Linux内网机器部署代理访问外网,yum安装gcc

一般出于安全考虑,服务器组都是只有一台服务器能访问外网,其他都是以内网的形式连接。
如果我们要给内网的机器安装东西这时候由于无法访问到外网而导致失败。这时候我们就需要把能访问外网的机器部署成代理服务器。
本文参考

一 安装部署squid

  1. yum install squid
  2. cd /etc/squid/
  3. 备份文件 cp squid.conf squid.conf_bak 备份文件
  4. 修改 把http_access deny all修改为http_access allow all
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#这里把 http_access deny all  修改为 http_access allow all
http_access allow all 

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
  1. 启动squid
squid -k parse
squid -z
service squid start
  1. 查看squid服务
netstat -tupln | grep squid
  1. 查看本机地址
    ifconfig
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.3  netmask 255.255.255.0  broadcast 192.168.100.255
        inet6 fe80::b26e:bfff:fe3a:cf79  prefixlen 64  scopeid 0x20<link>
        ether b0:6e:bf:3a:cf:79  txqueuelen 1000  (Ethernet)
        RX packets 488347862  bytes 124793189132 (116.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 582737341  bytes 76537064191 (71.2 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfa200000-fa27ffff  

本地内网地址是 192.168.100.3

二 配置内网机器

  1. 配置临时代理地址(重新登录失效)
export http_proxy="http://192.168.100.3:3128"
  1. 配置yum代理地址
vi /etc/yum.conf

增加 proxy=http://192.168.100.3:3128

[main]
#配置yum的代理地址。
proxy=http://192.168.100.3:3128
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release


#  This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d

下面我们就能愉快的安装各种软件啦。。。

yum install gcc
yum install cmake