16.3.1 Standard forward agent
May 24, 2021 That's what Linux should learn
Once the Squid service package is properly installed and started, it can already provide the user with a standard forward proxy mode service by default, eliminating the need to modify the profile or do anything else separately. Next, open any browser on the client running Windows 7, and then click the Internet Options command, as shown in Figure 16-4.
[root@linuxprobe ~]# systemctl restart squid [root@linuxprobe ~]# systemctl enable squid ln -s '/usr/lib/systemd/system/squid.service' '/etc/systemd/system/multi-user.target.wants/squid.service'
Figure 16-4 Click the Internet Options command in your browser
To use the standard forward proxy mode service provided by the Squid service provider, you must fill in the server's IP address and port number information in the browser. Therefore, you also need to click the LAN Settings button under the Connections tab (see Figure 16-5) and fill in the proxy server information as shown in Figure 16-6, and then save and exit the configuration wizard.
Figure 16-5 Click the LAN Settings button in the Connections tab
Figure 16-6 fills in the proxy server's IP address and port number
Users can now use the proxy services provided by the Squid service program. The virtual machines that are set to host-only mode can also miraculously browse the Internet, as shown in Figure 16-7.
Figure 16-7 Virtual machines can function as an off-network network
Such a public and no password verification agent service finally let people feel uneasy, in case someone also come to the "net" how to do? T he Squid service program uses port numbers such as 3128, 3401, and 4827 by default, so you can modify the default port numbers to other values to provide some protection. N ow we should all know that the Linux system configuration service program is actually to modify the service's profile, so directly in the /etc directory of the Squid service program with the same name directory to find the configuration file, the http_port parameters after the original 3128 modified to 10000, that is, the Squid service provider's proxy service port modified to a new value. Finally, don't forget to restart the service program.
[root@linuxprobe ~]# vim /etc/squid/squid.conf .................. O mit some of the output information... 4 5 # 46 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS 47 # 48 49 # Example rule allowing access from your local networks. 5 0 # Adapt localnet in the ACL section to list your (internal) IP networks 51 # from where browsing should be allowed 52 http_access allow localnet 53 http_access allow localhost 54 55 # And finally deny all other access to this proxy 56 http_access deny all 57 58 # Squid normally listens to port 3128 59 http_port 10000 60 http_port 10000 .................. O mit some of the output information... D id the root@linuxprobe root@linuxprobe/system/system/multi-user.target.wants/squid.service' suddenly feel like it was familiar? W hen section 10.5.3 explains the virtual host functionality of deploying httpd service programs based on port numbers, we are prompted to report errors after editing the profile of the httpd service program and restarting the service program. A lthough the system has not reported an error since the Squid service program was restarted, the user is not yet able to use the proxy service. The SElinux security subsysyscies take it for granted that the Squid servicer uses port number 3128, which is allowed in the default policy rules, but now the Squid service program is trying to use a new 10,000 port number, which is not the system resource that the Squid servicer should be using, so it is necessary to manually add the new port number to the Squid service provider's allowed list in the Selinux domain.
[root@linuxprobe ~]# semanage port -l | g rep squid_port_t squid_port_t tcp 3128, 3401, 4827 squid_port_t udp 3401, 4827 [root@linuxprobe ~]# semanage port -a -t squid_port_t -p tcp 10000 [root@linuxprobe ~]# semanage port -l | G rep squid_port_t squid_port_t tcp 10000, 3128, 3401, 4827 squid_port_t udp 3401, 4827 Is there a problem? Ask bold questions!
Because readers have different hardware or operation errors may lead to experimental configuration errors, please be patient and take a closer look at the operation steps, do not be discouraged
Linux technical exchange please add Group A: 560843 (full), Group B: 340829 (recommended), Group C: 463590 (recommended), click here to view the national group.
This group features: through password verification to ensure that each group member is "Linux should learn" readers, more targeted, from time to time free to receive customized gifts.