linux内网机器访问外网代理设置_redhat enterprise 设置代理上网

摘要: 公司一般出于安全考虑， 在同一局域网中只有一台机器可以访问外网，运维进行了整体的限制， 但是在后面的工作中，需要在机器上安装一些软件，及命令，所以其他的机器需要访问外网来简化工作， 但又不能打乱原有运维的设置，所以需要在能访问外网的机器上做个代理。

第一步、二步都是在能访问外网的机器上操作， 第三步是在不能访问外网机器上操作。
1、检查机器
     在操作中发现访问外网的机器本身不能使用yum 安装软件，故需要配置yum安装源。如果可以的，这步可忽略。

[root@localhost test]# lsb_release -a
LSB Version:    :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer
Description:    Red Hat Enterprise Linux Server release 5.7 (Tikanga)
Release:        5.7
Codename:       Tikanga
[root@localhost test]# cd /etc/yum.repos.d/
[root@localhost test]# wget http://mirrors.163.com/.help/CentOS5-Base-163.repo

 中间 wget 所获取的文件，需要将$releasever 修改为 5

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-5 - Base - 163.com
baseurl=http://mirrors.163.com/centos/5/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=os
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 
#released updates 
[updates]
name=CentOS-5 - Updates - 163.com
baseurl=http://mirrors.163.com/centos/5/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 
#packages used/produced in the build but not released
[addons]
name=CentOS-5 - Addons - 163.com
baseurl=http://mirrors.163.com/centos/5/addons/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=addons
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 
#additional packages that may be useful
[extras]
name=CentOS-5 - Extras - 163.com
baseurl=http://mirrors.163.com/centos/5/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-5 - Plus - 163.com
baseurl=http://mirrors.163.com/centos/5/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
 
#contrib - packages by Centos Users
[contrib]
name=CentOS-5 - Contrib - 163.com
baseurl=http://mirrors.163.com/centos/5/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

  yum clean all  清除原有缓存
  yum list           获取yum列表
  如果出现列表数据如下这种表示设置成功

sqlite-devel.i386                                                                            3.3.6-7                                                                   base     
sqlite-devel.x86_64                                                                          3.3.6-7                                                                   base     
squashfs-tools.x86_64                                                                        3.0-4                                                                     base     
squirrelmail.noarch                                                                          1.4.8-21.el5.centos                                                       base     
srptools.x86_64                                                                              0.0.4-10.el5                                                              base     
sssd.x86_64                                                                                  1.5.1-70.el5                                                              base     
sssd-client.i386                                                                             1.5.1-70.el5                                                              base     
sssd-client.x86_64                                                                           1.5.1-70.el5                                                              base     
sssd-tools.x86_64                                                                            1.5.1-70.el5                                                              base

2、安装squid
    squid介绍及其简单配置
    前面准备好yum命令， 可以直接在线安装

yum install squid

   安装完成后， cd  /etc/squid/ 目下， 修改squid.conf 文件中的内容，修改之前， 可以先备份该文件：

cp squid.conf squid.conf_bak

  然后找到 文件中的 http_access deny all   将其修改为 http_access allow all  表示所有用户都可以访问这个代理，
  还有找到  http_port 3128  修改为   http_port 192.168.3.171:3128  这里的IP及端口是 squid的代理IP及端口，
  该IP是能访问外网机器的IP地址，如果是本机，则可以不用修改该地址， 下面启动squid 代理

[root@localhost squid]# squid -k parse
[root@localhost squid]# 
[root@localhost squid]# 
[root@localhost squid]# squid -z
2014/07/22 14:43:01| Creating Swap Directories
[root@localhost squid]# 
[root@localhost squid]# 
[root@localhost squid]# service squid start
Starting squid:                                            [  OK  ]
[root@localhost squid]# 
[root@localhost squid]# 
[root@localhost squid]# 
[root@localhost squid]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      4341/portmap        
tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      22862/(squid)       
tcp        0      0 0.0.0.0:792                 0.0.0.0:*                   LISTEN      4426/rpc.statd

3、配置不能访问外网的机器代理
   在其他有需要访问外网的内网机器上设置其访问外部网络的代理机器

export http_proxy=http://192.168.3.171:3128

   export的效力仅及于该此登陆操作，非全局，详细内容可参考：linux环境变量 export命令详解

   这样就可以让不能访问外部网络的内网机器通过可以访问外网的机器做为代理访问到外部网络，来方便安装一些软件，命令等操作。

4、测试

     在配置的内网机器上执行：curl www.baidu.com，出现以下内容即访问网络成功：

[cosw@platdevsxyd01 ~]$ curl www.baidu.com
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge>
<meta content=always name=referrer><link rel=stylesheet type=text/css href=http://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.css>
<title>百度一下，你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> 
<div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> 
</div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> 
<input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> 
<input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr">
<input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus></span><span class="bg s_btn_wr">
<input type=submit id=su value=百度一下 class="bg s_btn"></span> </form> </div> </div> <div id=u1> 
<a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=http://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> 
<a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a>...</html>