第二步:接入Internet并配制代理服務(wù)
使用ADSL接入Internet有兩種情況,通過(guò)撥號(hào)獲取動(dòng)態(tài)ip或服務(wù)商直接給定靜態(tài)ip。后者配制起來(lái)較容易���。本文先討論動(dòng)態(tài)ip如何設(shè)置���。
由于第一步重新編譯內(nèi)核時(shí)已經(jīng)加進(jìn)了對(duì)Firewall的支持�。
這里就可以通過(guò)直接編輯/etc/ppp/ppp.conf文件和/etc/rc.conf文件就可以上網(wǎng)并支持NAT方式透明代理了��。
我的ppp.conf文件內(nèi)容如下:(注意set前要留空格)
default:
set log Phase tun command
set ifaddr 10.0.0.1/0 10.0.0.2/0
adsl: # 配置代號(hào)
set device PPPoE:vr0 # vr0 改成你連接ADSL modem的網(wǎng)卡名
set mru 1492
set mtu 1492
set authname username # username是撥號(hào)用戶名
set authkey passWord # password是撥號(hào)密碼
set dial
set login
add default HISADDR |
我的rc.conf文件內(nèi)容如下:(動(dòng)態(tài)ip)
# -- sysinstall generated deltas -- # Tue Jul 15 21:20:28 1997
# Created: Tue Jul 15 21:20:28 1997
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="wwwx.3322.org" # 你的主機(jī)域名
ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.255.0" #內(nèi)網(wǎng)網(wǎng)卡ip地址,fxp0是網(wǎng)卡名
inetd_enable="YES" # 開(kāi)機(jī)加載inetd
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="NO"
sendmail_enable="NO"
sshd_enable="YES"
usbd_enable="NO"
gateway_enable="YES"
firewall_enable="YES" #啟用防火墻
firewall_script="/etc/rc.firewall"
firewall_type="open"
firewall_quiet="YES"
firewall_logging_enable="YES"
ppp_enable="YES" # 開(kāi)機(jī)自動(dòng)撥號(hào)
ppp_mode="ddial"
ppp_nat="YES" # 啟用透明代理
ppp_PRofile="adsl" # 配置代號(hào)
# -- sysinstall generated deltas -- # Wed Jul 16 06:52:13 1997 |
這樣重新啟動(dòng)后就可以撥號(hào)上網(wǎng)并實(shí)現(xiàn)透明代理了����。客戶端需要設(shè)置dns服務(wù)器為服務(wù)商提供的dns����,網(wǎng)關(guān)設(shè)成代理服務(wù)器的內(nèi)網(wǎng)卡ip地址,這里是192.168.0.1�。并把IE中“internet選項(xiàng)”關(guān)于連接設(shè)置的所有復(fù)選框清除。
如果解析不了域名�����,檢查一下/etc/resolv.conf文件是否加入了正確的dns服務(wù)器地址�����。
如果是靜態(tài)ip方式,則只需要編輯/etc/rc.conf文件����。
我的/etc/rc.conf文件如下:(靜態(tài)ip)
# -- sysinstall generated deltas -- # Tue Jul 15 21:20:28 1997
# Created: Tue Jul 15 21:20:28 1997
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="wwwx.3322.org" #主機(jī)域名
defaultrouter="218.10.104.1" #服務(wù)商提供的路由器地址
ifconfig_vr0="inet 218.10.104.188 netmask 255.255.255.0" #服務(wù)商提供的靜態(tài)ip
ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.255.0" #內(nèi)部網(wǎng)卡ip
inetd_enable="YES" #開(kāi)機(jī)加載inetd
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="NO"
sshd_enable="YES"
sendmail_enable="NO"
usbd_enable="NO"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="open"
firewall_quiet="YES"
firewall_logging_enable="YES"
natd_enable="YES" # 啟用透明代理
natd_interface="vr0" # natd接口,vr0為連接外網(wǎng)modem的網(wǎng)卡
# -- sysinstall generated deltas -- # Wed Jul 16 06:52:13 1997 |
重起后網(wǎng)絡(luò)連接及透明代理生效�����?�?蛻舳送瑯右瓷厦嬲f(shuō)的方法配制���。
使用Squid:
Squid是一個(gè)非常不錯(cuò)的代理緩存軟件�。我曾經(jīng)一直在使用�����,后來(lái)因?yàn)槲医?jīng)常要改變web服務(wù)器里的網(wǎng)頁(yè)����,而Squid總是把我以前的頁(yè)面緩存����,致使不能馬上反映頁(yè)面的更新情況���,再加上公司上網(wǎng)的負(fù)擔(dān)不是很重。所以就不用了����。
