squid3.0代理配置故障

bigbigsh

[root@hwt ~]# /usr/local/squid/sbin/squid -N -d1
2009/01/06 05:43:44| Warning: empty ACL: acl name url_regex -i
2009/01/06 05:43:44| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2009/01/06 05:43:44| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2009/01/06 05:43:44| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
WARNING: Cannot write log file: none
none: Permission denied
         messages will be sent to 'stderr'.
2009/01/06 05:43:44| Squid is already running!  Process ID 2690

bigbigsh

日志里报错,不知道什么愿因
Jan  6 05:57:43 hwt squid[20100]: storeLateRelease: released 0 objects
Jan  6 05:57:45 hwt squid: Warning: empty ACL: acl name url_regex -i
Jan  6 05:57:45 hwt squid: WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
Jan  6 05:57:45 hwt squid: WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
Jan  6 05:57:45 hwt squid: WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
Jan  6 05:57:45 hwt squid[20108]: Squid is already running!  Process ID 20100
[root@hwt log]#

liang3391

你这些报错前面只是warning

none: Permission denied
         messages will be sent to 'stderr'.（很明显是权限问题导致的 从你提供的报错信息我不能准确判断是什么对方权限导致的，貌似是log文件。

bigbigsh

[root@hwt logs]# /usr/local/squid/sbin/squid  -N -d1
2009/01/06 06:39:23| Warning: empty ACL: acl name url_regex -i
2009/01/06 06:39:23| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2009/01/06 06:39:23| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2009/01/06 06:39:23| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
2009/01/06 06:39:23| Starting Squid Cache version 3.0.STABLE1 for x86_64-unknown-linux-gnu...
2009/01/06 06:39:23| Process ID 20138
2009/01/06 06:39:23| With 1024 file descriptors available
2009/01/06 06:39:23| Performing DNS Tests...
2009/01/06 06:39:24| Successful DNS name lookup tests...
2009/01/06 06:39:24| helperOpenServers: Starting 5 'dnsserver' processes
2009/01/06 06:39:24| Unlinkd pipe opened on FD 13
2009/01/06 06:39:24| Store logging disabled
2009/01/06 06:39:24| Swap maxSize 10240000 KB, estimated 787692 objects
2009/01/06 06:39:24| Target number of buckets: 39384
2009/01/06 06:39:24| Using 65536 Store buckets
2009/01/06 06:39:24| Max Mem  size: 1048576 KB
2009/01/06 06:39:24| Max Swap size: 10240000 KB
2009/01/06 06:39:24| Version 1 of swap file without LFS support detected...
2009/01/06 06:39:24| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2009/01/06 06:39:24| Version 1 of swap file without LFS support detected...
2009/01/06 06:39:24| Rebuilding storage in /home/cache (DIRTY)
2009/01/06 06:39:24| Using Least Load store dir selection
2009/01/06 06:39:24| Current Directory is /usr/local/squid/var/log

bigbigsh

我把我的SQUID.CONF帖出来大家帮我看看原因出在那里

http_port 3128 transparent
cache_mem 1 GB
maximum_object_size 9000 KB
maximum_object_size_in_memory 6128 KB
dns_nameservers 196.196.0.252
cache_dir ufs /usr/local/squid/cache 5000 32 512
cache_dir ufs /home/cache 5000 32 512
error_directory /usr/local/squid/share/errors/Simplify_Chinese
acl nocache urlpath_regex cookie.*\.php *\.jsp *\.asp *\.pl *\.cgi
no_cache deny nocache
acl audio urlpath_regex -i .torrent$ .avi$ .mp3$ .mp4$
http_access deny audio
acl name url_regex -i
http_access deny name
cache_access_log none
cache_log none
cache_store_log none
acl localhost src 196.196.0.0/24
http_access allow localhost
acl all src 0.0.0.0/0.0.0.0
http_access deny all
acl safe port 80 21 443 3128
http_access allow safe
cache_effective_user squid
cache_effective_group squid
cache_mgr worldrestart@yahoo.com.cn
acl conncount maxconn 5
visible_hostname LinuxProxyServer
icon_directory /usr/local/squid/share/icons
ipcache_size 2024
ipcache_low 90
ipcache_high 95
fqdncache_size 2024

liuhanzhao

acl all src 0.0.0.0/0.0.0.0
这个在3.0以上版本是不需要了
默认3.0中就已经把all定义了，所以只需要后面使用就行了

bigbigsh

谢谢liuhanzhao 兄   的回复.  我现在还有一点点小问题,下面的规则问题出在那里

[root@hwt ~]# /sbin/iptables -A OUTPUT -d 0/0 -p ALL --dport 53 -j ACCEPT
iptables v1.3.5: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.
[root@hwt ~]#

bigbigsh

请问大家我这样参数合理吗?

