Проблема с прозрачным прокси.
Добавлено: 2012-01-20 8:51:10
Здравствуйте уважаемые.
У меня возникла одна проблема с прокси сервером squid
Решил я настроит SAMS+SQUID вроде настроил но вот не как не хочет работать прозрачность
вот конфиги
pf.conf
squid.conf
sams.conf
логи squid
cache.log
У меня возникла одна проблема с прокси сервером squid
Решил я настроит SAMS+SQUID вроде настроил но вот не как не хочет работать прозрачность
вот конфиги
pf.conf
Код: Выделить всё
int_if="xl0"
ext_tun="tun0"
set skip on lo0
set skip on $int_if
set block-policy return
scrub in all
nat on $ext_tun from !($ext_tun) -> ($ext_tun:0)
rdr on $int_if inet proto tcp from any to any port 80 -> 192.168.30.1 port 8081
block all
pass out inet keep state
pass quick on $int_if keep state
antispoof quick for { lo $int_if }
pass in on $ext_tun proto tcp to ($ext_tun) port ssh
pass in on $ext_tun proto tcp to ($ext_tun) port ftp
pass out log on $ext_tun proto tcp from ($ext_tun) to port smtp
Код: Выделить всё
acl _sams_default src "/usr/local/etc/squid/default.sams"
acl _sams_default_time time MTWHFAS 00:00-23:00
acl _sams_4f151dff393de src "/usr/local/etc/squid/4f151dff393de.sams"
acl _sams_4f151dff393de_time time MTWHFAS 00:00-23:59
acl _sams_4f1519230b5b6 urlpath_regex -i "/usr/local/etc/squid/4f1519230b5b6.sams"
acl _sams_chat url_regex "/usr/local/etc/squid/chat.sams"
acl _sams_porno url_regex "/usr/local/etc/squid/porno.sams"
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow _sams_default !_sams_4f1519230b5b6 !_sams_chat !_sams_porno _sams_default_time
http_access allow _sams_4f151dff393de _sams_4f151dff393de_time
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 8081 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/squid/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_access 1 allow _sams_4f151dff393de
delay_access 1 deny all
delay_parameters 1 2097152/2097152 1048576/1048576
delay_access 2 allow _sams_default
delay_access 2 deny all
delay_parameters 2 1048576/1048576 512000/512000
coredump_dir /var/squid/cache
Код: Выделить всё
[client]
SQUID_DB=squidlog
SAMS_DB=squidctrl
MYSQLHOSTNAME=127.0.0.1
MYSQLUSER=sams
MYSQLPASSWORD=qwerty
MYSQLVERSION=5.1
SQUIDCACHEFILE=access.log
SQUIDROOTDIR=/usr/local/etc/squid
SQUIDLOGDIR=/var/squid/logs
SQUIDCACHEDIR=/var/squid/cache
SAMSPATH=/usr/local
SQUIDPATH=/usr/local/sbin
#SQUIDGUARDLOGPATH=/var/log
#SQUIDGUARDDBPATH=/var/db/squidGuard
RECODECOMMAND=iconv -f KOI8-R -t 866 %finp > %fout.
#LDAPSERVER=servername_or_ipadress
#LDAPBASEDN=your.domain
#LDAPUSER=DomainAdministrator
#LDAPUSERPASSWD=passwd
#LDAPUSERSGROUP=Users
REJIKPATH=/usr/local/rejik
SHUTDOWNCOMMAND=/sbin/shutdown -h now
CACHENUM=0
cache.log
Код: Выделить всё
CPU Usage: 0.064 seconds = 0.021 user + 0.042 sys
Maximum Resident Size: 4700 KB
Page faults with physical i/o: 0
2012/01/19 16:48:47| logfileClose: closing log /var/squid/logs/store.log
2012/01/19 16:48:47| logfileClose: closing log /var/squid/logs/access.log
2012/01/19 16:48:47| Squid Cache (Version 2.7.STABLE9): Exiting normally.
2012/01/19 16:48:47| Starting Squid Cache version 2.7.STABLE9 for i386-portbld-freebsd8.2...
2012/01/19 16:48:47| Process ID 23991
2012/01/19 16:48:47| With 11095 file descriptors available
2012/01/19 16:48:47| Using kqueue for the IO loop
2012/01/19 16:48:47| DNS Socket created at 0.0.0.0, port 23781, FD 6
2012/01/19 16:48:47| Adding domain rbs.loc from /etc/resolv.conf
2012/01/19 16:48:47| Adding nameserver xxx.xxx.xxx.1 from /etc/resolv.conf
2012/01/19 16:48:47| Adding nameserver xxx.xxx.xxx.3 from /etc/resolv.conf
2012/01/19 16:48:47| Adding nameserver xx.xx.xx.xx from /etc/resolv.conf
2012/01/19 16:48:47| logfileOpen: opening log /var/squid/logs/access.log
2012/01/19 16:48:47| Unlinkd pipe opened on FD 11
2012/01/19 16:48:47| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2012/01/19 16:48:47| Target number of buckets: 425
2012/01/19 16:48:47| Using 8192 Store buckets
2012/01/19 16:48:47| Max Mem size: 8192 KB
2012/01/19 16:48:47| Max Swap size: 102400 KB
2012/01/19 16:48:47| logfileOpen: opening log /var/squid/logs/store.log
2012/01/19 16:48:47| Rebuilding storage in /var/squid/cache (CLEAN)
2012/01/19 16:48:47| Using Least Load store dir selection
2012/01/19 16:48:47| Set Current Directory to /var/squid/cache
2012/01/19 16:48:47| Loaded Icons.
2012/01/19 16:48:48| Accepting transparently proxied HTTP connections at 0.0.0.0, port 8081, FD 13.
2012/01/19 16:48:48| Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
2012/01/19 16:48:48| WCCP Disabled.
2012/01/19 16:48:48| Ready to serve requests.
2012/01/19 16:48:48| Done reading /var/squid/cache swaplog (26 entries)
2012/01/19 16:48:48| Finished rebuilding storage from disk.
2012/01/19 16:48:48| 26 Entries scanned
2012/01/19 16:48:48| 0 Invalid entries.
2012/01/19 16:48:48| 0 With invalid flags.
2012/01/19 16:48:48| 26 Objects loaded.
2012/01/19 16:48:48| 0 Objects expired.
2012/01/19 16:48:48| 0 Objects cancelled.
2012/01/19 16:48:48| 0 Duplicate URLs purged.
2012/01/19 16:48:48| 0 Swapfile clashes avoided.
2012/01/19 16:48:48| Took 0.3 seconds ( 77.8 objects/sec).
2012/01/19 16:48:48| Beginning Validation Procedure
2012/01/19 16:48:48| Completed Validation Procedure
2012/01/19 16:48:48| Validated 26 Entries
2012/01/19 16:48:48| store_swap_size = 224k
2012/01/19 16:48:48| storeLateRelease: released 0 objects