Requirement Description
Set SNAT policy using iptables
Make hosts on 192.168.100.0/24 network segment share Internet access through NAT
Configure Squid proxy service
Cache acceleration for HTTP access, and implement transparent proxy with firewall policy
Access control in proxy service
Disable LAN users from downloading rmvb , mp3 format file
Do not cache files larger than 3M, prohibit downloading files larger than 8M
Prevent users from accessing domains such as qq.com, tencent.com, xxxx.com, etc. Website
Enable URL filtering to block access to links containing “sex”,“adult”
1. Prepare the client and Internet test server, Start the httpd service on the test server
2. Install Squid on the Squid proxy server
3. Enable route forwarding and SNAT
3. Configure transparent proxy support, cache and download file size limits, URL filtering
1. Modify the squid.conf configuration file and reload the configuration
h Ttp_port 192.168.1.1:3128 transparent ############################################## Br>
http_port 192.168.100.254:3128 transparent
acl all src 0/0
http_access alow all
reply_body_max_size 10240000 allow all
access_log /var/log/squid/access.log squid
###################################################### #########
2. Add iptables rules
iptables -t nat –A PREROUTING -i eth0 -s 192.168.100.0/24 -p tcp –dport 80 -j REDIRECT –to-ports 3128
3. Client browser (do not need to specify the address and port of the proxy server in the browser)
< Br>
4. Access control in the proxy service
############################################ #########
http_port 192.168.100.254:3128 transparent
acl all src 0/0
http_access allow all
maximum_object_size 3076 KB
reply_body_max_size 81920000 allow all
access_log /var/log/squid/access.log squid
acl lan100 src 192.168.100.0/24
Acl denydomain dstdomain .qq.com .tencent.com .xxxx.com
acl denywords urlpath_regex -i sex adult
acl realfile urlpath_regex -i \\.rmvb$ \\.mp3$
http_access deny lan100 denydomain
http_access deny lan100 denywords
http_access deny lan100 realfile
########################################## ##############
5. Reset the Squid service and test it!
Do not allow LAN users to download files in rmvb or mp3 format
Do not cache files larger than 3M, and prohibit downloading files larger than 8M
Prohibiting users from accessing websites such as qq.com, tencent.com, xxxx.com, etc.
Enable URL filtering, no access including &ldquo ;sex”,“adult”typed links
How to effectively perform Linux patch management Red Hat LinuxOSRHEL patch can be installed throug
System Requirements: Unlimited release, requires PC platform (x86 architecture CPU), Glibc version
Tizen 1.0 was released, and Taize is a Linux-based open source software platform that runs on smartp
We all know how to query the installation time of win7 system? In fact, it is very simple, you can f
Linux environment programming - waitpid with fork and execlp
How do I view the specific release version of Red Hat Enterprise Linux?
Linux uses Wireshark for packet capture analysis (including SIP and RTP packets)
NetBeans integrated development environment under CentOS
What is the relationship between Linux and GNU?
Linux dual NIC bonding (loading) for load balancing or failover
Solve the method of viewing pdf reader under linux
Linux screen window Chinese garbled problem
12 Linux Process Management Commands Introduction
IPsec, site-to-sito VPN Simple Experiment
Linux/VPS CentOS yum download slow? Install the Axel plugin to speed up the look
Win8.1 update driver prompts this file may be damaged or tampered with what to do?
Some EXE file icons under Win7 are inexplicably lost solutions
How does Win7's taskbar suddenly widen? How to narrow the taskbar?
Windows XP system: The default settings need to pay attention to 7 security issues
Win8.1 system open application prompt error code 0xc000007b solution
Windows7 system shows hidden folders and files
What should I do if I can't find the desktop option when the Windows 7 file is saved?
Analysis of the specific reasons for the failure of the Hosts file of Win8.1 system