- 论坛徽章:
- 0
|
偶在单位用SQUID+IPTABLES做的,能够使用代理上网,透明代理也能实现.但是最近发现,SQUID代理只有在机器重新启动后1个小时内能用,过一段时间以后不但局网内的机器都不能通过代理上网(但是透明代理还可以用的),服务器自己也上不了网(这是SQUID进程还在).分析过SQUID的CACHE.LOG,没有发现异常的错误.
偶的机器是HP的LH3000,,256MREM,10G硬盘.自己实在解决不了(看了好多帖子了,没有找到解决方法),现贴出我的配置文件,请大家帮忙解决.
[SUIQD.CONF]
http_port 8080
ssl_unclean_shutdown off
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 80 MB
cache_swap_low 90
cache_swap_high 95
half_closed_clients off
maximum_object_size 1024 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
cache_dir ufs /var/spool/squid 4096 16 256
cache_access_log none
cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log on
dns_nameservers 1.2.3.4
dns_timeout 1 minutes
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
redirect_rewrites_host_header off
error_directory /usr/share/squid/errors/Simplify_Chinese
icon_directory /usr/share/squid/icons
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl allow_ip2 src 10.139.0.0/255.255.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow allow_ip2
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
visible_hostname jhpost
httpd_accel_host virtual
httpd_accel_with_proxy on
coredump_dir /var/spool/squid
IPTABLES规则如下
# Generated by iptables-save v1.2.7a on Mon Jun 7 13:14:46 2004
*filter
:INPUT ACCEPT [213830]
:FORWARD ACCEPT [225371]
:OUTPUT ACCEPT [241423]
COMMIT
# Completed on Mon Jun 7 13:14:46 2004
# Generated by iptables-save v1.2.7a on Mon Jun 7 13:14:46 2004
*mangle
REROUTING ACCEPT [798986]
:INPUT ACCEPT [508545]
:FORWARD ACCEPT [254663]
:OUTPUT ACCEPT [585077]
OSTROUTING ACCEPT [838895]
COMMIT
# Completed on Mon Jun 7 13:14:46 2004
# Generated by iptables-save v1.2.7a on Mon Jun 7 13:14:46 2004
*nat
REROUTING ACCEPT [30531]
OSTROUTING ACCEPT [12411]
:OUTPUT ACCEPT [10465]
[1937] -A POSTROUTING -s 10.139.153.0/255.255.255.0 -o eth1 -j MASQUERADE
[11390] -A POSTROUTING -s 10.139.154.0/255.255.255.0 -o eth1 -j MASQUERADE
[69] -A POSTROUTING -s 10.139.232.10 -o eth1 -j MASQUERADE
[69] -A POSTROUTING -s 10.139.129.212 -o eth1 -j MASQUERADE
COMMIT
# Completed on Mon Jun 7 13:14:46 2004
请大家帮忙看看,急切求助. |
|