Squid - não funciona com Proxy tranparente

1. Squid - não funciona com Proxy tranparente

ljcferreira
(usa RedHat)

Enviado em 10/10/2008 - 18:10h

Boa Tarde Pessoal

Tenho um servidor de rede rodando e quando starto o meu firewal com a linha que força o squid a funcionar de modo transparente, as máquinas não navegam estão apresentando erro de URL:

O erro apresenteado esta abaixo:

ERROR

The requested URL could not be retrieved

While trying to retrieve the URL: /

The following error was encountered:

Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:

Missing or incorrect access protocol (should be `http://'' or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
Your cache administrator is root.

Generated Fri, 10 Oct 2008 19:54:31 GMT by www.terra.com.br (squid/3.0.STABLE2)

Somente isso aparece, é como se ele não passasse a URL

Porém quando vou nas configurações de Proxy das estações e fixo o endereço do servidor (192.168.xxx.xxx porta 3128), as máquinas navegam normalmente, sem apresentar erro algum

A linha que tenho no meu firewall é :

# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

a versão do iptables é:

# iptables -V

iptables v1.4.0

a versão do meu squid é:

# squid -v

Squid Cache: Version 3.0.STABLE2

No squid estou unsando a configuração default que vem com ele, não alterei nehuma linha ainda.

Somente na linha que diz "http_port 3128" acresentei o transparente ai ficou assim:

http_port 3128 transparent

e para o squid startar precisei colocar um visible_hostname, que ai ficou assim

visible_hostname www.terra.com.br

OBS: segui as informações contidas no link do Sr. Carlos E. Morimoto do dia 31/08/2006 no seguinte link.: http://www.guiadohardware.net/dicas/configurando-proxy-transparente-nas-novas-versoes-squid.html

Mas mesmo assim, não funcionou

O Servidor que eu uso é FEDORA CORE 9

Se alguém puder me ajudar ficaria muito FELIZ

Abraços

Luciano

0 0

Quote

2. Re: Squid - não funciona com Proxy tranparente

comfaa
(usa Debian)

Enviado em 11/10/2008 - 00:09h

quando vc da o comando #squid -z, o que acontece ?

0 0

Quote

3. Re: Squid - não funciona com Proxy tranparente

ljcferreira
(usa RedHat)

Enviado em 11/10/2008 - 10:57h

Bom dia comfaa, olha só o que ele me gera....

[]# squid -z
2008/10/11 10:48:52| Squid is already running! Process ID 10397
[]# service squid stop
Parando o squid: ................ [ OK ]
[]# squid -z
2008/10/11 10:49:41| Creating Swap Directories
2008/10/11 10:49:41| /var/spool/squid exists
2008/10/11 10:49:41| /var/spool/squid/00 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/00
2008/10/11 10:49:41| /var/spool/squid/01 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/01
2008/10/11 10:49:41| /var/spool/squid/02 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/02
2008/10/11 10:49:41| /var/spool/squid/03 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/03
2008/10/11 10:49:41| /var/spool/squid/04 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/04
2008/10/11 10:49:41| /var/spool/squid/05 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/05
2008/10/11 10:49:41| /var/spool/squid/06 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/06
2008/10/11 10:49:41| /var/spool/squid/07 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/07
2008/10/11 10:49:41| /var/spool/squid/08 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/08
2008/10/11 10:49:41| /var/spool/squid/09 exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/09
2008/10/11 10:49:41| /var/spool/squid/0A exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/0A
2008/10/11 10:49:41| /var/spool/squid/0B exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/0B
2008/10/11 10:49:41| /var/spool/squid/0C exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/0C
2008/10/11 10:49:41| /var/spool/squid/0D exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/0D
2008/10/11 10:49:41| /var/spool/squid/0E exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/0E
2008/10/11 10:49:41| /var/spool/squid/0F exists
2008/10/11 10:49:41| Making directories in /var/spool/squid/0F
[]# service squid start
2008/10/11 10:50:21| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2008/10/11 10:50:21| Initializing https proxy context
Iniciando o squid: . [ OK ]
[]#

Abraços e Obrigado

0 0

Quote

4. Re: Squid - não funciona com Proxy tranparente

pelo
(usa Debian)

Enviado em 12/10/2008 - 00:38h

Meu caro,

Essa configuração de visible_hostname eu nem tenho no meu conf.
Parece ser algo no teu squid.conf
Podes colar ele aqui pra gente ver?

Sérgio Abrantes
[]'s

0 0

Quote

5. Meu Squid.conf

ljcferreira
(usa RedHat)

Enviado em 13/10/2008 - 19:26h

Boa Noite Sérgio Abrantes Junior

Executei o seguinte comando para extrair os comentários
egrep -v "^#|^$" squid.conf.luciano.teste > squid.conf.luciano

"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all

icp_access allow localnet
icp_access deny all

htcp_access allow localnet
htcp_access deny all
http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

access_log /var/log/squid/access.log squid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320

visible_hostname www.terra.com.br

icp_port 3130

coredump_dir /var/spool/squid
"

Abraços e obrigado desde já pela ajuda

0 0

Quote