Centos

Squid 3.5.20 無法上網

  • March 8, 2021

我在 CentOS 7 上安裝了 Squid Proxy 3.5.20

伺服器已連接到網際網路並 ping

Squid 正在執行且沒有錯誤

當我嘗試在 Chrome 中通過 Squid 時,我無法訪問 http 和 https 站點,甚至本地 IP (192.168.95.x)

我配置了一個 whitelist.txt,其中包含我想要授予訪問權限的所有域。甚至 CHMOD 0777 以避免任何權利問題。

我刪除了 squid.config 中的 acl 白名單行以刪除任何限制。

我嘗試在 Ubuntu Server 和 CenOS 7 上都遇到了同樣的問題,也許這是一個較新版本的 Squid 需要一些額外的配置,就像我在 Ubuntu Server 上安裝它之前一樣,並按預期工作,直到伺服器崩潰,我不得不安裝一個新版本一。

這是我的配置:

acl my_network src 192.168.95.0/24          # My LAN
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines


acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT


acl whitelist dstdomain "/etc/squid/whitelist.txt"
http_access allow whitelist
http_access deny !whitelist


http_access deny !Safe_ports


http_access deny CONNECT !SSL_ports


http_access allow localhost manager
http_access deny manager


#http_access deny to_localhost


http_access allow my_network
http_access allow localnet
http_access allow localhost


http_access deny all


http_port 3128


#cache_dir ufs /var/spool/squid 100 16 256


coredump_dir /var/spool/squid


refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .       0   20% 4320

這是我的乙太網介面:

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="enp2s0"
UUID="f9ae5b5e-552c-49f7-b2c9-44c1de033cea"
DEVICE="enp2s0"
ONBOOT="yes"
IPADDR="192.168.95.3"
PREFIX="24"
GATEWAY="192.168.95.1"
DNS1="8.8.8.8"
IPV6_PRIVACY="no"

知道我的區域網路是 192.168.95.x/24,代理伺服器是 192.168.95.3,我們只使用 IPv4

任何建議,將不勝感激。

這是重啟服務時squid的日誌,嘗試訪問網站時沒有日誌:

2021/03/08 16:15:39| Squid is already running!  Process ID 1763
2021/03/08 16:15:41| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Preparing for shutdown after 0 requests
2021/03/08 16:15:41 kid1| Waiting 30 seconds for active connections to finish
2021/03/08 16:15:41 kid1| Closing HTTP port [::]:3128
2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Starting Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu...
2021/03/08 16:15:41 kid1| Service Name: squid
2021/03/08 16:15:41 kid1| Process ID 1791
2021/03/08 16:15:41 kid1| Process Roles: worker
2021/03/08 16:15:41 kid1| With 16384 file descriptors available
2021/03/08 16:15:41 kid1| Initializing IP Cache...
2021/03/08 16:15:41 kid1| DNS Socket created at [::], FD 6
2021/03/08 16:15:41 kid1| DNS Socket created at 0.0.0.0, FD 8
2021/03/08 16:15:41 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2021/03/08 16:15:41 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2021/03/08 16:15:41 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2021/03/08 16:15:41 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2021/03/08 16:15:41 kid1| Store logging disabled
2021/03/08 16:15:41 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2021/03/08 16:15:41 kid1| Target number of buckets: 1008
2021/03/08 16:15:41 kid1| Using 8192 Store buckets
2021/03/08 16:15:41 kid1| Max Mem  size: 262144 KB
2021/03/08 16:15:41 kid1| Max Swap size: 0 KB
2021/03/08 16:15:41 kid1| Using Least Load store dir selection
2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid
2021/03/08 16:15:41 kid1| Finished loading MIME types and icons.
2021/03/08 16:15:41 kid1| HTCP Disabled.
2021/03/08 16:15:41 kid1| Squid plugin modules loaded: 0
2021/03/08 16:15:41 kid1| Adaptation support is off.
2021/03/08 16:15:41 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 11 flags=9
2021/03/08 16:15:42 kid1| storeLateRelease: released 0 objects

Chrome 顯示 ERR_PROXY_CONNECTION_FAILED

您的問題是防火牆規則阻止訪問埠 3128/tcp。

要永久授予對此埠的訪問權限,您可能需要添加如下規則:

sudo iptables -A INPUT -i $iflan -p tcp --dport 3128 -j ACCEPT

請替換$iflan為您的 LAN 介面的名稱。

要使防火牆規則永久化,請使用以下命令:

sudo yum update
sudo yum install iptables-persistent
sudo invoke-rc.d iptables-persistent save

這個關於 iptables 的文件提供了關於這個主題的進一步指導。

**編輯:**添加了安裝iptables-persistent 的命令。

引用自:https://serverfault.com/questions/1056306