使用 squid 服务器阻止网站

使用 squid 服务器阻止网站

感谢大家的回答。我现在明白了问题所在,并开始使用 squid 服务器。首先,我在服务器 PC 上安装一个 squid 服务器[我使用的是 CentOS 5.5]。
首先,我下载一个 yum 包:

yum install squid

然后我按以下方式配置 squid 服务器:

vi /etc/squid/squid.conf

将这些行添加到 squid.conf 文件中:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl localhost src 127.0.0.1/8
acl lan src 202.51.176.42 192.168.10.1/24
http_access allow localhost
http_access allow lan

然后保存并退出[因为我使用 202.51.176.42 作为 eth2 中的真实 IP,并使用 eth0 中的子网作为 192.168.10.1]。然后添加一个文件:

cat > /etc/fw.proxy

然后将以下行添加到 fw.proxy 文件中:

#!/bin/sh
# ------------------------------------------------------------------------------------
# See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
# -------------------------------------------------------------------------------------
# squid server IP
SQUID_SERVER="202.51.176.42"
# Interface connected to Internet
INTERNET="eth2"
# Interface connected to LAN
LAN_IN="eth0"
# Squid port
SQUID_PORT="3128"
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to  $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

然后保存脚本。并执行脚本:

chmod +x /etc/fw.proxy
/etc/fw.proxy
service iptables save
chkconfig iptables on

然后重新启动代理服务器:/etc/init.d/squid restart 但这会导致如下输出:

Stopping squid:                                            [FAILED]
init_cache_dir /var/spool/squid... /etc/init.d/squid: line 62:  8990 Aborted                 $SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
Starting squid: /etc/init.d/squid: line 42:  8991 Aborted                 $SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
                                                       [FAILED]

在我的“/var/log/messages”中我发现这两行:

Dec 27 06:48:42 ns1 squid[8990]: Could not determine fully qualified hostname.  Please set 'visible_hostname' 
Dec 27 06:48:45 ns1 squid[8991]: Could not determine fully qualified hostname.  Please set 'visible_hostname'

请有人帮助我解决这个问题。

答案1

我不知道您需要对第一个错误做什么。我认为查看/etc/init.d/squid指示行的脚本并查看失败的命令是个好主意。对于第二个错误:

Dec 27 06:48:42 ns1 squid[8990]: Could not determine fully qualified hostname.  Please set 'visible_hostname'

您需要在 squid.conf 文件中设置 visible_hostname 的值,例如:

visible_hostname myproxy

相关内容