Ubuntu Squid Proxy

某部門同事Request希望中國5區部份個同事可以瀏覽到google.com及shutterstock.com, 利用現有的MPLS加Proxy Script, 使他們只瀏覽這兩個網頁時才使用透過香港上網, 其餘Data使用當地Gateway

Proxy Script  Link: http://192.168.0.150/Proxy.pac

apt-get install squid3
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original

vi /etc/squid3/squid.conf
# 909 acl Safe_ports port 21          # ftp
# 911 acl Safe_ports port 70          # gopher
# 912 acl Safe_ports port 210         # wais
# 913 acl Safe_ports port 1025-65535  # unregistered ports
# 914 acl Safe_ports port 280         # http-mgmt
# 915 acl Safe_ports port 488         # gss-http
# 916 acl Safe_ports port 591         # filemaker
# 917 acl Safe_ports port 777         # multiling http

acl Safe_web url_regex google.com
acl Safe_web url_regex google.com.hk
acl Safe_web url_regex shutterstock.com
acl Safe_web url_regex picdn.net

acl Safe_net src 192.168.0.16
acl Safe_net src “/etc/squid3/Panyu”
acl Safe_net src “/etc/squid3/Beijing”

http_access deny !Safe_web
http_access deny !Safe_ports
http_access allow Safe_net

apt-get install nginx
vi /usr/share/nginx/html/proxy.pac
function FindProxyForURL(url,host){
if(
dnsDomainIs(host,”google.com”) ||
dnsDomainIs(host,”google.com.hk”) ||
dnsDomainIs(host,”shutterstock.com”) ||
dnsDomainIs(host,”picdn.net”)
){
return “PROXY 192.168.0.150:3128” ;
}
return “DIRECT”;
}

vi /etc/nginx/mime.types
application/x-ns-proxy-autoconfig .pac

route add -net 192.168.20.0/24 gw 192.168.0.252

HCNA STP Lab3-1

S1
sys
sysname S1
stp mode stp
stp root pri

S2
sys
sysname S2
stp mode stp
stp root sec

S1
undo stp root
stp pri 8192

S2
undo stp root
stp pri 4096

S2
int g0/0/9
stp port pri 32
int g0/0/10
stp port pri 16

HCNA Static Route Lab4-1

R1
sys
sysname R1
int g0/0/0
ip add 10.0.13.1 24
int g0/0/1
ip add 10.0.12.1 24
int lo0
ip add 10.0.1.1 24

R2
sys
sysname R2
int g0/0/1
ip add 10.0.12.2 24
int g0/0/2
ip add 10.0.23.2 24
int lo0
ip add 10.0.2.2 24

R3
sys
sysname R3
int g0/0/0
ip add 10.0.13.3 24
int g0/0/2
ip add 10.0.23.3 24
int lo0
ip add 10.0.3.3 24

R2
ip route-s 10.0.13.0 24 10.0.23.3
ip route-s 10.0.3.0 24 10.0.23.3

R1
ip route-s 10.0.3.0 24 10.0.13.3

R2
ip route-s 10.0.13.0 255.255.255.0 10.0.12.1 pre 80
ip route-s 10.0.3.0 24 10.0.12.1 pre 80

R3
ip route-s 10.0.12.0 24 10.0.13.1

R1
ip route-s 0.0.0.0 0.0.0.0 10.0.13.3
ip route-s 0.0.0.0 0.0.0.0 10.0.12.2 pre 80

R3
ip route-s 10.0.12.0 24 10.0.23.2 pre 80

HCNA vLan Routing Lab1-4

R1
sys
sysname R1
int g0/0/1
ip add 10.0.4.1 24

R3
sys
sysname R3
int g0/0/1
ip add 10.0.8.1 24

S1
sys
sysname S1
vlan batch 4 8
int g0/0/1
port link-t acc
port default vlan 4
int g0/0/3
port link-t acc
port default vlan 8
int g0/0/2
port link-type trunk
port trunk allow-pass vlan 4 8

R2
sys
sysname R2
int g0/0/1.1
ip add 10.0.4.254 24
dot ter vid 4
arp broad enable
int g0/0/1.3
ip add 10.0.8.254 24
dot ter vid 8
arp broad en

