第二步:接入Internet并配制代理服務
使用ADSL接入Internet有兩種情況��,通過撥號獲取動態ip或服務商直接給定靜態ip。后者配制起來較容易�。本文先討論動態ip如何設置。
由于第一步重新編譯內核時已經加進了對Firewall的支持����。
這里就可以通過直接編輯/etc/ppp/ppp.conf文件和/etc/rc.conf文件就可以上網并支持NAT方式透明代理了。
我的ppp.conf文件內容如下:(注意set前要留空格)
default:
set log Phase tun command
set ifaddr 10.0.0.1/0 10.0.0.2/0
adsl: # 配置代號
set device PPPoE:vr0 # vr0 改成你連接ADSL modem的網卡名
set mru 1492
set mtu 1492
set authname username # username是撥號用戶名
set authkey passWord # password是撥號密碼
set dial
set login
add default HISADDR |
我的rc.conf文件內容如下:(動態ip)
# -- sysinstall generated deltas -- # Tue Jul 15 21:20:28 1997
# Created: Tue Jul 15 21:20:28 1997
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="wwwx.3322.org" # 你的主機域名
ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.255.0" #內網網卡ip地址,fxp0是網卡名
inetd_enable="YES" # 開機加載inetd
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="NO"
sendmail_enable="NO"
sshd_enable="YES"
usbd_enable="NO"
gateway_enable="YES"
firewall_enable="YES" #啟用防火墻
firewall_script="/etc/rc.firewall"
firewall_type="open"
firewall_quiet="YES"
firewall_logging_enable="YES"
ppp_enable="YES" # 開機自動撥號
ppp_mode="ddial"
ppp_nat="YES" # 啟用透明代理
ppp_PRofile="adsl" # 配置代號
# -- sysinstall generated deltas -- # Wed Jul 16 06:52:13 1997 |
這樣重新啟動后就可以撥號上網并實現透明代理了����。客戶端需要設置dns服務器為服務商提供的dns����,網關設成代理服務器的內網卡ip地址��,這里是192.168.0.1����。并把IE中“internet選項”關于連接設置的所有復選框清除�。
如果解析不了域名,檢查一下/etc/resolv.conf文件是否加入了正確的dns服務器地址�。
如果是靜態ip方式,則只需要編輯/etc/rc.conf文件����。
我的/etc/rc.conf文件如下:(靜態ip)
# -- sysinstall generated deltas -- # Tue Jul 15 21:20:28 1997
# Created: Tue Jul 15 21:20:28 1997
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="wwwx.3322.org" #主機域名
defaultrouter="218.10.104.1" #服務商提供的路由器地址
ifconfig_vr0="inet 218.10.104.188 netmask 255.255.255.0" #服務商提供的靜態ip
ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.255.0" #內部網卡ip
inetd_enable="YES" #開機加載inetd
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="NO"
sshd_enable="YES"
sendmail_enable="NO"
usbd_enable="NO"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="open"
firewall_quiet="YES"
firewall_logging_enable="YES"
natd_enable="YES" # 啟用透明代理
natd_interface="vr0" # natd接口,vr0為連接外網modem的網卡
# -- sysinstall generated deltas -- # Wed Jul 16 06:52:13 1997 |
重起后網絡連接及透明代理生效�。客戶端同樣要按上面說的方法配制��。
使用Squid:
Squid是一個非常不錯的代理緩存軟件����。我曾經一直在使用,后來因為我經常要改變web服務器里的網頁��,而Squid總是把我以前的頁面緩存�,致使不能馬上反映頁面的更新情況��,再加上公司上網的負擔不是很重�。所以就不用了����。
安裝方法:
在FreeBSD下安裝軟件最方便的方法是使用ports。本文為了讓大家對通用的軟件安裝方法做一定的了解�,我們采用通用的方法來安裝Squid,也就是說�,下面的方法同樣適用于Linux或其他Unix版本。
在ylf的用戶目錄下創建目錄app用來存放程序安裝臨時文件:
將用戶ylf設為/home/ylf/app目錄及其子目錄的所有者
| # chown –R ylf /home/ylf/app |
到 http://www.squid-cache.org/Versions/v2/2.5/ 下載Squid 的最新穩定版本��,現在是squid-2.5.STABLE3
打開IE瀏覽器����,在地址欄輸入ftp://192.168.0.1 ,出現ftp登陸對話框����,輸入用戶名ylf及密碼����,登錄成功后。將下載的squid-2.5.STABLE3復制到app目錄中�。
執行如下命令:
# cd /home/ylf/app
# tar zxvf squid-2.5.STABLE3.tar.gz #解壓縮安裝包
# cd squid-2.5.STABLE3 #進入解開的目錄
# ./configure --prefix=/usr/local/squid #配制�、將squid安裝在/usr/local/squid目錄
# make all #編譯
# make install #安裝 |
下面編輯Squid的配置文件:
| # cd /usr/local/squid/etc |
將原來的配置文件改名:
| # mv squid.conf squid.conf.bak |
編輯新的配置文件:
我的squid.conf內容如下:
#取消對代理陣列的支持
icp_port 0 #對日志文件和pid文件位置進行設置
cache_store_log none
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
emulate_httpd_log on
pid_filename /usr/local/squid/var/logs/squid.pid #設置運行時的用戶和組權限
cache_effective_user squid
cache_effective_group squid #設置管理信息
visible_hostname wwwx.3322.org.
