Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Witam. Mam problem ze squidem, a raczej z puszczeniem jego w transparecie... bo jak normalnie ustawie w przegladarce proxy to dziala bez zarzotow.
Oto moj squid:
Squid Cache: Version 2.6.STABLE3 configure options: '--enable-xmalloc-statistics' '--enable-icmp' '--enable-htcp' '--enable-default-err-language=Polish' '--enable-underscores'
Oto konfig squida:
access_log /usr/local/squid/var/logs/access.log squid http_port 8080 transparent acl all src 0.0.0.0/0.0.0.0 acl apache rep_header Server ^Apache acl CONNECT method CONNECT acl localhost src 127.0.0.1/255.255.255.255 acl manager proto cache_object acl our_networks src 192.168.1.0/24 acl purge method PURGE acl QUERY urlpath_regex cgi-bin ? acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http broken_vary_encoding allow apache #cache_effective_group proxy cache deny QUERY cache_dir ufs /usr/local/squid/var/cache 1024 16 256 coredump_dir /var/spool/squid hierarchy_stoplist cgi-bin ? hosts_file /etc/hosts http_access allow localhost http_access allow manager localhost http_access allow purge localhost http_access allow our_networks #http_access deny all http_access deny CONNECT !SSL_ports http_access deny manager http_access deny purge http_access deny !Safe_ports http_reply_access allow all icp_access allow all refresh_pattern . 0 20% 4320 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 ftp_passive on #digest_swapout_chunk_size 4096 bytes #maximum_object_size 4096 KB #maximum_object_size_in_memory 8000 KB
I iptabelki:
iptables -F
iptables -X
iptables -t nat -X
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -o lo -j ACCEPT
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -d 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -d 0/0 --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -d 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -d 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.1.254 -p udp --dport 547 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 192.168.1.254 -p udp --dport 547 -j ACCEPT
iptables -A INPUT -p tcp -d 0/0 --dport 8080 -j ACCEPT
iptables -A OUTPUT -p tcp -d 0/0 --dport 8080 -j ACCEPT
iptables -A FORWARD -s 192.168.1.254 -j ACCEPT
iptables -A FORWARD -d 192.168.1.254 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -s ipziomka -j MASQUERADE
iptables -A INPUT -m mac --mac-source maczek -j ACCEPT
iptables -A FORWARD -m mac --mac-source maczek -j ACCEPT
I nie dziala... :( nie wiem moze cos pominelem ale mecze sie juz z tym jakas godzinke i ciagle cos nie tak.
Dzieki z gory za podpowiedzi.
Offline
Rozwiazalem problem :D. wystarczylo przelukac ./configure --help i pisze jak wol
--enable-linux-netfilter
Enable Transparent Proxy support for Linux 2.4 and later
Ale pojawil sie inny temat. Sciagnelem jeden pliczek zeby wskoczyl do cache. Jak ustawiam w przegladarce server proxy recznie to smiga go z predkoscia 60 kilo... a jak sciagam po transparencie to ssa mi tak jakbym go ssal z neta. Macie jakies pomysly?
Offline
| Time (s) | Query |
|---|---|
| 0.00014 | SET CHARSET latin2 |
| 0.00008 | SET NAMES latin2 |
| 0.00214 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='18.221.198.45' WHERE u.id=1 |
| 0.00158 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '18.221.198.45', 1738467891) |
| 0.00050 | SELECT * FROM punbb_online WHERE logged<1738467591 |
| 0.00122 | SELECT topic_id FROM punbb_posts WHERE id=50174 |
| 0.00093 | SELECT id FROM punbb_posts WHERE topic_id=6527 ORDER BY posted |
| 0.00080 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=6527 AND t.moved_to IS NULL |
| 0.00005 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00092 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=6527 ORDER BY p.id LIMIT 0,25 |
| 0.00085 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=6527 |
| Total query time: 0.00921 s | |