| linux内网机器访问外网代理设置 | 您所在的位置:网站首页 › linux部署代理服务器 › linux内网机器访问外网代理设置 |
|
摘要: 公司一般出于安全考虑, 在同一局域网中只有一台机器可以访问外网,运维进行了整体的限制, 但是在后面的工作中,需要在机器上安装一些软件,及命令,所以其他的机器需要访问外网来简化工作, 但又不能打乱原有运维的设置,所以需要在能访问外网的机器上做个代理。 第一步、二步都是在能访问外网的机器上操作, 第三步是在不能访问外网机器上操作。 1、检查机器 在操作中发现访问外网的机器本身不能使用yum 安装软件,故需要配置yum安装源。如果可以的,这步可忽略。 [root@localhost test]# lsb_release -a LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch Distributor ID: RedHatEnterpriseServer Description: Red Hat Enterprise Linux Server release 5.7 (Tikanga) Release: 5.7 Codename: Tikanga [root@localhost test]# cd /etc/yum.repos.d/ [root@localhost test]# wget http://mirrors.163.com/.help/CentOS5-Base-163.repo [root@localhost test]# lsb_release -a LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch Distributor ID: RedHatEnterpriseServer Description: Red Hat Enterprise Linux Server release 5.7 (Tikanga) Release: 5.7 Codename: Tikanga [root@localhost test]# cd /etc/yum.repos.d/ [root@localhost test]# wget http://mirrors.163.com/.help/CentOS5-Base-163.repo中间 wget 所获取的文件,需要将$releasever 修改为 5 # CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-5 - Base - 163.com baseurl=http://mirrors.163.com/centos/5/os/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=os gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #released updates [updates] name=CentOS-5 - Updates - 163.com baseurl=http://mirrors.163.com/centos/5/updates/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=updates gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #packages used/produced in the build but not released [addons] name=CentOS-5 - Addons - 163.com baseurl=http://mirrors.163.com/centos/5/addons/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=addons gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #additional packages that may be useful [extras] name=CentOS-5 - Extras - 163.com baseurl=http://mirrors.163.com/centos/5/extras/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=extras gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-5 - Plus - 163.com baseurl=http://mirrors.163.com/centos/5/centosplus/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #contrib - packages by Centos Users [contrib] name=CentOS-5 - Contrib - 163.com baseurl=http://mirrors.163.com/centos/5/contrib/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 # CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-5 - Base - 163.com baseurl=http://mirrors.163.com/centos/5/os/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=os gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #released updates [updates] name=CentOS-5 - Updates - 163.com baseurl=http://mirrors.163.com/centos/5/updates/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=updates gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #packages used/produced in the build but not released [addons] name=CentOS-5 - Addons - 163.com baseurl=http://mirrors.163.com/centos/5/addons/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=addons gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #additional packages that may be useful [extras] name=CentOS-5 - Extras - 163.com baseurl=http://mirrors.163.com/centos/5/extras/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=extras gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-5 - Plus - 163.com baseurl=http://mirrors.163.com/centos/5/centosplus/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #contrib - packages by Centos Users [contrib] name=CentOS-5 - Contrib - 163.com baseurl=http://mirrors.163.com/centos/5/contrib/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 yum clean all 清除原有缓存 yum list 获取yum列表 如果出现列表数据如下这种表示设置成功 sqlite-devel.i386 3.3.6-7 base sqlite-devel.x86_64 3.3.6-7 base squashfs-tools.x86_64 3.0-4 base squirrelmail.noarch 1.4.8-21.el5.centos base srptools.x86_64 0.0.4-10.el5 base sssd.x86_64 1.5.1-70.el5 base sssd-client.i386 1.5.1-70.el5 base sssd-client.x86_64 1.5.1-70.el5 base sssd-tools.x86_64 1.5.1-70.el5 base 2、安装squid squid介绍及其简单配置 前面准备好yum命令, 可以直接在线安装 yum install squid yum install squid 安装完成后, cd /etc/squid/ 目下, 修改squid.conf 文件中的内容,修改之前, 可以先备份该文件: cp squid.conf squid.conf_bak cp squid.conf squid.conf_bak 然后找到 文件中的 http_access deny all 将其修改为 http_access allow all 表示所有用户都可以访问这个代理, 还有找到 http_port 3128 修改为 http_port 192.168.3.171:3128 这里的IP及端口是 squid的代理IP及端口, 该IP是能访问外网机器的IP地址,如果是本机,则可以不用修改该地址, 下面启动squid 代理 [root@localhost squid]# squid -k parse [root@localhost squid]# [root@localhost squid]# [root@localhost squid]# squid -z 2014/07/22 14:43:01| Creating Swap Directories [root@localhost squid]# [root@localhost squid]# [root@localhost squid]# service squid start Starting squid: [ OK ] [root@localhost squid]# [root@localhost squid]# [root@localhost squid]# [root@localhost squid]# netstat -nltp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4341/portmap tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 22862/(squid) tcp 0 0 0.0.0.0:792 0.0.0.0:* LISTEN 4426/rpc.statd 3、配置不能访问外网的机器代理 在其他有需要访问外网的内网机器上设置其访问外部网络的代理机器 export http_proxy=http://192.168.3.171:3128 export http_proxy=http://192.168.3.171:3128 export的效力仅及于该此登陆操作,非全局,详细内容可参考:linux环境变量 export命令详解这样就可以让不能访问外部网络的内网机器通过可以访问外网的机器做为代理访问到外部网络,来方便安装一些软件,命令等操作。
4、测试 在配置的内网机器上执行:curl www.baidu.com,出现以下内容即访问网络成功: [cosw@platdevsxyd01 ~]$ curl www.baidu.com 百度一下,你就知道 新闻 hao123 地图 视频... |
| CopyRight 2018-2019 实验室设备网 版权所有 |