你好,我已经安装了 squid3 代理服务器,并且该服务器位于交换机和路由器之间,所有流量都通过 squid3 服务器,我无法:
- 使用filezilla软件访问FTP
- 由于我使用的是 thunderbird 和 microsoft outlook,因此无法更新邮件。
- 无法使用 putty 和远程桌面连接(Microsoft 内置工具)将服务器远程带到网络之外
- 无法向网络外发送 Skype 消息
当流量通过 squid3 服务器时,无法在 eclipse 中提交或更新,下面是 eclipse 中的版本和错误
Version: Indigo Service Release 2 Build id: 20120216-1857 Eclipse IDE for Java Developers錯誤是
propfind request failed on 'svn trunk'。
上述任务在直接连接到路由器时工作正常,但当流量通过 squid3 时则不起作用
我能够
- 浏览 http 和 https
- 生成日志
我不太熟悉 squid 和 iptables 所以请帮助我
我没有修改squid.conf文件,我只输入了网络详细信息&uncommented net.ipv4.ip_forward=1
存在于/etc/sysctl.conf文件中
以下是网络配置
auto eth0 ( ON board Ethernet port & is connected to ROuter)
iface eth0 inet static
address 192.168.2.8
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.5
dns-nameservers 192.168.2.5 8.8.8.8
auto eth1 ( LAN card IS connected to switch & clients are connected to switch)
iface eth1
inet static
address 192.168.1.120
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.5
dns-nameservers 192.168.2.5 8.8.8.8
客户端的 IP 为 192.168.1.IP
已检查在客户端网络设置中输入网关 192.168.1.1 和 192.168.1.120(Squid 代理服务器地址)
以下是我的squid.conf文件内容
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl network src 192.168.0.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
http_access allow all
答案1
尝试此解决方案
首先,您不会对所有流量都使用代理,还是使用了?
如果没有,则需要指定squid.confhttp 流量的端口
http_port 3128
这样,你就可以使用代理进行 http 通信了。在浏览器代理中设置即可。
如果你不想设置每台电脑,你可以添加iptables规则以将流量port 80重定向到代理
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
这也将允许 http 流量绕过代理。
您还需要设置iptables从一个网卡到另一个网卡的流量转发
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
您的代理现已配置为允许来自本地的 http 流量。