- 论坛徽章:
- 0
|
##########squid 服务器的: eth0 (10.3.255.253)内网,eth1 (192.168.0.66)外接路由器(192.168.0.1),squid的网关为192.168.0.1 。
########## 内网机器的IP(10.3.0.5,网关设置为 10.3.255.253,dns为 202.96.128.86)。
如果在IE里面设置代理服务为squid的地址,端口设置为3128,则可以正常上网。
若取消代理服务器设置,则页面提示:
ERROR
The requested URL could not be retrieved
While trying to process the request:
GET / HTTP/1.1
User-Agent: Opera/9.80 (Windows NT 5.2; U; zh-cn) Presto/2.2.15 Version/10.00
Host: www.qq163.com
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Pragma: no-cache
Cache-Control: no-cache
Connection: Keep-Alive, TE
TE: deflate, gzip, chunked, identity, trailers
The following error was encountered:
Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
Your cache administrator is aa@gmail.com.
****************************************
iptables :##########squid 服务器的: eth0 (10.3.255.253)内网,eth1 (192.168.0.66)外接路由器(192.168.0.1),squid的网关为192.168.0.1 。
########## 内网机器的IP(10.3.0.5,网关设置为 10.3.255.253,dns为 202.96.128.86)。
iptables :
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT #信任所有出去的连接。
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT #信任内网机器。
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o eth1 -s 10.3.0.0/16 -j SNAT --to-source 192.168.0.66
echo 1 >/proc/sys/net/ipv4/ip_forward
*******************************************************************
squid.conf
http_port 3128
http_port 10.3.255.253:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
redirect_rewrites_host_header on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl mynetwork src 10.3.0.0/16
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow mynetwork
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
icp_access allow all
dns_nameservers 202.96.128.86
coredump_dir /var/spool/squid
cache_dir ufs /home/squid-cache 600 14 100
cache_effective_user squid
cache_effective_group squid
cache_mgr aa@gmail.com
allow_underscore on
*************************************************
squid log ::
#cat cache.log
2009/10/13 01:37:35| clientTryParseRequest: FD 11 (10.3.0.5:2923) Invalid Request
2009/10/13 01:37:35| clientTryParseRequest: FD 11 (10.3.0.5:2924) Invalid Request
# cat store.log
1255426655.261 RELEASE -1 FFFFFFFF 8BA8C413D6623DDBEBDFD67B652802EB 400 1255426655 -1 1255426655 text/html 1594/1594 GET error:invalid-request
1255426655.296 RELEASE -1 FFFFFFFF 51525D9AA48D9CAE91286F346AA18762 400 1255426655 -1 1255426655 text/html 1689/1689 GET error:invalid-request
我的系统: debian 5.0 ,squid为apt安装,2.7.STABLE3-4.1 。
谢谢你的帮助。 |
|
免费注册
发表于 2009-09-13 12:03