R1
ip route-s 0.0.0.0 0.0.0.0 10.0.4.254

R3
ip route-s 0.0.0.0 0.0.0.0 10.0.8.254

Postfix RBL

smtpd_client_restrictions = reject_rbl_client b.barracudacentral.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client bl.spamcop.net,reject_rbl_client pbl.spamhaus.org

CCNP BGP Lab1

bgp1-1 bgp1-2

R2
conf t
int f0/0
bandwidth 1000
ip add 172.16.0.2 255.255.0.0
no shut
int s1/0
clock rate 2000000
ip add 192.168.0.2 255.255.255.0
no shut
end

R3
conf t
int f0/0
ip add 10.10.1.2 255.0.0.0
no shut
int s1/0
ip add 192.168.0.1 255.255.255.0
no shut
end

R2
conf t
router bgp 200
neighbor 192.168.0.1 remote-as 300
network 172.16.0.0

R3
conf t
router bgp 300
neighbor 192.168.0.2 remote-as 200
network 10.0.0.0

bgp1-3 bgp1-4

CCNP OSPF Multiple Area Lab 7

ospf7-1

R1
conf t
host R1
int f0/0
ip add 192.168.12.1 255.255.255.0
no shut
int f0/1
ip add 10.0.0.1 255.0.0.0
no keepalive
no shut
end

R2
conf t
int f0/0
ip add 192.168.12.2 255.255.255.0
no shut
int f0/1
ip add 172.16.0.2 255.255.0.0
no keepalive
no shut
end

R1
conf t
router ospf 1
network 10.0.0.0 0.255.255.255 area 1
network 192.168.12.0 0.0.0.255 area 0
end

R2
conf t
router ospf 1
network 172.16.0.0 0.0.255.255 area 2
network 192.168.12.0 0.0.0.255 area 0
end

ospf7-2 ospf7-3

ospf7-4 ospf7-5

CCNP OSPF Single Area Lab 6

ospf6-1

R1
conf t
host R1
int f0/0
ip add 192.168.12.1 255.255.255.0
no shut
int f0/1
ip add 10.0.0.1 255.0.0.0
no keepalive
no shut
end

R2
conf t
int f0/0
ip add 192.168.12.2 255.255.255.0
no shut
int f0/1
ip add 172.16.0.2 255.255.0.0
no keepalive
no shut
end

R1
conf t
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
network 192.168.12.0 0.0.0.255 area 0
end

sh ip route

ospf6-2

sh ip protocols

ospf6-4

R2
conf t
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
network 192.168.12.0 0.0.0.255 area 0
end

sh ip route

ospf6-5

sh ip protocols

ospf6-6

Hauwei Hybrid 測試

HauweiHybrid1

R1
sys
sysname R1
int g0/0/0
ip add 10.100.30.1 23

R2
sys
sysname R2
int g0/0/0
ip add 10.100.31.1 23

SW1
sys
sysname SW1
vlan 2
vlan 3
port-group vlan2
group-member e0/0/1 to e0/0/21
port link-type hybrid
port hybrid pvid vlan 2
port hybrid untagged vlan 2
quit
int e0/0/22
port link-type hybrid
port hybrid tagged vlan 2 to 3

SW2
sys
sysname SW2
vlan 2
vlan 3
port-group vlan3
group-member g0/0/1 to g0/0/21
port link-type hybrid
port hybrid pvid vlan 3
port hybrid untagged vlan 3
quit
int g0/0/22
port link-type hybrid
port hybrid tagged vlan 2 to 3
int g0/0/24
port link-type hybrid
port hybrid tagged vlan 2 to 3

SW3
sys
sysname SW3
vlan 2
vlan 3
port-group vlan3
group-member g0/0/1 to g0/0/21
port link-type hybrid
port hybrid pvid vlan 3
port hybrid untagged vlan 3
quit
int g0/0/22
port link-type hybrid
port hybrid tagged vlan 2 to 3
int g0/0/24
port link-type hybrid
port hybrid tagged vlan 2 to 3

當vLan2, vLan3需要連通時
SW1
port-group vlan2
port hybrid untagged vlan 3

SW2
port-group vlan3
port hybrid untagged vlan 2

SW3
port-group vlan3
port hybrid untagged vlan 2

還原
SW1
port-group vlan2
undo port hybrid vlan 3

SW2
port-group vlan3
undo port hybrid vlan 2

SW3
port-group vlan3
undo port hybrid vlan 2