0
回答
squid
终于搞明白,存储TCO原来是这样算的>>>   

系统:CentOS-7- 64-1611

squid版本:squid-3.5.20-2.el7_3.2.x86_64

外网是网卡1(ens192):10.74.16.6/24 网关是10.74.16.1 dns:10.10.10.10 

内网是网卡2(ens224)192.168.1.1/24  网关是192.168.1.1 dns:10.10.10.10

客户站:192.168.1.101/24 网关:192.168.1.1 dns:223.5.5.5

问题:只能打开https开头的网站,如百度,所有http网站都打不开,很是奇怪,我是新手不太明白,请大家帮忙看看,不胜感谢!

squid配置文件:
acl localnet src 192.168.1.0/24
acl localnet src fc00::/7       
acl localnet src fe80::/10      
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
# unregistered ports
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

http_access allow localnet
http_access allow localhost

http_access allow all

http_port 3128 accel allow-direct
http_port 3128 transparent

cache_dir ufs /data/cache 1260642 16 256
coredump_dir /data/cache
cache_mem 1 GB

firewall的配置文件(public.xml)

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <port protocol="tcp" port="80"/>
  <masquerade/>
  <forward-port to-addr="10.74.16.6" to-port="3128" protocol="tcp" port="80"/>
  <rule family="ipv4">
    <source address="192.168.1.0/24"/>
    <masquerade/>
  </rule>
</zone>


我用到的firewall-cmd命令:
                      firewall-cmd --permanent --add-masquerade

firewall-cmd--permanent--add-rich-rule='rulefamily=ipv4source address=192.168.1.0/24 masquerade' 

firewall-cmd--permanent--add-forward-port=port=80:proto=tcp:toport=3128:toaddr=10.74.16.6
我也在网上找到教程做的,我总感觉是我的防火墙的问题,客户端能解析网站,比如ping www.sina.com.cn,它能解析成[60.215.128.246],但回复就超时,可能牵扯到[出站]、[入站]问题,也只是猜测,希望那位同仁能帮帮我,已经被折磨二个星期了。谢谢!

<无标签>
举报
mazhenya
发帖于7个月前 0回/46阅
顶部