router/CentOS7

2つのnicを持ったマシンでネットワークを繋げる.
他方はインターネットに繋がるが、もう片方はそのままでは外には出れない. dnf/yum updateすらできない.

2022y11m14d_001706330.png

このGate(192.168.0.100, 10.10.0.254)のデフォルトGWは 192.168.0.1 を指示している.

内部の 10.10.0.1 のマシンに dnf/yum updateを仕掛けるには、このGateに proxyサービスを提供する Squid を入れる必要がある.

Squid インストール

一応現状は下記のようになっていて

[root@gate ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
 
[root@gate ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:70:ef:c7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
       valid_lft 42946sec preferred_lft 42946sec
    inet6 fe80::20c:29ff:fe70:efc7/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:70:ef:d1 brd ff:ff:ff:ff:ff:ff
    inet 10.10.0.254/24 brd 10.10.0.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe70:efd1/64 scope link
       valid_lft forever preferred_lft forever
 
[root@gate ~]# ip route
default via 192.168.0.1 dev eth0 proto dhcp metric 100
10.10.0.0/24 dev eth1 proto kernel scope link src 10.10.0.254 metric 101
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.100 metric 100
 
[root@gate ~]# cat /proc/sys/net/ipv4/ip_forward
0
 
[root@gate ~]#

* ip_forwardは無効のままです

そこに proxyサービスの squid を入れます

[root@gate ~]# yum -y install squid
 
[root@gate ~]# yum info squid
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.yz.yamagata-u.ac.jp
 * extras: ftp.yz.yamagata-u.ac.jp
 * updates: ftp.yz.yamagata-u.ac.jp
Installed Packages
Name        : squid
Arch        : x86_64
Epoch       : 7
Version     : 3.5.20
Release     : 17.el7_9.8
Size        : 10 M
Repo        : installed
From repo   : updates
Summary     : The Squid proxy caching server
URL         : http://www.squid-cache.org
License     : GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
Description : Squid is a high-performance proxy caching server for Web clients,
            : supporting FTP, gopher, and HTTP data objects. Unlike traditional
            : caching software, Squid handles all requests in a single,
            : non-blocking, I/O-driven process. Squid keeps meta data and especially
            : hot objects cached in RAM, caches DNS lookups, supports non-blocking
            : DNS lookups, and implements negative caching of failed requests.
            :
            : Squid consists of a main server program squid, a Domain Name System
            : lookup program (dnsserver), a program for retrieving FTP data
            : (ftpget), and some management and client tools.
 
[root@gate ~]#

設定

正直あまり要らないかな. そのままで使います. 使うポートは3128

起動

[root@gate ~]# systemctl enable squid --now

つかう

Gateの内側のマシン[10.10.0.1]から外の世界へアクセスするために proxy の設定を施します.
まずその内部マシンの仕様

[root@internal ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
 
[root@internal ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:48:03:0d brd ff:ff:ff:ff:ff:ff
    inet 10.10.0.1/24 brd 10.10.0.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe48:30d/64 scope link
       valid_lft forever preferred_lft forever
 
[root@internal ~]# ip route
default via 10.10.0.254 dev ens192 proto static metric 100
10.10.0.0/24 dev ens192 proto kernel scope link src 10.10.0.1 metric 100
 
[root@internal ~]# cat /etc/resolv.conf
 
[root@internal ~]#

「/etc/resolv.conf」の中身は空です.


