Bii o ṣe le Ṣakoso Ijabọ Wẹẹbu Lilo Kaṣe Squid ati Cisco Router ni Lainos

Iṣẹ-ṣiṣe pataki kan ninu nẹtiwọọki kan ni iṣakoso ati ṣakoso awọn ọjà oniho oju opo wẹẹbu, awọn solusan pupọ wa ti o le ṣe amojuto ọrọ yii, ọkan ninu awọn solusan ti o dara julọ ni lilo kaṣe squid lori ẹrọ Linux. Squid le ṣe ayewo, idinwo ati kaṣe ṣiṣowo awọn iṣowo wẹẹbu lati nẹtiwọọki kan si nẹtiwọọki miiran fun apẹẹrẹ lati LAN si Intanẹẹti.

Awọn ọna diẹ wa fun ṣiṣatunṣe awọn ibeere wẹẹbu alabara si ẹrọ squid, ninu nkan yii a yoo fi ọ han bi o ṣe le ṣe atunṣe ijabọ wẹẹbu lati ọdọ olulana CISCO si ẹrọ Squid Cache nipa lilo ilana WCCP.

Aworan ti o wa ni isalẹ jẹ apẹẹrẹ ti oju iṣẹlẹ ipilẹ.

Bi o ṣe rii ni aworan loke gbogbo awọn oniṣowo oju opo wẹẹbu alabara akọkọ lọ si Cisco Router (Iyẹn ni ẹnu ọna aiyipada wọn), lẹhinna olulana ipalọlọ awọn apo-iwe si ẹrọ squid, bayi squid le mu awọn ipa rẹ ṣiṣẹ, awọn ipa akọkọ ni fifipamọ awọn akoonu wẹẹbu, opin wiwọle orisun lori awọn ibugbe, awọn aaye arin akoko, awọn adirẹsi ip, iwọn awọn faili, ati bẹbẹ lọ.

A ṣe atunyẹwo iṣeto iṣẹlẹ yii ni awọn igbesẹ Major meji, akọkọ o yẹ ki a fi sori ẹrọ ati tunto squid ati Lainos, lẹhinna tunto olulana lati ṣe atunṣe awọn apo-iwe ijabọ wẹẹbu sinu squid nipa lilo ilana WCCP.

Ni oju iṣẹlẹ yii Mo lo CENTOS 6.5 bi olupin LINUX mi ati Cisco 2691 bi eto Olulana mi.

Operating System: CENTOS 6.5
Application: Squid
Router: Cisco 2691

Igbesẹ 1: Fifi Kaṣe Squid sori

Squid wa lori ibi ipamọ aiyipada ti CENTOS, a kọkọ fi sii ni lilo aṣẹ yum ẹlẹwa ati lẹhinna bẹrẹ awọn iṣẹ wọn ati nikẹhin ṣeto ibẹrẹ laifọwọyi ti iṣẹ squid.

# yum -y install squid
# service squid start
# chkconfig squid on

Igbesẹ 2: Ngbaradi Kaṣe Squid

Ni bayi a gbọdọ yi diẹ ninu awọn ihuwasi aiyipada ti eto iṣẹ centos pada, a nilo lati mu ifiranšẹ soso mu ki o mu iyọda ọna Ọna pada (RPF), a jẹ ki ṣiṣere soso jẹ ki awọn centos ṣiṣẹ bi olutaja ti gbangba (bii olulana kan).

Jẹ ki n ṣalaye ni alaye diẹ sii, nigbati awọn iṣowo ba de ni centos o ni orisun wọn ati awọn adirẹsi ibi-ajo, fun apẹẹrẹ nigbati alabara ba tẹ www.example.com lori aṣawakiri rẹ apopọ ibeere http kan ati pe o ni adiresi ip orisun ti ẹrọ alabara (bii 192.168.1.20) ati adirẹsi ip nlo ti olupin apẹẹrẹ.com (bii 2.2.2.2).

Nitorinaa, nigbati apo-iwe gba nipasẹ centos o ri bi apo ti ko tọ nitori pe adirẹsi adiresi ipos kii ṣe adirẹsi adirẹsi ti apo-iwe, fun awọn idi aabo centos ju apo-iwe naa silẹ, ṣugbọn a fẹ lati squid lati ṣiṣẹ ni ipo didan. A sọ ipo yii si awọn ile-iṣẹ nipasẹ muu agbara gbigbe siwaju.

Nigbamii o yẹ ki a mu Ṣiṣe ọna ọna yiyipada lati jẹ ki awọn centos gbigba awọn apo-iwe ti ko wọle si nipasẹ ẹrọ squid tabi awọn apo-iwe ti ko ni adiresi ip ni aaye kanna ti ẹrọ squid.

# nano /etc/sysctl.conf

net.ipv4.ip_forward = 1 #set to 1 for enable the packet forwarding feature
net.ipv4.conf.default.rp_filter = 0 # set to 0 for disable the reverse path filter behavior

Nigbamii ti a nilo lati ṣẹda wiwo GRE lori ẹrọ CENTOS, fun kini ?? Jẹ ki n ṣalaye diẹ sii, ilana WCCP ṣiṣẹ nipasẹ Eefin GRE, o tumọ si ede laarin olulana ati Squid ni GRE, nitorinaa awọn centos nilo lati ni wiwo GRE fun awọn apo-iwe De-encapsulate GRE.

