Configuração básica do Squid Server - problema de gateway


0

Estou tentando definir um servidor Squid (Configuração básica), estou conectando o servidor Squid e meu laptop ao roteador doméstico. Abaixo estão os códigos e configurações que tenho até agora:

#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)     machines

acl SSL_ports port 443          #shttp
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 8888


# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

O DHCP é o roteador local, os detalhes estão abaixo:

Roteador 172.16.10.1/16 e intervalo do Gateway: 172.16.10.100-199 O Squid IP é: 172.16.10.3

minha primeira pergunta: o servidor squid deve ser o gateway? meu problema é que, quando eu configuro o servidor proxy nas configurações de proxy do navegador (IP: 172.16.10.3, porta 8888), não consigo acessar a Internet, mas ainda consigo executar o ping 8.8.8.8. também no comando tracert, o primeiro salto é o gateway / roteador (172.16.10.1)

desculpe pelo atraso e espero que você possa me ajudar nesse problema.

Respostas:


0

Retirado do adaptador Squid Cache pós para o seu servidor.

Você precisa de toda a sua rede local para ir ao squid

# ACCESS CONTROLS
# -------------------------------------------

# Recommended minimum configuration:

# proxy (ip server)
acl yourserver src 172.16.10.3/32
http_access allow localhost
http_access allow yourserver
# Local network
acl localnet src 172.16.10.0/24

# DNS Ipv4
dns_v4_first on
# BLOCK IPv6
acl to_ipv6 dst ipv6
http_access deny to_ipv6 !all

acl CONNECT method CONNECT
acl SSL_ports port 443
acl SSL_ports port 5228     # mtalk.google.com
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access allow  yourserver manager
http_access deny manager

# DNS OPTIONS
dns_retransmit_interval 5 seconds
dns_timeout 30 seconds
dns_nameservers 8.8.8.8 8.8.4.4

# Default
ipcache_size 2048
ipcache_low 90
ipcache_high 95
fqdncache_size 4096

# HTTP OPTIONS
request_header_max_size 256 KB
ie_refresh on
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 0 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 10 seconds
fqdncache_size 16384

# via off hidden localnet
via on

---------------------------------------------------------------- 
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS


----------------------------------------------------------------
# Localnet
http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all

# ICP-HTCP-CLR
# Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
# Allow HTCP queries from local networks only
htcp_access allow localnet
htcp_access deny all
reply_body_max_size 3072 MB

# NETWORK OPTIONS

# Squid Port (change for your port 8888)
http_port 3128

# Qos
qos_flows local-hit=0x30
qos_flows parent-hit=0x32

# Destination IP address matches the Host header domain or IP
#host_verify_strict on

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM

# CACHEPEER (change your port)
cache_peer 172.16.10.3 parent 3128 0 proxy-only no-digest no-delay no-netdb-exchange no-query no-tproxy
dead_peer_timeout 2 seconds
cache_peer_access 172.16.10.3 allow all

# 'cgi-bin' or '?' direct server
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# Cache (Choose the amount of memory you assign)
cache_mem 512 MB

# Object
#maximum_object_size_in_memory 1024 KB
maximum_object_size_in_memory 30 MB
# objects are purged from memory when memory space is needed
memory_replacement_policy heap GDSF
# Control
memory_cache_mode always

# DISK CACHE OPTIONS

# objects are evicted (replaced) when disk space is needed
cache_replacement_policy heap LFUDA

# Disk cache
# Example: 100 GB for 250 GB
cache_dir aufs /var/spool/squid 150000 16 256

# Ej: 200 Mb (maximum_object_size 20480 KB)
#minimum_object_size 4 KB
maximum_object_size 200 MB

# Squid vaciar la caché (1% de 100 GB)
cache_swap_low 95 
cache_swap_high 99

# LOGFILE OPTIONS

access_log daemon:/var/log/squid/access.log squid
access_log stdio:/var/log/squid/access.log squid
cache_access_log stdio:/var/log/squid/access.log
cache_store_log stdio:/var/log/squid/store.log
cache_store_log daemon:/var/log/squid/store.log

# sudo apt-get install logrotate 
# sudo squid -k rotate
logfile_rotate 7

# OPTIONS FOR TROUBLESHOOTING

#  Squid administrative logging file.
cache_log /var/log/squid/cache.log

# debug
debug_options ALL,1
#debug_options ALL,1 33,2 28,9

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS

# Pinger (sudo chmod 4755 /usr/lib/squid/pinger)
pinger_program /usr/lib/squid/pinger
pinger_enable off

# Range
range_offset_limit -1
minimum_expiry_time 60 seconds

# Timeouts
forward_timeout 4 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
read_timeout 15 minutes
write_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 60 seconds
client_lifetime 1 day
pconn_timeout 60 seconds
shutdown_lifetime 15 seconds
client_idle_pconn_timeout 2 minutes
half_closed_clients off

# MISCELLANEOUS
cache_effective_user proxy 
cache_effective_group proxy
# Hide squid inf
httpd_suppress_version_string on
# Name of proxy
visible_hostname proxyserver
# persistent
server_persistent_connections off
client_persistent_connections off
# Disable ICP (Inter-Cache Protocol) (default icp_port 3130)
icp_port 0
# Disable icmp
query_icmp off
# DIRECT    
always_direct allow yourserver 
always_direct allow localnet
always_direct allow localhost
never_direct allow CONNECT
never_direct allow all
# ram
memory_pools off
memory_pools_limit 512 MB
# hide internal ip
forwarded_for deleted
# validation 
offline_mode off
# File Descriptors (Bug)
#https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1390132
#max_filedescriptors 1024
max_filedesc 8192
Ao utilizar nosso site, você reconhece que leu e compreendeu nossa Política de Cookies e nossa Política de Privacidade.
Licensed under cc by-sa 3.0 with attribution required.