っで

  • yum/dnf を使うなら
    「/etc/yum.conf」に proxy 先を記載します. これでyumはproxyを介して外に繋げてパッケージをダウンロードします
    [root@internal ~]# echo "proxy=http://10.10.0.254:3128" >> /etc/yum.conf
    [root@internal ~]# yum install wget -y
  • wgetでパッケージを拾うなら
    コマンドライン上で「-e HTTPS_PROXY=http://10.10.0.254:3128」を付けるか
    [root@internal ~]# wget -e HTTPS_PROXY=http://10.10.0.254:3128 https://web.chaperone.jp/index.html --no-check-certificate
    「~/.wgetrc」に「https_proxy=http://10.10.0.254:3128/」を追記して使うか
    [saber@internal ~]$ echo "https_proxy=http://10.10.0.254:3128/" > ~/.wgetrc
    [saber@internal ~]$ wget https://web.chaperone.jp/index.html --no-check-certificate
    あるいは包括的に「/etc/wgetrc」に「https_proxy=http://10.10.0.254:3128/」を追記して使う
    [root@internal ~]# echo "https_proxy=http://10.10.0.254:3128/" > /etc/wgetrc
  • gitをproxy越しに使う
    「git config」で設定を行う
    [saber@internal ~]$ git config --global --list
    fatal: unable to read config file '/home/saber/.gitconfig': No such file or directory
     
    [saber@internal ~]$ git config --global http.proxy http://10.10.0.254:3128
    [saber@internal ~]$ git config --global --list
    http.proxy=http://10.10.0.254:3128
     
    [saber@internal ~]$
    [saber@internal ~]$ git clone https://github.com/StructuralBiology-ICLMedicine/SIDESPLITTER
  • conda
    [saber@internal ~]$ wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
    [saber@internal ~]$ bash Miniconda3-latest-Linux-x86_64.sh  -h
     
    usage: Miniconda3-latest-Linux-x86_64.sh [options]
     
    Installs Miniconda3 py39_4.12.0
     
    -b           run install in batch mode (without manual intervention),
                 it is expected the license terms are agreed upon
    -f           no error if install prefix already exists
    -h           print this help message and exit
    -p PREFIX    install prefix, defaults to /home/saber/miniconda3, must not contain spaces.
    -s           skip running pre/post-link/install scripts
    -u           update an existing installation
    -t           run package tests after installation (may install conda-build)
     
    [saber@internal ~]$ bash Miniconda3-latest-Linux-x86_64.sh -b
    [saber@internal ~]$ miniconda3/bin/conda init
    (close and re-open your current shell)
    (base) [saber@internal ~]$ conda --version
    conda 4.12.0
    (base) [saber@internal ~]$ 
    (base) [saber@internal ~]$ conda config --set proxy_servers.http http://10.10.0.254:3128
    (base) [saber@internal ~]$ conda config --set proxy_servers.https http://10.10.0.254:3128
    (base) [saber@internal ~]$ cat /home/saber/.condarc
    proxy_servers:
      http: http://10.10.0.254:3128
      https: http://10.10.0.254:3128
     
    (base) [saber@internal ~]$
    (base) [saber@internal ~]$ conda create -n sample python=3.9
  • pip
    一時的なら「--prpxy http://10.10.0.254:3128」で凌げるが、恒久的には「~/.pip/pip.conf」を用意する
    (base) [saber@internal ~]$ pip install scipion-installer --proxy http://10.10.0.254:3128
     
    (base) [saber@internal ~]$ mkdir ~/.pip
    (base) [saber@internal ~]$ vi ~/.pip/pip.conf
    [global]
    proxy = http://10.10.0.254:3128
    (base) [saber@internal ~]$
  • R
    環境変数「https_proxy」を定義すれば行けるみたい
    [saber@internal ~]$ export https_proxy="http://10.10.0.254:3128"
    [saber@internal ~]$ R
    > install.packages("BiocManager")
     
    あるいは
    [saber@internal ~]$ echo "https_proxy=http://10.10.0.254:3128/" >> ~/.Renviron

クライアントにproxy.pacを読ませるなら

[root@gate ~]# yum install httpd
[root@gate ~]# systemctl start httpd
[root@gate ~]# vi /var/www/html/proxy.pac
function FindProxyForURL(url, host) {
   return "PROXY 10.10.0.254:3128; DIRECT";
}
 
[root@gate ~]#

2020y07m18d_164235115.png
*proxy.pacでproxyが有効になるのはブラウザとかかな。yum/dnfは別途設定が必要.


トップ   編集 添付 複製 名前変更     ヘルプ   最終更新のRSS
Last-modified: 2022-11-15 (火) 01:29:08 (13d)