Otu esi ejikwa okporo ụzọ webụ site na iji Squid Cache na Cisco Router na Linux

Otu ọrụ dị mkpa na netwọkụ bụ njikwa na jikwaa mkpara okporo ụzọ webụ, enwere ọtụtụ azịza nwere ike idozi okwu a, otu n'ime ihe ngwọta kachasị mma bụ iji squid cache na igwe Linux. Squid nwere ike inyocha, kpachie na cache okporo ụzọ webụ na-esi n'otu netwọk gaa na netwọk ọzọ dịka ọmụmaatụ site na LAN gaa na ịntanetị.

Enwere ụzọ ole na ole maka ịtụgharị arịrịọ webụ onye ahịa gaa na igwe squid, n'isiokwu a, anyị ga-egosi gị otu esi emegharị okporo ụzọ webụ site na rawụta CISCO gaa na igwe squid cache site na iji usoro WCCP.

Foto dị n'okpuru bụ ihe atụ nke ọnọdụ dị n'okpuru.

Dị ka ị na-ahụ na foto dị n'elu, okporo ụzọ weebụ nke ndị ahịa niile na-ebu ụzọ gaa Cisco Router (Nke ahụ bụ ụzọ ha na-adịghị mma), mgbe ahụ, rawụta na-emegharị ngwugwu gaa na igwe squid, ugbu a squid nwere ike ịrụ ọrụ ya, ọrụ ndị bụ isi bụ caching ọdịnaya weebụ, njedebe ohere dabeere. na ngalaba, oge etiti oge, adreesị ip, nha faịlụ, wdg.

Anyị na-enyocha nhazi ọnọdụ a na usoro abụọ dị mkpa, nke mbụ anyị kwesịrị ịwụnye ma hazie squid na Linux, wee hazie rawụta ka ọ na-atụgharị ngwugwu okporo ụzọ weebụ n'ime squid site na iji WCCP protocol.

N'ọnọdụ a, m na-eji CENTOS 6.5 dị ka ihe nkesa LINUX m na Cisco 2691 dị ka usoro router m.

Operating System: CENTOS 6.5
Application: Squid
Router: Cisco 2691

Nzọụkwụ 1: Ịwụnye Squid Cache

Squid dị na ebe nchekwa ndabara nke CENTOS, anyị buru ụzọ tinye ya site na iji iwu yum mara mma wee malite ọrụ ha wee malite ịmalite ọrụ squid na akpaaka.

# yum -y install squid
# service squid start
# chkconfig squid on

Nzọụkwụ 2: Na-akwado squid cache

Ugbu a, anyị ga-agbanwe ụfọdụ omume ndabara nke sistemụ arụmọrụ centos, anyị kwesịrị ime ka mbugharị ngwugwu wee gbanyụọ nzacha ụzọ nzacha (RPF), anyị na-eme ka mbugharị ngwugwu mee ka centos na-eme ihe dị ka onye na-ebugharị ụzọ (dị ka rawụta).

Ka m kọwaa nke ọma, mgbe okporo ụzọ na-abanye centos ọ na-enwe adreesị isi mmalite na ebe ha na-aga, dịka ọmụmaatụ mgbe onye ahịa na-abanye www.example.com na ihe nchọgharị ya, ngwugwu arịrịọ http na-ewepụta ma nwee adreesị IP nke igwe ndị ahịa. (dị ka 192.168.1.20) na ebe adreesị IP nke ihe nkesa example.com (dị ka 2.2.2.2).

Yabụ, mgbe ngwugwu nke centos nwetara, ọ na-achọpụta dị ka ngwugwu na-ezighi ezi n'ihi na adreesị IP centos abụghị ebe adreesị nke ngwugwu ahụ, n'ihi ihe nchekwa, centos dobe ngwugwu ahụ, mana anyị chọrọ ka squid mee ihe n'ụzọ doro anya. Anyị na-agwa ọnọdụ a na centos site n'ịkwado ọgwụ mbugharị ngwugwu.

Ọzọ, anyị kwesịrị gbanyụọ Reverse path Filtering ka ndị centos na-anabata ngwugwu nke igwe squid na-adịghị enweta ma ọ bụ ngwugwu ya na-enweghị adreesị IP na otu subnet nke igwe squid.

# nano /etc/sysctl.conf

net.ipv4.ip_forward = 1 #set to 1 for enable the packet forwarding feature
net.ipv4.conf.default.rp_filter = 0 # set to 0 for disable the reverse path filter behavior

Ọzọ anyị kwesịrị ịmepụta interface GRE na igwe CENTOS, maka gịnị? Ka m kọwaakwuo, usoro WCCP na-arụ ọrụ site na Ọwara GRE, ọ pụtara asụsụ dị n'etiti rawụta na Squid bụ GRE, yabụ centos kwesịrị inwe interface GRE maka ngwugwu De-encapsulate GRE.

