freebsd8.3 pf squid transparent没成功
pf +squid transparen 没有成功,请同志们给予帮助同志们,求助下,普通代理成功,但透明代理就是不行。。。
######rc.conf#######
hostname="freebsd.org"
ifconfig_em0="DHCP"
ifconfig_em1="inet 10.0.0.5 netmask 255.0.0.0"
defaulrouter="192.168.1.253"
ppp_nat="YES"
keymap="us.iso"
moused_enable="YES"
moused_port="/dev/psm0"
moused_type="auto"
sshd_enable="YES"
squid_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
#inetd_enable="YES"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
gateway_enable="YES"
##########pf.conf#########
ext_if="em0"
int_if="em1"
loop="lo0"
rdr on $int_if inet proto tcp from any to any port www -> 10.0.0.5 port 8080
pass in on $int_if inet proto tcp from any to 10.0.0.5 port 8080 keep state
pass out on $ext_if inet proto tcp from any to any port www keep stat
pass in quick all
pass out quick all
######squid.conf########
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnetsrc 192.168.1.0/24
acl localnet src 172.16.0.0/12# RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535# unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allowmanager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 10.0.0.5:3128 transparent
hierarchy_stoplist cgi-bin ?
cache_mem 42 MB
cache_dir ufs /var/squid/cache 100 16 256
minimum_object_size 0 KB
maximum_object_size 200 MB
cache_swap_low 70
cache_swap_high 85
access_log /var/squid/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
connect_timeout 1 minute
cache_mgr freebsd@sina.com
visible_hostname squidserver
coredump_dir /var/squid/cache
本帖最后由 iceblood 于 2013-04-13 19:53 编辑
http_port 8080 transparent 我估计是没有做好重定向, 提供两篇OpenBSD下面squid的参考文档
http://www.openbsd.org/cgi-bin/cvsweb/ports/www/squid/pkg/README-main?rev=1.1
http://www.openbsd.org/cgi-bin/cvsweb/ports/www/squid27/pkg/README?rev=1.1 squid向个版本的规则不一样,有的需要transparent,有的不需要。 为什么你PF里重定向转到8080端口。
rdr on $int_if inet proto tcp from any to any port www -> 10.0.0.5 port 8080
而你squid却是监听的3128端口?
http_port 10.0.0.5:3128 transparent
页:
[1]