- 论坛徽章:
- 0
|
抱歉,很久了,也没解决该问题,我的目的实际上是
内网做对外服务器出现的问题
网络结构为:一台linux服务器,双网卡,一块接大网,一块接局域网,接大网网卡有固定的大网IP
实现目标:当大网用户访问该liunx服务器的大网IP时,直接转向到局域网的另一台WEB服务器上
参照以前的帖子:
假定内IP提供服务的主机IP为1.1.1.1,提供互联网代理的主机外网IP为2.2.2.2
/sbin/iptables -t nat -A POSTROUTING -s 1.1.1.1 -o eth0 -j SNAT --to 2.2.2.2
/sbin/iptables -t nat -A PREROUTING -p tcp -d 2.2.2.2 --dport 80 -i eth0 -j DNAT --to 1.1.1.1
结果出现错误:
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: /
The following error was encountered:
Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:
Missing or incorrect access protocol (should be `http://'' or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
Your cache administrator is root.
--------------------------------------------------------------------------------
Generated Mon, 22 Jan 2007 01:13:37 GMT by localhost (Squid/2.4.STABLE7)
请问是什么原因?
squid如下:
visible_hostname localhost
http_port 80
cache_mem 76 MB
cache_swap_low 80
cache_swap_high 95
hierarchy_stoplist cgi-bin ?
half_closed_clients off
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.asp \.php \.jsp \.cgi
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
ftp_user Squid@
ftp_passive on
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access deny !Safe_ports
acl SSL_ports port 443 563 8601
acl CONNECT method CONNECT
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow localhost
# And finally deny all other access to this proxy
#never_direct allow all
acl ken src 1.1.1.2
http_access allow ken
http_access deny all
icp_access allow all
透明代理不是需要加上以下一句么:
httpd_accel_host virtual
httpd_accel_port 80 |
|