # http 
acl Safe_ports port 21  # ftp 
acl Safe_ports port 443  # https 
acl Safe_ports port 70  # gopher 
acl Safe_ports port 210  # wais 
acl Safe_ports port 1025-65535 # unregistered ports 
acl Safe_ports port 280  # http-mgmt 
acl Safe_ports port 488  # gss-http 
acl Safe_ports port 591  # filemaker 
acl Safe_ports port 777  # multiling http 
acl CONNECT method CONNECT 

# Deny requests to certain unsafe ports 
http_access deny !Safe_ports 

# Deny CONNECT to other than secure SSL ports 
http_access deny CONNECT !SSL_ports 

# Only allow cachemgr access from localhost 
http_access allow localhost manager 
http_access deny manager 

# Example rule allowing access from your local networks. 
# Adapt localnet in the ACL section to list your (internal) IP networks 
# from where browsing should be allowed 
#http_access allow localnet 
http_access allow localhost 

# And finally deny all other access to this proxy 
http_access deny all 

# Squid normally listens to port 3128 
http_port 3128 transparent 

#Default: 
access_log /var/log/squid/access.log 

# Leave coredumps in the first cache dir 
coredump_dir /var/spool/squid 

# 
# Add any of your own refresh_pattern entries above these. 
# 
refresh_pattern ^ftp:  1440 20% 10080 
refresh_pattern ^gopher: 1440 0% 1440 
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 
refresh_pattern (Release|Packages(.gz)*)$  0  20%  2880 
# example lin deb packages 
#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 
refresh_pattern .  0 20% 4320

的/etc/sysctl.conf

net.ipv4.ip_forward=1 
net.ipv6.conf.all.forwarding=1

/etc/iptables.up.rules

*nat -A PREROUTING -i enx00ee22aa05d2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.21.1:3128 -A PREROUTING -i enx00ee22aa05d2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -s 192.168.2.0/24 -o enp4s0 -j MASQUERADE COMMIT

的/etc/rc.local

iptables -t nat -A POSTROUTING -s 192.168.21.0/24 –o enp4s0 -j MASQUERADE

重新启动鱿鱼服务器,连接到新的网络,并获得以下IP地址

IP address: 192.168.21.100 
Subnet: 255.255.255.0 
Router: 192.168.21.1

当您尝试了 '卷曲http://www.google.co.uk' 你会得到如下

卷曲:(6)无法解析主机:www.google.co.uk

任何人都可以建议对这个?

感谢您的帮助

来源

2016-10-12 JustheDev

回答

0

你要为第二个网卡“enx00ee22aa05d2”成为别人的主网关控制?如果是这样的话,你需要像下面这样设置一个网关:

# The loopback network interface 
auto lo 
iface lo inet loopback 

# The primary network interface 
auto enp4s0 
iface enp4s0 inet static 
    address 192.168.1.115 
    netmask 255.255.255.0 
    network 192.168.1.0 
    broadcast 192.168.1.255 
    gateway 192.168.1.1 
    dns-nameserver 8.8.8.8 8.8.4.4 

auto enx00ee22aa05d2 
iface enx00ee22aa05d2 inet static 
    address 192.168.21.1 
    netmask 255.255.255.0 
    network 192.168.21.0 
    broadcast 192.168.21.255 
    gateway 192.168.21.1

鱿鱼的配置看起来完美无瑕。

来源

2017-08-31 17:26:39

相关问题

 相关问题