./configure --prefix=/usr/local/squid
--enable-poll
--disable-internal-dns
--disable-wccp
--disable-wccpv2
--disable-carp
--disable-ident-lookups
--enable-dlmalloc
--enable-truncate
--enable-stacktrace
--enable-storeio=aufs,coss,diskd,ufs,null
--enable-linux-netfilter         //要想实现透明代理，必须选取这个参数，启用linux netfilter支持
--enable-err-language=Simplify_Chinese
--enable-default-err-languages=Simplify_Chinese
--enable-arp-acl
--enable-snmp
--enable-async-io=180       //1G内存，并且是双核的选180，否则选100以下
--enable-cahce-digests      
--enable-underscore          //允许请求的URL出现下划线
--enable-gnuregex  
--enable-icmp
--enable-kill-parent-hack

liuhanzhao

--enable-linux-netfilter         //要想实现透明代理，必须选取这个参数，启用linux netfilter支持
不用这个参数我同样可以做透明代理的
其他都是ok的

bigbigsh

谢谢liuhanzhao    兄的回复,小弟还有一个问题,SQUID3.0是不是不支持以下三个规则?..我在squid.conf 加下面三个会报错.不知道是什么原因.
refresh_pattern . 0 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload
broken_vary_encoding allow apache
header_access header allow all


[root@hwt ~]# /usr/local/squid/sbin/squid  -N -d1
2009/01/08 06:12:50| parseConfigFile: 'squid.conf' line 58 unrecognized: 'broken_vary_encoding allow apache'
2009/01/08 06:12:50| parseConfigFile: 'squid.conf' line 60 unrecognized: 'header_access header allow all'
2009/01/08 06:12:50| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| Squid is already running!  Process ID 21532
[root@hwt ~]#


下面是我的脚本
http_port 3128 transparent
cache_mem 256 MB
dns_nameservers 196.196.0.252
fqdncache_size 2024
maximum_object_size_in_memory 2 MB
#memory_replacement_policy heap LFUDA
#cache_replacement_policy heap LFUDA
cache_dir ufs /usr/local/squid/cache 5000 32 512
cache_dir ufs /home/cache 5000 32 512
error_directory /usr/local/squid/share/errors/Simplify_Chinese
acl nocache urlpath_regex cookie.*\.php *\.jsp *\.asp *\.pl *\.cgi
no_cache deny nocache
acl audio urlpath_regex -i .torrent$ .avi$ .mp3$ .mp4$
http_access deny audio
acl download urlpath_regex -i \.zip$ \.exe$ \.mp3$ \.ra$ \.avi$ \.avi$ \.rar$ \.rvmb$ \.mpe$
http_access deny download
acl localhost src 196.196.0.0/24
http_access allow localhost
http_access deny all
acl safe port 80 21 443 3128
http_access allow safe
cache_effective_user squid
cache_effective_group squid
icp_port 0
cache_mgr worldrestart@yahoo.com.cn
acl OverConnLimit maxconn 16
http_access deny OverConnLimit
acl conncount maxconn 5
visible_hostname 196.196.0.252
icon_directory /usr/local/squid/share/icons
max_open_disk_fds 0
minimum_object_size 1 KB
maximum_object_size 20 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 2024
ipcache_low 90
ipcache_high 95
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log squid
cache_store_log none
emulate_httpd_log on
#refresh_pattern . 0 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload
acl buggy_server url_regex ^http://.... http://
broken_posts allow buggy_server
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
request_entities off
#header_access header allow all
relaxed_header_parser on
client_lifetime 120 minute
cache_peer 196.196.0.252 parent 80 0 no-query default multicast-responder no-netdb-exchange
cache_peer_domain 196.196.0.252
hostname_aliases 196.196.0.252
error_directory /usr/local/squid/share/errors/Simplify_Chinese
always_direct allow all
ignore_unknown_nameservers on
coredump_dir  /var/log/squid
half_closed_clients off
buffered_logs on

[ 本帖最后由 bigbigsh 于 2009-1-7 09:29 编辑 ]