SQUID3 - brak dost

Konfiguracja serwerów, usług, itp.
ODPOWIEDZ
Awatar użytkownika
czarownik
Beginner
Posty: 240
Rejestracja: 22 maja 2009, 17:23

SQUID3 - brak dostępu do internetu

Post autor: czarownik »

Witam.
Uruchomiłem sobie nowego squida 3 i mam z nim problem. Przekierowałem ruch na ruterze, utworzyłem odpowiednio ACL i routmapę, w logach widzę, że ruch przechodzi przez ACL i jest poprawnie przekierowany.

Po przekierowaniu ruchu www na serwer squida końcówki nie mają internetu. A acces.log jest pusty.

Plik konfiguracyjny:

Kod: Zaznacz cały

#ilość ramu
cache_mem 1500 MB
# Maksymalny rozmiar pliku
maximum_object_size 65536 KB
maximum_object_size_in_memory 20 KB
ipcache_size 10240
ipcache_low 90
ipcache_high 95
cache_access_log /var/log/squid3/access.log

http_port 192.168.11.16:80 transparent
dns_nameservers 192.168.11.1
error_directory /usr/share/squid3/errors/Polish
visible_hostname transfer
log_fqdn on
log_mime_hdrs on
#ident_lookup_access allow all localhost SSL_ports Safe_ports CONNECT

#1000 oznacza 1000mb dysku dla squida
cache_dir ufs /var/spool/squid 3000 16 256
#na jakim poziomie zapełnienia ma pracowac cache dyskowe
cache_swap_low  90
cache_swap_high 95
#dla archaicznych internet exploderow
ie_refresh on

# udostepnianie proxy dla wszystkich
#http_access allow all
###########################################################
# acl all src all
 acl all src 192.168.1.0/24
http_access allow all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 210 443 563 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT

icp_access allow all
miss_access allow all
cache_mgr admin@domena.pl

######################################################
vary_ignore_expire on
relaxed_header_parser on

request_header_max_size 50 KB
refresh_pattern -i \.(gif|jpg|jpeg|png|html|bmp)   4320   90%    43200   reload-into-ims
refresh_pattern -i \.(zip|gz|bz2|exe|rar|mp3|mpg|avi|wmv|vqf|ogg)   43200   100%    43200   reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll)     43200    100%    43200   reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll) 43200   100%    43200   reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll) 43200 100% 43200 reload-into-ims
refresh_pattern symantecliveupdate.com/.*\.(zip|exe)    43200    100%    43200   reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe)         43200   100%    43200   reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe)    43200   100%    43200   reload-into-ims
refresh_pattern avast.com/.*\.(vpu|vpaa)    43200   100%    43200   reload-into-ims
refresh_pattern .               0       90%     43200 reload-into-ims
#collapsed_forwarding off
#refresh_stale_hit 100 seconds
half_closed_clients on
ident_timeout 1 seconds