安裝方法:
在FreeBSD下安裝軟件最方便的方法是使用ports。本文為了讓大家對(duì)通用的軟件安裝方法做一定的了解��,我們采用通用的方法來(lái)安裝Squid��,也就是說(shuō)��,下面的方法同樣適用于Linux或其他Unix版本����。
在ylf的用戶目錄下創(chuàng)建目錄app用來(lái)存放程序安裝臨時(shí)文件:
將用戶ylf設(shè)為/home/ylf/app目錄及其子目錄的所有者
| # chown –R ylf /home/ylf/app |
到 http://www.squid-cache.org/Versions/v2/2.5/ 下載Squid 的最新穩(wěn)定版本���,現(xiàn)在是squid-2.5.STABLE3
打開(kāi)IE瀏覽器��,在地址欄輸入ftp://192.168.0.1 �����,出現(xiàn)ftp登陸對(duì)話框,輸入用戶名ylf及密碼��,登錄成功后。將下載的squid-2.5.STABLE3復(fù)制到app目錄中�����。
執(zhí)行如下命令:
# cd /home/ylf/app
# tar zxvf squid-2.5.STABLE3.tar.gz #解壓縮安裝包
# cd squid-2.5.STABLE3 #進(jìn)入解開(kāi)的目錄
# ./configure --prefix=/usr/local/squid #配制���、將squid安裝在/usr/local/squid目錄
# make all #編譯
# make install #安裝 |
下面編輯Squid的配置文件:
| # cd /usr/local/squid/etc |
將原來(lái)的配置文件改名:
| # mv squid.conf squid.conf.bak |
編輯新的配置文件:
我的squid.conf內(nèi)容如下:
#取消對(duì)代理陣列的支持
icp_port 0 #對(duì)日志文件和pid文件位置進(jìn)行設(shè)置
cache_store_log none
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
emulate_httpd_log on
pid_filename /usr/local/squid/var/logs/squid.pid #設(shè)置運(yùn)行時(shí)的用戶和組權(quán)限
cache_effective_user squid
cache_effective_group squid #設(shè)置管理信息
visible_hostname wwwx.3322.org.
cache_mgr yourname@yourdomain.com #設(shè)置監(jiān)聽(tīng)地址和端口
http_port 3128
udp_incoming_address 0.0.0.0 #設(shè)置squid用戶hot object的物理內(nèi)存的大小以及設(shè)置cache目錄
cache_mem 32 MB
cache_dir ufs /usr/local/squid/cache 1024 16 256 #訪問(wèn)控制設(shè)置
acl mynet src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
http_access allow mynet
http_access deny all #透明代理設(shè)置
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on #swap 性能微調(diào)
half_closed_clients off
cache_swap_high 100%
cache_swap_low 80%
maximum_object_size 1024 KB #控制對(duì)象的超時(shí)時(shí)間
refresh_pattern -i .html 1440 90% 129600 reload-into-ims
refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .png 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 129600 reload-into-ims |
需要改的地方是訪問(wèn)控制設(shè)置中的子網(wǎng)改成你自己的子網(wǎng)����。其他的地方可根據(jù)需要調(diào)整�����。不改也可�。
如果不使用日志,將日志設(shè)置部分改成如下句子:
cache_store_log none
cache_access_log /dev/null
cache_log /dev/null |
添加squid系統(tǒng)用戶和組:
# pw groupadd squid
# pw useradd squid -g squid -s /sbin/nologin |
建立cache目錄:
| # mkdir /usr/local/squid/cache |
改變cache目錄和logs目錄的所有者為squid用戶和組:
# chown –R squid /usr/local/squid/cache
# chgrp –R squid /usr/local/squid/cache
# chown –R squid /usr/local/squid/var/logs
# chgrp –R squid /usr/local/squid/var/logs |
運(yùn)行squid –z建立cache目錄結(jié)構(gòu):
| # /usr/local/squid/sbin/squid –z |
測(cè)試squid運(yùn)行情況:
| # /usr/local/squid/sbin/squid –NCd1 |
出現(xiàn)下面顯示證明squid安裝成功:
2003/06/21 18:01:09| Starting Squid Cache version 2.5.STABLE3 for i386-unknown-freebsd4.7...
