我试图将Squid用作http代理(使用85.10.219.144/29子网代理来自88.99.219.124的所有请求)。
$ cat /etc/squid3/squid.conf
acl client src 88.99.219.124
acl proxy dst 85.10.219.144/29
http_access allow client proxy
http_access deny all
http_port 3129
$ tail -f /var/log/squid3/access.log
1543865940.128 0 88.99.219.124 TCP_DENIED/403 3486 CONNECT google.com:443 - HIER_NONE/- text/html
1543865940.138 0 88.99.219.124 TCP_DENIED/403 3486 CONNECT google.com:443 - HIER_NONE/- text/html
1543865940.147 0 88.99.219.124 TCP_DENIED/403 3486 CONNECT google.com:443 - HIER_NONE/- text/html
1543865940.156 0 88.99.219.124 TCP_DENIED/403 3486 CONNECT google.com:443 - HIER_NONE/- text/html
我的配置有什么问题?
答案 0 :(得分:0)
乌贼配置:
$ cat /etc/squid3/squid.conf
acl client src 88.99.219.124
http_access allow client
http_access deny all
http_port 3129
debug_options ALL,1
要允许您的服务器使用85.10.219.144/29子网,请在子网中将IP地址添加到网络接口。
使用subnet calculator查找子网范围内的最小和最大ip。
网络接口:
$ cat /etc/network/interfaces
...
auto vmbr0
iface vmbr0 inet static
address x.x.x.x
netmask x.x.x.x
gateway x.x.x.x
bridge-ports __network_interface_name__
bridge-stp off
bridge-fd 0
auto vmbr0:0
iface vmbr0:0 inet static
address 85.10.219.145
netmask 255.255.255.248
auto vmbr0:1
iface vmbr0:1 inet static
address 85.10.219.146
netmask 255.255.255.248
auto vmbr0:2
iface vmbr0:2 inet static
address 85.10.219.147
netmask 255.255.255.248
auto vmbr0:3
iface vmbr0:3 inet static
address 85.10.219.148
netmask 255.255.255.248
auto vmbr0:4
iface vmbr0:4 inet static
address 85.10.219.149
netmask 255.255.255.248
auto vmbr0:5
iface vmbr0:5 inet static
address 85.10.219.150
netmask 255.255.255.248
现在,当我们尝试使用代理时,它就起作用了!
$ curl -x http://85.10.219.150:3129 -L http://google.com
在日志文件中:
$ cat /var/log/squid/access.log
1544717769.941 58 _your_ip_ TCP_MISS/200 13234 GET http://www.google.com/ - HIER_DIRECT/2a00:1450:4001:809::2004 text/html