【www.hzclsc.cn--深度阅读】
squid+iptable的透明代理问题
用redhat linux9中的squid+iptable的透明代理.可以PING通外网
因为学校接入的是教育网,分配的是城域网IP(10.115.12.* 网关10.115.12.254)
现在隔离用C类地址,IP为192.168.1.* LINUX中用双网卡,内网eth1:192.168.1.1 外网eth0:10.115.12.89
Squid.conf的配置如下:
http_access allow all
cache_mem 128MB
maximum_object_size 1024KB
maximum_object_size_in_memory 8KB
chache_dir ufs/var/spool/Squid 1000 16 256
cache_swap_low 90
cache_swap_high 95
cache_effective_user nobody
cache_effective_group nogroup
httpd_accel_host virtual
(这句本来没有,后来在
# TAG: httpd_accel_host下面自己加了
#Default:
# httpd_accel_host virtual )
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
新建了firewall文件,写入了以下内容:
#!/bin/sh
echo "Enable IP Forwarding..."
echo "1" /proc/sys/net/ipv4/ip_forward
echo "Starting iptables rules..."
/sbin/modprobe iptable_filter
/sbin/modprobe ip_tables
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
#Refresh all chains
/sbin/iptables -F -t nat
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 10.115.12.89
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
现在出现了以下的错误
ERROR
The requested URL could not be retrieved
________________________________________
While trying to retrieve the URL: /
The following error was encountered:
Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:
Missing or incorrect access protocol (should be `http://"" or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
在IE中如果不设置代理
服务器,输入的如果是IP地址就出现这样的问题,如果是域名就出现该页无法显示。只要设置了代理
服务器,无论是什么代理地址,甚至不是IP地址(数字),只要端口为80就都可以上网。
其他如瑞X娱乐公司升级,淘宝汪汪,都只要随便设置一个代理IP和80端口就可以上网了的。
而QQ很奇怪,不设置代理照样可以上网,只是不太正常:反映非常迟钝,象停止响应了一样。
以下是访问FTP的问题
ERROR
The requested URL could not be retrieved
________________________________________
An FTP authentication failure occurred while trying to retrieve the URL: ftp://10.115.12.1/
Squid sent the following FTP command:
PASS YOURPASSWORD
and then received this reply
Sorry, no ANONYMOUS access allowed.
Your cache administrator is root.
________________________________________
Generated Thu, 12 Jan 2006 00:31:40 GMT by localhost.localdomain (squid/2.5.STABLE1)
设置好代理后,直接输入FTP地址不可以访问,XP下提示:代理服务器没有设置完全访问 。出现以上问题,以FTP://用户:密码@地址,的格式可以只读登陆,但中文文件名全部显示为乱码,乱吗问题也许是REDHAT 9是默认英文的问题。
希望那位大虾可以帮忙看看,问题出在什么地方?
还有一个问题:以前单网卡不透明代理的时候有访问WEB页面为800等端口的都提示找不到页面的,如打入http://10.115.12.2:800/uploadfile/2005926233250700.jpg 就打不开,
ERROR
The requested URL could not be retrieved
________________________________________
While trying to retrieve the URL: http://10.115.12.2:800/uploadfile/2005926233250700.jpg
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is root.
________________________________________
Generated Sat, 14 Jan 2006 07:13:45 GMT by localhost.localdomain (squid/2.5.STABLE1)
而拿掉代理就可以正常访问。
而这个却可以:http://10.107.11.1:8000
现在的透明代理任旧出现这样的情况。
本文来源:http://www.hzclsc.cn/anzhuo/42292.html