2003/06/21 18:01:09| Process ID 160
2003/06/21 18:01:09| With 957 file descriptors available
2003/06/21 18:01:09| Performing DNS Tests...
2003/06/21 18:01:09| Successful DNS name lookup tests...
2003/06/21 18:01:09| DNS Socket created at 0.0.0.0, port 1029, FD 4
2003/06/21 18:01:09| Adding nameserver 202.97.224.68 from /etc/resolv.conf
2003/06/21 18:01:09| Unlinkd pipe opened on FD 9
2003/06/21 18:01:09| Swap maxSize 1048576 KB, estimated 80659 objects
2003/06/21 18:01:09| Target number of buckets: 4032
2003/06/21 18:01:09| Using 8192 Store buckets
2003/06/21 18:01:09| Max Mem size: 32768 KB
2003/06/21 18:01:09| Max Swap size: 1048576 KB
2003/06/21 18:01:09| Store logging disabled
2003/06/21 18:01:09| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2003/06/21 18:01:09| Using Least Load store dir selection
2003/06/21 18:01:09| Current Directory is /usr/local/squid/etc
2003/06/21 18:01:09| Loaded Icons.
2003/06/21 18:01:09| Accepting HTTP connections at 0.0.0.0, port 3128, FD 8.
2003/06/21 18:01:09| WCCP Disabled.
2003/06/21 18:01:09| Ready to serve requests.
2003/06/21 18:01:16| Done scanning /usr/local/squid/cache swaplog (0 entries)
2003/06/21 18:01:16| Finished rebuilding storage from disk.
2003/06/21 18:01:16| 0 Entries scanned
2003/06/21 18:01:16| 0 Invalid entries.
2003/06/21 18:01:16| 0 With invalid flags.
2003/06/21 18:01:16| 0 Objects loaded.
2003/06/21 18:01:16| 0 Objects expired.
2003/06/21 18:01:16| 0 Objects cancelled.
2003/06/21 18:01:16| 0 Duplicate URLs purged.
2003/06/21 18:01:16| 0 Swapfile clashes avoided.
2003/06/21 18:01:16| Took 7.3 seconds ( 0.0 objects/sec).
2003/06/21 18:01:16| Beginning Validation Procedure
2003/06/21 18:01:16| Completed Validation Procedure
2003/06/21 18:01:16| Validated 0 Entries
2003/06/21 18:01:16| store_swap_size = 0k
2003/06/21 18:01:17| storeLateRelease: released 0 object |
否則根據(jù)提示檢查配制文件��。
為了使squid的透明代理起作用����,需要設(shè)置端口轉(zhuǎn)發(fā)。方法如下:
編輯/etc/rc.firewall文件,添加下面一句:
| ipfw add 00500 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any 80 |
下面建立squid的啟動(dòng)腳本squid.sh:
首先建立/usr/local/etc/rc.d目錄:
# mkdir /usr/local/etc
# mkdir /usr/local/etc/rc.d
# cd /usr/local/etc/rc.d
# vi squid.sh |
文件內(nèi)容如下:
#!/bin/sh # if ! PREFIX=$(expr $0 : "/(/.*/)/etc/rc/.d/$(basename $0)/$"); then
# echo "$0: Cannot determine the PREFIX" >&2
# exit 1
# fi case "$1" in
start)
if [ -x /usr/local/squid/sbin/squid -a -f /usr/local/squid/etc/squid.conf ]; then
(cd /usr/local/squid/var/logs; /usr/local/squid/sbin/squid >/dev/null 2>&1 &) ; echo -n ' squid'
fi
;;
stop)
/usr/local/squid/sbin/squid -k shutdown 2>&1
# Uncomment this if you'd like the system to (attempt to
# wait for) squid to shut down cleanly
#echo "Sleeping for 45 seconds to allow squid to shutdown.."
#sleep 45
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac exit 0 |
這樣每次啟動(dòng)后����,squid就會(huì)自動(dòng)運(yùn)行。
運(yùn)行/usr/local/etc/rc.d/squid.sh start 啟動(dòng)squid
運(yùn)行/usr/local/etc/rc.d/squid.sh stop 停止squid
