- 论坛徽章:
- 0
|
大家好,我是一个Linux新手,请大家多多照顾,谢谢!
我说下我的环境:
我用CentOS5.3做squid服务器,eth0为共享ip,eth1为内部ip,转发功能已开启,没配置透明代理时客户机能正常上网,但是做了透明代理问题就出现了,比如在浏览器里输入www.qq.com就出现:
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to process the request:
GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TheWorld)
Host: www.qq.com
Connection: Keep-Alive
Cookie: QQ_IPAddress=%u8FBD%u5B81%u7701%2C%u6C88%u9633%u5E02; ad_play_index=60; pvid=8831848390; flv=10.0; r_cookie=99219316286
The following error was encountered:
Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
Your cache administrator is root.
--------------------------------------------------------------------------------
Generated Wed, 17 Mar 1999 05:54:28 GMT by localhost.localdomain (squid/2.6.STABLE21)
我的squid.conf配置如下:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_mem 32 MB
maximum_object_size_in_memory 8 KB
cache_dir ufs /var/spool/squid 10000 16 256
minimum_object_size 0 KB
maximum_object_size 65536 KB
cache_swap_low 85
cache_swap_high 90
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
icp_port 3130
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
coredump_dir /var/spool/squid
httpd_accel_host localhost
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
iptables策略:
[root@localhost squid]# iptables -L -nv
Chain INPUT (policy ACCEPT 129K packets, 93M bytes)
pkts bytes target prot opt in out source destination
5514 1080K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 2131 packets, 1009K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 141K packets, 99M bytes)
pkts bytes target prot opt in out source destination
[root@localhost squid]# iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 1263 packets, 145K bytes)
pkts bytes target prot opt in out source destination
926 59264 REDIRECT tcp -- eth0 * 172.16.0.0/16 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1812 111K MASQUERADE all -- * eth0 172.16.0.0/16 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1636 packets, 98410 bytes)
pkts bytes target prot opt in out source destination
问题出在哪里,请各位高手帮帮忙看下,感激不尽,谢谢,非常急!!!!! |
|