polecenie squide -X

Kod: Zaznacz cały

2010/11/08 13:52:49.137| command-line -X overrides: ALL,7
2010/11/08 13:52:49.137| CacheManager::registerAction: registering legacy mem
2010/11/08 13:52:49.137| CacheManager::findAction: looking for action mem
2010/11/08 13:52:49.137| Action not found.
2010/11/08 13:52:49.137| CacheManager::registerAction: registered mem
2010/11/08 13:52:49.137| CacheManager::registerAction: registering legacy squidaio_counts
2010/11/08 13:52:49.137| CacheManager::findAction: looking for action squidaio_counts
2010/11/08 13:52:49.137| Action not found.
2010/11/08 13:52:49.137| CacheManager::registerAction: registered squidaio_counts
2010/11/08 13:52:49.137| CacheManager::registerAction: registering legacy diskd
2010/11/08 13:52:49.137| CacheManager::findAction: looking for action diskd
2010/11/08 13:52:49.137| Action not found.
2010/11/08 13:52:49.137| CacheManager::registerAction: registered diskd
2010/11/08 13:52:49.137| Detected IPv6 hybrid or v4-mapping stack...
2010/11/08 13:52:49.137| IPv6 transport Enabled
2010/11/08 13:52:49.137| aclDestroyACLs: invoked
2010/11/08 13:52:49.137| ACL::Prototype::Registered: invoked for type src
2010/11/08 13:52:49.138| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.138| ACL::FindByName 'all'
2010/11/08 13:52:49.138| ACL::FindByName found no match
2010/11/08 13:52:49.138| aclParseAclLine: Creating ACL 'all'
2010/11/08 13:52:49.138| ACL::Prototype::Factory: cloning an object for type 'src'
2010/11/08 13:52:49.138| aclIpParseIpData: all
2010/11/08 13:52:49.138| aclIpParseIpData: magic 'all' found.
2010/11/08 13:52:49.138| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.138| ACL::FindByName 'all'
2010/11/08 13:52:49.138| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2010/11/08 13:52:49.155| Processing: 'cache_mem 1500 MB'
2010/11/08 13:52:49.155| Processing: 'maximum_object_size 65536 KB'
2010/11/08 13:52:49.155| Processing: 'maximum_object_size_in_memory 20 KB'
2010/11/08 13:52:49.155| Processing: 'ipcache_size 10240'
2010/11/08 13:52:49.156| Processing: 'ipcache_low 90'
2010/11/08 13:52:49.156| Processing: 'ipcache_high 95'
2010/11/08 13:52:49.156| Processing: 'cache_access_log /var/log/squid3/access.log'
2010/11/08 13:52:49.156| Log definition name 'auto' file '/var/log/squid3/access.log'
2010/11/08 13:52:49.156| Processing: 'http_port 192.168.11.16:80 transparent'
2010/11/08 13:52:49.156| http(s)_port: Listen on Host/IP: 192.168.11.16 --> 192.168.11.16:80
2010/11/08 13:52:49.156| Starting Authentication on port 192.168.11.16:80
2010/11/08 13:52:49.156| Disabling Authentication on port 192.168.11.16:80 (interception enabled)
2010/11/08 13:52:49.156| Disabling IPv6 on port 192.168.11.16:80 (interception enabled)
2010/11/08 13:52:49.156| Processing: 'dns_nameservers 192.168.11.1'
2010/11/08 13:52:49.156| Processing: 'error_directory /usr/share/squid3/errors/Polish'
2010/11/08 13:52:49.156| Processing: 'visible_hostname transfer'
2010/11/08 13:52:49.156| Processing: 'log_fqdn on'
2010/11/08 13:52:49.156| Processing: 'log_mime_hdrs on'
2010/11/08 13:52:49.156| Processing: 'cache_dir ufs /var/spool/squid 3000 16 256'
2010/11/08 13:52:49.156| file_map_create: creating space for 16384 files
2010/11/08 13:52:49.156| --> 256 words of 8 bytes each
2010/11/08 13:52:49.179| Processing: 'cache_swap_low  90'
2010/11/08 13:52:49.179| Processing: 'cache_swap_high 95'
2010/11/08 13:52:49.179| Processing: 'ie_refresh on'
2010/11/08 13:52:49.179| Processing: ' acl all src 192.168.1.0/24 '
2010/11/08 13:52:49.179| ACL::Prototype::Registered: invoked for type src
2010/11/08 13:52:49.179| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.179| ACL::FindByName 'all'
2010/11/08 13:52:49.179| aclParseAclLine: Appending to 'all'
2010/11/08 13:52:49.179| aclIpParseIpData: 192.168.1.0/24
2010/11/08 13:52:49.179| aclIpParseIpData: '192.168.1.0/24' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2010/11/08 13:52:49.179| Ip.cc(509) FactoryParse: Parsed: 192.168.1.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00](/120)
2010/11/08 13:52:49.179| aclIpAddrNetworkCompare: compare: [::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00] ([::])  vs 192.168.1.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00]
2010/11/08 13:52:49.179| aclIpAddrNetworkCompare: compare: 192.168.1.0/[::] ([::])  vs [::]-[::]/[::]
2010/11/08 13:52:49.179| WARNING: (A) '192.168.1.0/24' is a subnetwork of (B) '::/0'
2010/11/08 13:52:49.179| WARNING: because of this '192.168.1.0/24' is ignored to keep splay tree searching predictable
2010/11/08 13:52:49.179| WARNING: You should probably remove '192.168.1.0/24' from the ACL named 'all'
2010/11/08 13:52:49.179| Processing: 'http_access allow all'
2010/11/08 13:52:49.179| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.179| ACL::FindByName 'all'
2010/11/08 13:52:49.179| Processing: 'acl manager proto cache_object'
2010/11/08 13:52:49.179| ACL::Prototype::Registered: invoked for type proto
2010/11/08 13:52:49.179| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.179| ACL::FindByName 'manager'
2010/11/08 13:52:49.179| ACL::FindByName found no match
2010/11/08 13:52:49.180| aclParseAclLine: Creating ACL 'manager'
2010/11/08 13:52:49.180| ACL::Prototype::Factory: cloning an object for type 'proto'
2010/11/08 13:52:49.180| Processing: 'acl localhost src 127.0.0.1/255.255.255.255'
2010/11/08 13:52:49.180| ACL::Prototype::Registered: invoked for type src
2010/11/08 13:52:49.180| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.180| ACL::FindByName 'localhost'
2010/11/08 13:52:49.180| ACL::FindByName found no match
2010/11/08 13:52:49.180| aclParseAclLine: Creating ACL 'localhost'
2010/11/08 13:52:49.180| ACL::Prototype::Factory: cloning an object for type 'src'
2010/11/08 13:52:49.180| aclIpParseIpData: 127.0.0.1/255.255.255.255
2010/11/08 13:52:49.180| aclIpParseIpData: '127.0.0.1/255.255.255.255' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2010/11/08 13:52:49.180| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2010/11/08 13:52:49.180| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2010/11/08 13:52:49.180| WARNING: For now we will assume you meant to write /32
2010/11/08 13:52:49.180| Ip.cc(509) FactoryParse: Parsed: 127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128)
2010/11/08 13:52:49.180| Processing: 'acl SSL_ports port 443 563'
2010/11/08 13:52:49.180| ACL::Prototype::Registered: invoked for type port
2010/11/08 13:52:49.180| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.180| ACL::FindByName 'SSL_ports'
2010/11/08 13:52:49.180| ACL::FindByName found no match
2010/11/08 13:52:49.180| aclParseAclLine: Creating ACL 'SSL_ports'
2010/11/08 13:52:49.180| ACL::Prototype::Factory: cloning an object for type 'port'
2010/11/08 13:52:49.194| Processing: 'acl Safe_ports port 21 70 80 210 443 563 1025-65535'
2010/11/08 13:52:49.194| ACL::Prototype::Registered: invoked for type port
2010/11/08 13:52:49.194| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.194| ACL::FindByName 'Safe_ports'
2010/11/08 13:52:49.194| ACL::FindByName found no match
2010/11/08 13:52:49.194| aclParseAclLine: Creating ACL 'Safe_ports'
2010/11/08 13:52:49.194| ACL::Prototype::Factory: cloning an object for type 'port'
2010/11/08 13:52:49.194| Processing: 'acl purge method PURGE'
2010/11/08 13:52:49.194| ACL::Prototype::Registered: invoked for type method
2010/11/08 13:52:49.194| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.194| ACL::FindByName 'purge'
2010/11/08 13:52:49.194| ACL::FindByName found no match
2010/11/08 13:52:49.194| aclParseAclLine: Creating ACL 'purge'
2010/11/08 13:52:49.194| ACL::Prototype::Factory: cloning an object for type 'method'
2010/11/08 13:52:49.194| Processing: 'acl CONNECT method CONNECT'
2010/11/08 13:52:49.194| ACL::Prototype::Registered: invoked for type method
2010/11/08 13:52:49.194| ACL::Prototype::Registered:    yes
2010/11/08 13:52:49.194| ACL::FindByName 'CONNECT'
2010/11/08 13:52:49.194| ACL::FindByName found no match
2010/11/08 13:52:49.194| aclParseAclLine: Creating ACL 'CONNECT'
2010/11/08 13:52:49.194| ACL::Prototype::Factory: cloning an object for type 'method'
2010/11/08 13:52:49.194| Processing: 'icp_access allow all'
2010/11/08 13:52:49.194| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.194| ACL::FindByName 'all'
2010/11/08 13:52:49.194| Processing: 'miss_access allow all'
2010/11/08 13:52:49.194| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.194| ACL::FindByName 'all'
2010/11/08 13:52:49.194| Processing: 'cache_mgr admin@domena.pl'
2010/11/08 13:52:49.194| Processing: 'vary_ignore_expire on'
2010/11/08 13:52:49.194| Processing: 'relaxed_header_parser on'
2010/11/08 13:52:49.194| Processing: 'request_header_max_size 50 KB'
2010/11/08 13:52:49.194| Processing: 'refresh_pattern -i \.(gif|jpg|jpeg|png|html|bmp)   4320   90%    43200   reload-into-ims'
2010/11/08 13:52:49.194| Processing: 'refresh_pattern -i \.(zip|gz|bz2|exe|rar|mp3|mpg|avi|wmv|vqf|ogg)   43200   100%    43200   reload-into-ims'
2010/11/08 13:52:49.199| Processing: 'refresh_pattern windowsupdate.com/.*\.(cab|exe|dll)     43200    100%    43200   reload-into-ims'
2010/11/08 13:52:49.200| Processing: 'refresh_pattern download.microsoft.com/.*\.(cab|exe|dll) 43200   100%    43200   reload-into-ims'
2010/11/08 13:52:49.200| Processing: 'refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll) 43200 100% 43200 reload-into-ims'
2010/11/08 13:52:49.204| Processing: 'refresh_pattern symantecliveupdate.com/.*\.(zip|exe)    43200    100%    43200   reload-into-ims'
2010/11/08 13:52:49.204| Processing: 'refresh_pattern windowsupdate.com/.*\.(cab|exe)         43200   100%    43200   reload-into-ims'
2010/11/08 13:52:49.204| Processing: 'refresh_pattern download.microsoft.com/.*\.(cab|exe)    43200   100%    43200   reload-into-ims'
2010/11/08 13:52:49.204| Processing: 'refresh_pattern avast.com/.*\.(vpu|vpaa)    43200   100%    43200   reload-into-ims'
2010/11/08 13:52:49.204| Processing: 'refresh_pattern .               0       90%     43200 reload-into-ims'
2010/11/08 13:52:49.204| Processing: 'half_closed_clients on'
2010/11/08 13:52:49.204| Processing: 'ident_timeout 1 seconds'
2010/11/08 13:52:49.204| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.204| ACL::FindByName 'all'
2010/11/08 13:52:49.204| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.204| ACL::FindByName 'all'
2010/11/08 13:52:49.204| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.204| ACL::FindByName 'all'
2010/11/08 13:52:49.204| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.204| ACL::FindByName 'all'
2010/11/08 13:52:49.205| wccp2_add_service_list: added service id 0
2010/11/08 13:52:49.205| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.205| ACL::FindByName 'all'
2010/11/08 13:52:49.205| aclParseAclList: looking for ACL name 'all'
2010/11/08 13:52:49.205| ACL::FindByName 'all'
2010/11/08 13:52:49.205| tools.cc(672) uniqueHostname:  Config: '
2010/11/08 13:52:49.205| tools.cc(672) uniqueHostname:  Config: '
2010/11/08 13:52:49.205| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2010/11/08 13:52:49.235| leave_suid: PID 2558 called
2010/11/08 13:52:49.235| leave_suid: PID 2558 giving up root, becoming 'proxy'
2010/11/08 13:52:49.235| command-line -X overrides: ALL,1
Podczas restartu squida mam taki błąd, przecież maska jest w odpowiednim formacie

Kod: Zaznacz cały

2010/11/08 13:52:21| WARNING: (A) '192.168.1.0/24' is a subnetwork of (B) '::/0'
2010/11/08 13:52:21| WARNING: because of this '192.168.1.0/24' is ignored to keep splay tree searching predictable
2010/11/08 13:52:21| WARNING: You should probably remove '192.168.1.0/24' from the ACL named 'all'
2010/11/08 13:52:21| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2010/11/08 13:52:21| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2010/11/08 13:52:21| WARNING: For now we will assume you meant to write /32
w pliku /etc/services zmieniłem

Kod: Zaznacz cały

http-alt        80/tcp  webcache        # WWW caching service
http-alt        80/udp                  # WWW caching service
z tego co widzę to squid nasłuchuje na zmienionym porcie

Kod: Zaznacz cały

tcp        0      0 192.168.11.16:80        0.0.0.0:*               LISTEN      2554/(squid)
czy da się w jakiś sposób sprawdzić czy squid przyjął wpisaną ACL i jakie adresy ip dopuszcza :( . prosił bym o pomoc, nie mogę zlokalizowac co robię nie tak :(
Na górę
ODPOWIEDZ

Wróć do „Serwer”