Centos
Squid 3.5.20 無法上網
我在 CentOS 7 上安裝了 Squid Proxy 3.5.20
伺服器已連接到網際網路並 ping
Squid 正在執行且沒有錯誤
當我嘗試在 Chrome 中通過 Squid 時,我無法訪問 http 和 https 站點,甚至本地 IP (192.168.95.x)
我配置了一個 whitelist.txt,其中包含我想要授予訪問權限的所有域。甚至 CHMOD 0777 以避免任何權利問題。
我刪除了 squid.config 中的 acl 白名單行以刪除任何限制。
我嘗試在 Ubuntu Server 和 CenOS 7 上都遇到了同樣的問題,也許這是一個較新版本的 Squid 需要一些額外的配置,就像我在 Ubuntu Server 上安裝它之前一樣,並按預期工作,直到伺服器崩潰,我不得不安裝一個新版本一。
這是我的配置:
acl my_network src 192.168.95.0/24 # My LAN acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl whitelist dstdomain "/etc/squid/whitelist.txt" http_access allow whitelist http_access deny !whitelist http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager #http_access deny to_localhost http_access allow my_network http_access allow localnet http_access allow localhost http_access deny all http_port 3128 #cache_dir ufs /var/spool/squid 100 16 256 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
這是我的乙太網介面:
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="enp2s0" UUID="f9ae5b5e-552c-49f7-b2c9-44c1de033cea" DEVICE="enp2s0" ONBOOT="yes" IPADDR="192.168.95.3" PREFIX="24" GATEWAY="192.168.95.1" DNS1="8.8.8.8" IPV6_PRIVACY="no"
知道我的區域網路是 192.168.95.x/24,代理伺服器是 192.168.95.3,我們只使用 IPv4
任何建議,將不勝感激。
這是重啟服務時squid的日誌,嘗試訪問網站時沒有日誌:
2021/03/08 16:15:39| Squid is already running! Process ID 1763 2021/03/08 16:15:41| Set Current Directory to /var/spool/squid 2021/03/08 16:15:41 kid1| Preparing for shutdown after 0 requests 2021/03/08 16:15:41 kid1| Waiting 30 seconds for active connections to finish 2021/03/08 16:15:41 kid1| Closing HTTP port [::]:3128 2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid 2021/03/08 16:15:41 kid1| Starting Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu... 2021/03/08 16:15:41 kid1| Service Name: squid 2021/03/08 16:15:41 kid1| Process ID 1791 2021/03/08 16:15:41 kid1| Process Roles: worker 2021/03/08 16:15:41 kid1| With 16384 file descriptors available 2021/03/08 16:15:41 kid1| Initializing IP Cache... 2021/03/08 16:15:41 kid1| DNS Socket created at [::], FD 6 2021/03/08 16:15:41 kid1| DNS Socket created at 0.0.0.0, FD 8 2021/03/08 16:15:41 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf 2021/03/08 16:15:41 kid1| Logfile: opening log daemon:/var/log/squid/access.log 2021/03/08 16:15:41 kid1| Logfile Daemon: opening log /var/log/squid/access.log 2021/03/08 16:15:41 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2021/03/08 16:15:41 kid1| Store logging disabled 2021/03/08 16:15:41 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2021/03/08 16:15:41 kid1| Target number of buckets: 1008 2021/03/08 16:15:41 kid1| Using 8192 Store buckets 2021/03/08 16:15:41 kid1| Max Mem size: 262144 KB 2021/03/08 16:15:41 kid1| Max Swap size: 0 KB 2021/03/08 16:15:41 kid1| Using Least Load store dir selection 2021/03/08 16:15:41 kid1| Set Current Directory to /var/spool/squid 2021/03/08 16:15:41 kid1| Finished loading MIME types and icons. 2021/03/08 16:15:41 kid1| HTCP Disabled. 2021/03/08 16:15:41 kid1| Squid plugin modules loaded: 0 2021/03/08 16:15:41 kid1| Adaptation support is off. 2021/03/08 16:15:41 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 11 flags=9 2021/03/08 16:15:42 kid1| storeLateRelease: released 0 objects
Chrome 顯示 ERR_PROXY_CONNECTION_FAILED
您的問題是防火牆規則阻止訪問埠 3128/tcp。
要永久授予對此埠的訪問權限,您可能需要添加如下規則:
sudo iptables -A INPUT -i $iflan -p tcp --dport 3128 -j ACCEPT
請替換
$iflan
為您的 LAN 介面的名稱。要使防火牆規則永久化,請使用以下命令:
sudo yum update sudo yum install iptables-persistent sudo invoke-rc.d iptables-persistent save
這個關於 iptables 的文件提供了關於這個主題的進一步指導。
**編輯:**添加了安裝iptables-persistent 的命令。