[ ¸®´ª½º - SQUID ] client°¡ ftp/http/https¸¦ ¿¬°áÇϱâ À§ÇÏ¿© squidÀÇ default tcp/3128 Æ÷Æ® 1°³¸¦ º¸´Â °ÍÀÌ ¸ÂÀ»·±Áö¿ä ?

Àü¼³¼ÓÀǹ̡¦   
   Á¶È¸ 3158   Ãßõ 0    

SQUID를 사용하여 Forward Proxy를 사용시에,

Client ------------> Proxy(SQUID) 연결되는 구조에서, SUQID가 listen 하는 포트는 1개(default 3128)만 열만 되더라구요

1\  Client 입장에서는 ftp/http/https가 보는 IP/Port가 모두 동일해 지는거 같은데 이런 이해가 맞는 것 일런지요 ?
2\ 1번이 맞다면, SQUID에서 본인이 받은 3128 port 로 수신한 프로토콜을 ftp/http/https를 패킷을 까서 안의 내용에 따라서 적절하게 인터넷 해당 서버로 다시 연결하는 건지요 ?

이렇다면, squid가 Deep Packet Inspection(DPI) 기능을 일부 하는 거 같아서요 

아시는 분의 한수 가름침 부탁 드려 봅니다.


#### CLIENT@

# profile
export proxy_socket=http://172.31.11.133:3128/
export ftp_proxy=$proxy_socket
export http_proxy=$proxy_socket
export https_ proxy=$proxy_socket



#### SERVER@

#> more /etc/squid/squid.conf

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
....


acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT


# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost


# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128


감사합니다.
ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
·Î±×ÀÎ ÇÏ½Ã¸é ´ñ±ÛÀ» ³²±æ ¼ö ÀÖ½À´Ï´Ù


QnA
¾²±â
Á¦¸ñPage 360/5752
2015-12   1892905   ¹é¸Þ°¡
2014-05   5378692   Á¤ÀºÁØ1
2011-03   7159   È«»óÈÆ
2013-10   5265   ¹è°íÇÁ°í°¡¡¦
2024-01   2106   7755
2007-08   5296   ¼ÛÀçÈÆ
2011-03   9613   ¿µ¿øÇÑÇõ½Å
2022-05   3777   ±èÁØÀ¯
2024-01   1473   È£¹Ú°í±¸¸¶
2011-04   8766   ±¸¾ß
2018-07   5463   À¾³»³ë´Â¿Àºü
2015-03   4258   Á¶¼Á
2016-05   4993   ±ñ³²
2019-09   3581   È­¶õ
2022-06   2577   ¿µ»êȸ»ó
2017-04   8349   È­ÀÌÆ®º¸µå
2005-01   6919   ÀÌÁ¾¹Î
2011-05   10538   ±è½Â±Ç
2017-04   4037   ½ÅÀº¿Ö
2005-01   7537   °­¹Î¼ö
2005-02   6963   ¿ì½Â¿±
2022-07   2850   ±¼··¼è
¸ñ·Ï
¾²±â