著急：squid2.6 stable5 做反向代理總是不成功

著急：squid2.6 stable5 做反向代理總是不成功

想通過squid做反向代理訪問內部的web伺服器

環境： ubuntu 7.04 ，squid2.6 stable5  eth0：218.70.34.236   eth1：202.202.240.155

看了很多文檔總是不能反向代理成功，
squid能正常啟動
----
2007/07/06 11:40:45| Starting Squid Cache version 2.6.STABLE5 for amd64-debian-linux-gnu...
2007/07/06 11:40:45| Process ID 6411
2007/07/06 11:40:45| With 1024 file descriptors available
2007/07/06 11:40:45| Using epoll for the IO loop
2007/07/06 11:40:45| Performing DNS Tests...
2007/07/06 11:40:45| Successful DNS name lookup tests...
2007/07/06 11:40:45| DNS Socket created at 0.0.0.0, port 32771, FD 5
2007/07/06 11:40:45| Adding nameserver 61.128.128.68 from /etc/resolv.conf
2007/07/06 11:40:45| User-Agent logging is disabled.
2007/07/06 11:40:45| Referer logging is disabled.
2007/07/06 11:40:45| Unlinkd pipe opened on FD 10
2007/07/06 11:40:45| Swap maxSize 4194304 KB, estimated 322638 objects
2007/07/06 11:40:45| Target number of buckets: 16131
2007/07/06 11:40:45| Using 16384 Store buckets
2007/07/06 11:40:45| Max Mem  size: 1048576 KB
2007/07/06 11:40:45| Max Swap size: 4194304 KB
2007/07/06 11:40:45| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2007/07/06 11:40:45| Rebuilding storage in /home/squid/cache (DIRTY)
2007/07/06 11:40:45| Using Least Load store dir selection
2007/07/06 11:40:45| Set Current Directory to /home/squid/cache
2007/07/06 11:40:45| Loaded Icons.
2007/07/06 11:40:45| Accepting accelerated HTTP connections at 218.70.34.236, port 80, FD 12.
2007/07/06 11:40:45| HTCP Disabled.
2007/07/06 11:40:45| WCCP Disabled.
2007/07/06 11:40:45| Configuring Parent 202.202.240.6/80/0
2007/07/06 11:40:45| Ready to serve requests.
2007/07/06 11:40:45| Done reading /home/squid/cache swaplog (0 entries)
2007/07/06 11:40:45| Finished rebuilding storage from disk.
2007/07/06 11:40:45|         0 Entries scanned
2007/07/06 11:40:45|         0 Invalid entries.
2007/07/06 11:40:45|         0 With invalid flags.
2007/07/06 11:40:45|         0 Objects loaded.
2007/07/06 11:40:45|         0 Objects expired.
2007/07/06 11:40:45|         0 Objects cancelled.
2007/07/06 11:40:45|         0 Duplicate URLs purged.
2007/07/06 11:40:45|         0 Swapfile clashes avoided.
2007/07/06 11:40:45|   Took 0.3 seconds (   0.0 objects/sec).
2007/07/06 11:40:45| Beginning Validation Procedure
2007/07/06 11:40:45|   Completed Validation Procedure
2007/07/06 11:40:45|   Validated 0 Entries
2007/07/06 11:40:45|   store_swap_size = 0k
2007/07/06 11:40:46| storeLateRelease: released 0 objects
----
通過瀏覽器訪問
提示access denied

用squidclient http://www.cquc.edu.cn
提示 client: ERROR: Cannot connect to localhost:3128: Connection refused

access.log
-------------

1183622267.439      0 218.70.34.236 TCP_DENIED/403 1430 GET http://www.cquc.edu.cn/ - NONE/- text/html
1183622267.669      0 218.70.34.236 TCP_DENIED/403 1452 GET http://www.cquc.edu.cn/favicon.ico - NONE/- text/html
1183622300.067      0 218.70.34.236 TCP_DENIED/403 1430 GET http://www.cquc.edu.cn/ - NONE/- text/html
1183622301.099      0 218.70.34.236 TCP_DENIED/403 1430 GET http://www.cquc.edu.cn/ - NONE/- text/html
----------

squid.conf
-------------

# NETWORK OPTIONS
# -----------------------------------------------------------------------------

http_port 218.70.34.236:80 vhost vport

cache_peer 202.202.240.6 parent 80 0 no-query originserver

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
collapsed_forwarding on

# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
cache_mem 1024 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 80 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------
#cache_dir ufs /Data/apps/squid/var/cache 1024 56 256
cache_dir ufs /home/squid/cache 4096 56 256
access_log /home/squid/access.log squid
cache_log /home/squid/cache.log
emulate_httpd_log on
cache_store_log /home/squid/store.log none
# pid_filename /Data/apps/squid/var/logs/squid.pid



refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB

# TIMEOUTS
# -----------------------------------------------------------------------------
forward_timeout 20 seconds
connect_timeout 15 seconds
# peer_connect_timeout 30 seconds
read_timeout 3 minutes
request_timeout 1 minutes
persistent_request_timeout 15 seconds
client_lifetime 15 minutes
half_closed_clients off

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------


cache_mgr master@cquc.edu.cn
cache_effective_user squid
cache_effective_group squid
# httpd_suppress_version_string off
visible_hostname proxyServer


logfile_rotate 0
tcp_recv_bufsize 65535 bytes



# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------
coredump_dir /home/squid/cache
client_persistent_connections on
server_persistent_connections on
vary_ignore_expire on
strip_query_terms on


# ACCESS CONTROLS
#---------------------------------------------------

acl OverConnLimit maxconn 20
http_access deny OverConnLimit

acl acceleratedHost dstdomain .cquc.edu.cn

acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

acl Srvdm dstdomain .www.cquc.edu.cn
acl SSL_ports port 443 563
acl Safe_ports port 80 81 # http
acl CONNECT method CONNECT

http_access allow acceleratedProtocol acceleratedPort acceleratedHost
http_access allow manager localhost
always_direct allow Srvdm
never_direct allow !Srvdm
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow Srvdm
http_access deny all
http_reply_access allow all
icp_access deny all
icp_port 0
--------

第一次配置squid，搞得我頭都大了，不知道那裡有問題，希望各位給看看

想問問，你是不是在客戶端IE的工具--》internet選項--》連接--》區域網的設置然後添入你的squid地址跟埠是這樣做的嗎？

act寫的有問題.

因為是第一次配 哪有問題望告知 謝謝

原帖由 jun821 於 2007-7-6 12:28 發表 http://bbs.chinaunix.net/images/common/back.gif
想問問，你是不是在客戶端IE的工具--》internet選項--》連接--》區域網的設置然後添入你的squid地址跟埠是這樣做的嗎？

做透明的反向代理，不需這樣做吧

內部DNS設置已在/etc/hosts 中添加了 202.202.240.6  www.cquc.edu.cn

這個需要做埠轉發嗎 不是很清楚 望告知

我有是第一次做有更多不明白的，希望有高手能寫個詳細一點的說明文檔就好了，不知道有沒有這樣的好人了

加上

acl mynetwork src 0.0.0.0/0   # 定義你允許訪問的客戶段IP範圍
http_access allow mynetwork   #允許你定義的地址範圍訪問
然後

squid/sbin/squid -k reconfigure

再試試

謝謝了 但還是不行啊 為什麼我用squidclient測試時 總是連接localhost的3128埠 是不是要用iptables做埠轉發啊

squidclient -p80

Tags: