検証やっているとWeb プロキシサーバーが欲しくなる場合があります。
LinuxでSquidでもいいと思いますが、VyOSでも簡単に設定できます。
しかも、コマンド操作で簡単。
VyOSをインストールしたら、下記コマンドを実行するだけです。
set service webproxy listen-address [vyos-lan-ip-address] port '3128'
※ポート番号も任意の値に変更可
URLごとの制御もできるので、それはまた次回で。
現時点でのConfig
※FWまわりはあまり確認してません、、、
vyos@vyos:~$ show configuration commands
set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group network-group Inside-Grp-1 network '192.168.201.0/24'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name WebProxy default-action 'drop'
set firewall name WebProxy 'enable-default-log'
set firewall name WebProxy rule 1 action 'accept'
set firewall name WebProxy rule 1 destination address '192.168.201.254'
set firewall name WebProxy rule 1 destination port '3128'
set firewall name WebProxy rule 1 log 'enable'
set firewall name WebProxy rule 1 protocol 'tcp'
set firewall name WebProxy rule 1 source group network-group 'Inside-Grp-1'
set firewall name WebProxy rule 1 state established 'enable'
set firewall name WebProxy rule 1 state new 'enable'
set firewall name WebProxy rule 1 state related 'enable'
set firewall name WebProxy rule 2 action 'accept'
set firewall name WebProxy rule 2 destination port '53'
set firewall name WebProxy rule 2 log 'enable'
set firewall name WebProxy rule 2 protocol 'tcp_udp'
set firewall name WebProxy rule 2 source group network-group 'Inside-Grp-1'
set firewall name WebProxy rule 2 state established 'enable'
set firewall name WebProxy rule 2 state new 'enable'
set firewall name WebProxy rule 2 state related 'enable'
set firewall name WebProxy rule 3 action 'accept'
set firewall name WebProxy rule 3 destination port '123'
set firewall name WebProxy rule 3 log 'enable'
set firewall name WebProxy rule 3 protocol 'udp'
set firewall name WebProxy rule 3 source group network-group 'Inside-Grp-1'
set firewall name WebProxy rule 3 state established 'enable'
set firewall name WebProxy rule 3 state new 'enable'
set firewall name WebProxy rule 3 state related 'enable'
set firewall name WebProxy rule 998 action 'accept'
set firewall name WebProxy rule 998 'destination'
set firewall name WebProxy rule 998 icmp type-name 'any'
set firewall name WebProxy rule 998 log 'disable'
set firewall name WebProxy rule 998 protocol 'icmp'
set firewall name WebProxy rule 998 source group network-group 'Inside-Grp-1'
set firewall name WebProxy rule 999 action 'drop'
set firewall name WebProxy rule 999 'destination'
set firewall name WebProxy rule 999 log 'enable'
set firewall name WebProxy rule 999 protocol 'all'
set firewall name WebProxy rule 999 source group network-group 'Inside-Grp-1'
set firewall receive-redirects 'enable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall state-policy established action 'accept'
set firewall state-policy invalid action 'drop'
set firewall state-policy related action 'accept'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '00:0c:29:02:82:5f'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth3 address '192.168.201.254/24'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 firewall 'in'
set interfaces ethernet eth3 hw-id '00:0c:29:02:82:69'
set interfaces ethernet eth3 smp_affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback 'lo'
set nat source rule 1 outbound-interface 'eth0'
set nat source rule 1 source address '192.168.201.0/24'
set nat source rule 1 translation address 'masquerade'
set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name nw-1 authoritative 'disable'
set service dhcp-server shared-network-name nw-1 description 'nw-1'
set service dhcp-server shared-network-name nw-1 subnet 192.168.201.0/24 default-router '192.168.201.254'
set service dhcp-server shared-network-name nw-1 subnet 192.168.201.0/24 dns-server '192.168.201.254'
set service dhcp-server shared-network-name nw-1 subnet 192.168.201.0/24 lease '86400'
set service dhcp-server shared-network-name nw-1 subnet 192.168.201.0/24 start 192.168.201.128 stop '192.168.201.223'
set service dns forwarding cache-size '150'
set service dns forwarding listen-on 'eth3'
set service dns forwarding 'system'
set service ssh port '22'
set service webproxy cache-size '100'
set service webproxy default-port '3128'
set service webproxy listen-address 192.168.201.254 port '3128'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$1$j2SQ0NtU$93940p5KV/f45IgGr3lqq.'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system name-server '8.8.8.8'
set system name-server '8.8.4.4'
set system ntp server 'ntp.nict.jp'
set system package auto-sync '1'
set system package repository community components 'main'
set system package repository community distribution 'helium'
set system package repository community password ''
set system package repository community url 'http://packages.vyos.net/vyos'
set system package repository community username ''
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'Asia/Tokyo'
set zone-policy zone Trust default-action 'drop'
set zone-policy zone Trust interface 'eth3'
set zone-policy zone Untrust default-action 'drop'
set zone-policy zone Untrust from Trust firewall name 'WebProxy'
set zone-policy zone Untrust interface 'eth0'
vyos@vyos:~$