O yẹ ki a ṣẹda faili iṣeto fun wiwo GRE ni\"/ ati be be lo/sysconfig/nẹtiwọọki-iwe afọwọkọ/ifcfg-gre0” ọna.

Tẹ awọn koodu isalẹ sii ni faili iṣeto ifcfg-gre0.

DEVICE=gre0
BOOTPROTO=static
IPADDR=10.0.0.2         #unused ip address in your network
NETMASK=255.255.255.252
ONBOOT=yes
IPV6INIT=no

Lẹhin ti o ṣẹda wiwo GRE a nilo lati tun bẹrẹ iṣẹ nẹtiwọọki.

# service network restart

Igbesẹ 3: Tito leto Kaṣe Squid

A nilo lati sọ fun squid gbigba awọn apo WCCP lati olulana. Tẹ awọn koodu isalẹ sii ni faili /etc/squid/squid.conf.

http_port 3128 intercept                 # Define SQUID listening port
wccp2_router 192.168.1.254          #ip address of the router
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0

Fipamọ faili iṣeto naa ki o tun bẹrẹ iṣẹ squid.

# service squid restart

Squid tẹtisi fun awọn apo-iwe ni ibudo 3128, ṣugbọn nọmba ibudo ibudo apo-iwe wa jẹ 80, nitorinaa fun iyipada ibudo ibudo 80 si 3128, a nilo lati ṣẹda ofin NAT lori ogiriina idapọmọra CENTOS (eyiti o pe ni iptable).

# iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A POSTROUTING -j MASQUERADE

Igbesẹ 4: Awọn atunto Olulana Cisco

Ni akọkọ o yẹ ki a mu WCCP ṣiṣẹ lori olulana cisco.

R1(config)# ip wccp version 2
Then we must use an ACL for introducing SQUID cache machine to router
R1(config)# ip access-list standard SQUID-MACHINE
R1(config-std-nacl)# permit host 192.168.1.10

Nigbamii ti a ṣalaye atokọ iwọle miiran fun idi oriṣiriṣi meji akọkọ ni akọkọ o yẹ ki a ṣe ayafi awọn iṣowo SQUID lati ṣe atunṣe nipasẹ ilana WCCP (ti kii ba ṣe a ṣubu sinu lupu ailopin !!) keji a ṣalaye iru awọn iṣowo LAN ti a fẹ lati kọja nipasẹ WCCP ati SQUID.

R1(config)#ip access-list LAN-TRAFFICS
R1(config-ext-nacl)#deny ip host 192.168.1.10 any                            #Prevent SQUID to get in loop
R1(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any equal www           #define LAN Traffics

Lẹhin ti o ṣẹda akojọ-iwọle wa a gbọdọ tunto ilana WCCP lori olulana.

R1(config)# ip wccp web-cache redirect-list LAN-TRAFFIC group-list SQUID-MACHINE

Gbogbo ohun ti ṣetan fun igbesẹ ikẹhin, a gbọdọ sọ fun olulana pe ninu eyiti wiwo/awọn atọkun o gbọdọ ṣe atunṣe awọn traffics nipa lilo iṣeto WCCP wọn.

R1(config)#interface fastEthernet 0/0
R1((config-if)# ip wccp web-cache redirect in

Akopọ

O to akoko lati ṣe akopọ gbogbo awọn aṣẹ ati awọn ọrọ ni awọn laini diẹ fun oye ti o dara julọ, ni ibamu si oju iṣẹlẹ ti a ṣe àtúnjúwe awọn apo-iwe hiho wẹẹbu awọn oṣiṣẹ (ti o wa lori ibudo TCP 80) lati ROUTER (iyẹn ni ẹnu-ọna aiyipada ti awọn alabara) si ibi ipamọ squid ẹrọ nipa lilo ilana WCCP.

Gbogbo ilana yii ṣẹlẹ ni idakẹjẹ ati pe ko si iṣeto ni afikun ni ẹgbẹ alabara. Nitorinaa a le ṣakoso ati ṣeto awọn eto imulo lori awọn iṣowo ori ayelujara ni LAN. Fun apeere, a le ni iraye si hiho oju opo wẹẹbu ni akoko to lopin, ṣe iwọn iwọn igbasilẹ ti o pọ julọ, ṣalaye atokọ aṣa wa ati whitelist, ṣe awọn iroyin ni kikun ti lilo iṣẹ ṣiṣe intanẹẹti ati bẹbẹ lọ.

ọkan ninu awọn otitọ ti o nifẹ ninu oju iṣẹlẹ yii ni nigbati ẹrọ squid ba sọkalẹ olulana ṣe awari ọrọ yii ki o dawọ ṣiṣatunṣe awọn apo-iwe si i, nitorinaa o le gbadun lati akoko isanku odo ni nẹtiwọọki rẹ.

Ti o ba ni ibeere eyikeyi nipa nkan yii jọwọ fi esi silẹ nipasẹ apoti asọye isalẹ.