Squid 3.5.20 无法访问互联网

Squid 3.5.20 无法访问互联网

我在 CentOS 7 上安装了 Squid Proxy 3.5.20

服务器已连接到互联网并可 ping

Squid 运行无错误

当我尝试通过 Chrome 中的 Squid 时,我无法访问 http 和 https 站点的互联网,即使是本地 IP(192.168.95.x)也无法访问

我配置了一个 whitelist.txt,其中包含我想要授予访问权限的所有域。甚至还配置了 CHMOD 0777 以避免任何权限问题。

我删除了 squid.config 中的 acl 白名单行以消除任何限制。

我尝试过,但 Ubuntu Server 和 CenOS 7 都遇到了同样的问题,也许这是较新版本的 Squid,需要一些额外的配置,因为之前我在 Ubuntu Server 上安装它时它一直按预期工作,直到服务器崩溃,我不得不安装一个新的。

这是我的配置:

acl my_network src 192.168.95.0/24          # My LAN
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines


acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT


acl whitelist dstdomain "/etc/squid/whitelist.txt"
http_access allow whitelist
http_access deny !whitelist


http_access deny !Safe_ports


http_access deny CONNECT !SSL_ports


http_access allow localhost manager
http_access deny manager


#http_access deny to_localhost


http_access allow my_network
http_access allow localnet
http_access allow localhost


http_access deny all


http_port 3128


#cache_dir ufs /var/spool/squid 100 16 256


coredump_dir /var/spool/squid


refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .       0   20% 4320

这是我的以太网接口:

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="enp2s0"
UUID="f9ae5b5e-552c-49f7-b2c9-44c1de033cea"
DEVICE="enp2s0"
ONBOOT="yes"
IPADDR="192.168.95.3"
PREFIX="24"
GATEWAY="192.168.95.1"
DNS1="8.8.8.8"
IPV6_PRIVACY="no"

知道我的 LAN 是 192.168.95.x/24,代理服务器是 192.168.95.3,并且我们只使用 IPv4

任何建议,将不胜感激。

这是重新启动服务时的 Squid 日志,尝试访问网站时没有日志:

2021/03/08 16:15:39| Squid is already running!  Process ID 1763
2021/03/08 16:15:41| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Preparing for shutdown after 0 requests
2021/03/08 16:15:41 kid1| Waiting 30 seconds for active connections to finish
2021/03/08 16:15:41 kid1| Closing HTTP port [::]:3128
2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Starting Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu...
2021/03/08 16:15:41 kid1| Service Name: squid
2021/03/08 16:15:41 kid1| Process ID 1791
2021/03/08 16:15:41 kid1| Process Roles: worker
2021/03/08 16:15:41 kid1| With 16384 file descriptors available
2021/03/08 16:15:41 kid1| Initializing IP Cache...
2021/03/08 16:15:41 kid1| DNS Socket created at [::], FD 6
2021/03/08 16:15:41 kid1| DNS Socket created at 0.0.0.0, FD 8
2021/03/08 16:15:41 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2021/03/08 16:15:41 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2021/03/08 16:15:41 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2021/03/08 16:15:41 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2021/03/08 16:15:41 kid1| Store logging disabled
2021/03/08 16:15:41 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2021/03/08 16:15:41 kid1| Target number of buckets: 1008
2021/03/08 16:15:41 kid1| Using 8192 Store buckets
2021/03/08 16:15:41 kid1| Max Mem  size: 262144 KB
2021/03/08 16:15:41 kid1| Max Swap size: 0 KB
2021/03/08 16:15:41 kid1| Using Least Load store dir selection
2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Finished loading MIME types and icons.
2021/03/08 16:15:41 kid1| HTCP Disabled.
2021/03/08 16:15:41 kid1| Squid plugin modules loaded: 0
2021/03/08 16:15:41 kid1| Adaptation support is off.
2021/03/08 16:15:41 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 11 flags=9
2021/03/08 16:15:42 kid1| storeLateRelease: released 0 objects

Chrome 显示 ERR_PROXY_CONNECTION_FAILED

答案1

您的问题是防火墙规则阻止了对端口 3128/tcp 的访问。

要永久授予此端口的访问权限,您可能需要添加如下规则:

sudo iptables -A INPUT -i $iflan -p tcp --dport 3128 -j ACCEPT

请替换$iflan为您的 LAN 接口的名称。

要使防火墙规则永久生效,请使用以下命令:

sudo yum update
sudo yum install iptables-persistent
sudo invoke-rc.d iptables-persistent save

iptables 文档为该主题提供了进一步的指导。

编辑:添加了安装命令iptables-持久性

相关内容