Anyị kwesịrị ịmepụta faịlụ nhazi maka interface GRE na \/etc/sysconfig/network-script/ifcfg-gre0 ụzọ.

Tinye koodu n'okpuru na faịlụ nhazi ifcfg-gre0.

DEVICE=gre0
BOOTPROTO=static
IPADDR=10.0.0.2         #unused ip address in your network
NETMASK=255.255.255.252
ONBOOT=yes
IPV6INIT=no

Mgbe ịmepụtara interface GRE anyị kwesịrị ịmalitegharị ọrụ netwọk.

# service network restart

Kwụpụ 3: Na-ahazi cache Squid

Anyị kwesịrị ịgwa squid ịnakwere ngwugwu WCCP site na rawụta. Tinye koodu n'okpuru na faịlụ /etc/squid/squid.conf.

http_port 3128 intercept                 # Define SQUID listening port
wccp2_router 192.168.1.254          #ip address of the router
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0

Chekwaa faịlụ nhazi wee malite ọrụ squid.

# service squid restart

Squid na-ege ntị maka ngwugwu na ọdụ ụgbọ mmiri 3128, mana ọnụọgụ ọdụ ụgbọ mmiri anyị na-aga bụ 80, yabụ maka ịgbanwe ọdụ ụgbọ mmiri 80 gaa na 3128, anyị kwesịrị ịmepụta iwu NAT na CENTOS Integrated firewall (nke aha ya bụ iptable).

# iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A POSTROUTING -j MASQUERADE

Nzọụkwụ 4: Cisco Router Configurations

Nke mbụ, anyị kwesịrị ime ka WCCP rụọ ọrụ na cisco router.

R1(config)# ip wccp version 2
Then we must use an ACL for introducing SQUID cache machine to router
R1(config)# ip access-list standard SQUID-MACHINE
R1(config-std-nacl)# permit host 192.168.1.10

Ọzọ, anyị na-akọwapụta ndepụta ohere ọzọ maka ebumnuche abụọ dị iche iche nke mbụ anyị kwesịrị ma e wezụga okporo ụzọ SQUID site na ntụgharị site na usoro WCCP (ma ọ bụrụ na anyị adabaghị n'ime loop na-enweghị njedebe !!) Nke abụọ anyị na-akọwapụta nke okporo ụzọ LAN anyị chọrọ ịgafe WCCP na SQUID.

R1(config)#ip access-list LAN-TRAFFICS
R1(config-ext-nacl)#deny ip host 192.168.1.10 any                            #Prevent SQUID to get in loop
R1(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any equal www           #define LAN Traffics

Mgbe ịmepụtara ndepụta nnweta anyị, anyị ga-ahazi usoro WCCP na rawụta.

R1(config)# ip wccp web-cache redirect-list LAN-TRAFFIC group-list SQUID-MACHINE

Ihe ọ bụla dị njikere maka nzọụkwụ ikpeazụ, anyị ga-agwa onye rawụta na nke interface/interface ọ ga-emegharị okporo ụzọ site na iji nhazi WCCP ha.

R1(config)#interface fastEthernet 0/0
R1((config-if)# ip wccp web-cache redirect in

Nchịkọta

Ọ bụ oge iji chịkọta iwu na ederede niile n'ahịrị ole na ole maka nghọta ka mma, dị ka ọnọdụ ahụ si dị, anyị na-emegharị ndị ọrụ ntanetị weebụ (nke dị na ọdụ ụgbọ mmiri TCP 80) site na ROUTER (nke ahụ bụ ọnụ ụzọ ndabara nke ndị ahịa) na cache squid. igwe eji WCCP protocol.

Usoro ndị a niile mere na nzuzo ma enweghị nhazi ọzọ n'akụkụ ndị ahịa. Ya mere, anyị nwere ike ijikwa ma tọọ atumatu na okporo ụzọ weebụ na LAN. Dịka ọmụmaatụ, anyị nwere ike ịnweta ịnweta sọfụ webụ naanị n'ime obere oge, kpachie nha nbudata kachasị, kọwaa omenala blacklist na whitelist, mepụta akụkọ zuru oke nke ojiji ịntanetị yana wdg.

Otu n'ime eziokwu na-atọ ụtọ na ọnọdụ a bụ mgbe igwe squid na-agbada rawụta chọpụta okwu a wee kwụsị ibugharị ngwugwu na ya, ka ị nwee ike ịnụ ụtọ site na nkwụsị efu na netwọk gị.

Ọ bụrụ na ị nwere ajụjụ ọ bụla gbasara akụkọ a, biko hapụ azịza site na igbe nkọwa n'okpuru.