cache_mgr yourname@yourdomain.com #設置監聽地址和端口
http_port 3128
udp_incoming_address 0.0.0.0 #設置squid用戶hot object的物理內存的大小以及設置cache目錄
cache_mem 32 MB
cache_dir ufs /usr/local/squid/cache 1024 16 256 #訪問控制設置
acl mynet src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
http_access allow mynet
http_access deny all #透明代理設置
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on #swap 性能微調
half_closed_clients off
cache_swap_high 100%
cache_swap_low 80%
maximum_object_size 1024 KB #控制對象的超時時間
refresh_pattern -i .html 1440 90% 129600 reload-into-ims
refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .png 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 129600 reload-into-ims |
需要改的地方是訪問控制設置中的子網改成你自己的子網�。其他的地方可根據需要調整。不改也可����。
如果不使用日志,將日志設置部分改成如下句子:
cache_store_log none
cache_access_log /dev/null
cache_log /dev/null |
添加squid系統用戶和組:
# pw groupadd squid
# pw useradd squid -g squid -s /sbin/nologin |
建立cache目錄:
| # mkdir /usr/local/squid/cache |
改變cache目錄和logs目錄的所有者為squid用戶和組:
# chown –R squid /usr/local/squid/cache
# chgrp –R squid /usr/local/squid/cache
# chown –R squid /usr/local/squid/var/logs
# chgrp –R squid /usr/local/squid/var/logs |
運行squid –z建立cache目錄結構:
| # /usr/local/squid/sbin/squid –z |
測試squid運行情況:
| # /usr/local/squid/sbin/squid –NCd1 |
出現下面顯示證明squid安裝成功:
2003/06/21 18:01:09| Starting Squid Cache version 2.5.STABLE3 for i386-unknown-freebsd4.7...
2003/06/21 18:01:09| Process ID 160
2003/06/21 18:01:09| With 957 file descriptors available
2003/06/21 18:01:09| Performing DNS Tests...
2003/06/21 18:01:09| Successful DNS name lookup tests...
2003/06/21 18:01:09| DNS Socket created at 0.0.0.0, port 1029, FD 4
2003/06/21 18:01:09| Adding nameserver 202.97.224.68 from /etc/resolv.conf
2003/06/21 18:01:09| Unlinkd pipe opened on FD 9
2003/06/21 18:01:09| Swap maxSize 1048576 KB, estimated 80659 objects
2003/06/21 18:01:09| Target number of buckets: 4032
2003/06/21 18:01:09| Using 8192 Store buckets
2003/06/21 18:01:09| Max Mem size: 32768 KB
2003/06/21 18:01:09| Max Swap size: 1048576 KB
2003/06/21 18:01:09| Store logging disabled
2003/06/21 18:01:09| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2003/06/21 18:01:09| Using Least Load store dir selection
2003/06/21 18:01:09| Current Directory is /usr/local/squid/etc
2003/06/21 18:01:09| Loaded Icons.
2003/06/21 18:01:09| Accepting HTTP connections at 0.0.0.0, port 3128, FD 8.
2003/06/21 18:01:09| WCCP Disabled.
2003/06/21 18:01:09| Ready to serve requests.
2003/06/21 18:01:16| Done scanning /usr/local/squid/cache swaplog (0 entries)
2003/06/21 18:01:16| Finished rebuilding storage from disk.
2003/06/21 18:01:16| 0 Entries scanned
2003/06/21 18:01:16| 0 Invalid entries.
2003/06/21 18:01:16| 0 With invalid flags.
2003/06/21 18:01:16| 0 Objects loaded.
2003/06/21 18:01:16| 0 Objects expired.
2003/06/21 18:01:16| 0 Objects cancelled.
2003/06/21 18:01:16| 0 Duplicate URLs purged.
2003/06/21 18:01:16| 0 Swapfile clashes avoided.
2003/06/21 18:01:16| Took 7.3 seconds ( 0.0 objects/sec).
2003/06/21 18:01:16| Beginning Validation Procedure
2003/06/21 18:01:16| Completed Validation Procedure
2003/06/21 18:01:16| Validated 0 Entries
2003/06/21 18:01:16| store_swap_size = 0k
2003/06/21 18:01:17| storeLateRelease: released 0 object |
否則根據提示檢查配制文件��。
為了使squid的透明代理起作用����,需要設置端口轉發。方法如下:
編輯/etc/rc.firewall文件,添加下面一句:
| ipfw add 00500 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any 80 |
下面建立squid的啟動腳本squid.sh:
首先建立/usr/local/etc/rc.d目錄:
# mkdir /usr/local/etc
# mkdir /usr/local/etc/rc.d
# cd /usr/local/etc/rc.d
# vi squid.sh |
文件內容如下:
#!/bin/sh # if ! PREFIX=$(expr $0 : "/(/.*/)/etc/rc/.d/$(basename $0)/$"); then
# echo "$0: Cannot determine the PREFIX" >&2
# exit 1
# fi case "$1" in
start)
if [ -x /usr/local/squid/sbin/squid -a -f /usr/local/squid/etc/squid.conf ]; then
(cd /usr/local/squid/var/logs; /usr/local/squid/sbin/squid >/dev/null 2>&1 &) ; echo -n ' squid'
fi
;;
stop)
/usr/local/squid/sbin/squid -k shutdown 2>&1
# Uncomment this if you'd like the system to (attempt to
# wait for) squid to shut down cleanly
#echo "Sleeping for 45 seconds to allow squid to shutdown.."
#sleep 45
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac exit 0 |
這樣每次啟動后�,squid就會自動運行。
運行/usr/local/etc/rc.d/squid.sh start 啟動squid
運行/usr/local/etc/rc.d/squid.sh stop 停止squid
