我在 CentOS 7 上安装了 Squid Proxy 3.5.20
服务器已连接到互联网并可 ping
Squid 运行无错误
当我尝试通过 Chrome 中的 Squid 时,我无法访问 http 和 https 站点的互联网,即使是本地 IP(192.168.95.x)也无法访问
我配置了一个 whitelist.txt,其中包含我想要授予访问权限的所有域。甚至还配置了 CHMOD 0777 以避免任何权限问题。
我删除了 squid.config 中的 acl 白名单行以消除任何限制。
我尝试过,但 Ubuntu Server 和 CenOS 7 都遇到了同样的问题,也许这是较新版本的 Squid,需要一些额外的配置,因为之前我在 Ubuntu Server 上安装它时它一直按预期工作,直到服务器崩溃,我不得不安装一个新的。
这是我的配置:
acl my_network src 192.168.95.0/24 # My LAN
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl whitelist dstdomain "/etc/squid/whitelist.txt"
http_access allow whitelist
http_access deny !whitelist
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
#http_access deny to_localhost
http_access allow my_network
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
#cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
这是我的以太网接口:
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="enp2s0"
UUID="f9ae5b5e-552c-49f7-b2c9-44c1de033cea"
DEVICE="enp2s0"
ONBOOT="yes"
IPADDR="192.168.95.3"
PREFIX="24"
GATEWAY="192.168.95.1"
DNS1="8.8.8.8"
IPV6_PRIVACY="no"
知道我的 LAN 是 192.168.95.x/24,代理服务器是 192.168.95.3,并且我们只使用 IPv4
任何建议,将不胜感激。
这是重新启动服务时的 Squid 日志,尝试访问网站时没有日志:
2021/03/08 16:15:39| Squid is already running! Process ID 1763
2021/03/08 16:15:41| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Preparing for shutdown after 0 requests
2021/03/08 16:15:41 kid1| Waiting 30 seconds for active connections to finish
2021/03/08 16:15:41 kid1| Closing HTTP port [::]:3128
2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Starting Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu...
2021/03/08 16:15:41 kid1| Service Name: squid
2021/03/08 16:15:41 kid1| Process ID 1791
2021/03/08 16:15:41 kid1| Process Roles: worker
2021/03/08 16:15:41 kid1| With 16384 file descriptors available
2021/03/08 16:15:41 kid1| Initializing IP Cache...
2021/03/08 16:15:41 kid1| DNS Socket created at [::], FD 6
2021/03/08 16:15:41 kid1| DNS Socket created at 0.0.0.0, FD 8
2021/03/08 16:15:41 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2021/03/08 16:15:41 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2021/03/08 16:15:41 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2021/03/08 16:15:41 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2021/03/08 16:15:41 kid1| Store logging disabled
2021/03/08 16:15:41 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2021/03/08 16:15:41 kid1| Target number of buckets: 1008
2021/03/08 16:15:41 kid1| Using 8192 Store buckets
2021/03/08 16:15:41 kid1| Max Mem size: 262144 KB
2021/03/08 16:15:41 kid1| Max Swap size: 0 KB
2021/03/08 16:15:41 kid1| Using Least Load store dir selection
2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Finished loading MIME types and icons.
2021/03/08 16:15:41 kid1| HTCP Disabled.
2021/03/08 16:15:41 kid1| Squid plugin modules loaded: 0
2021/03/08 16:15:41 kid1| Adaptation support is off.
2021/03/08 16:15:41 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 11 flags=9
2021/03/08 16:15:42 kid1| storeLateRelease: released 0 objects
Chrome 显示 ERR_PROXY_CONNECTION_FAILED
答案1
您的问题是防火墙规则阻止了对端口 3128/tcp 的访问。
要永久授予此端口的访问权限,您可能需要添加如下规则:
sudo iptables -A INPUT -i $iflan -p tcp --dport 3128 -j ACCEPT
请替换$iflan
为您的 LAN 接口的名称。
要使防火墙规则永久生效,请使用以下命令:
sudo yum update
sudo yum install iptables-persistent
sudo invoke-rc.d iptables-persistent save
这iptables 文档为该主题提供了进一步的指导。
编辑:添加了安装命令iptables-持久性。