L_S_V
BANNED | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Волнует строка..."Jan 20 10:02:34 testbsd squid[225]: Exiting due to repeated, frequent failures" что это значит? Как простой прокси сквид работает(конечно если поставить http_port 192.168.119.129:3128)! Сквид конфигурировал так... ./cinfigure --enable-ipf-transparent --enable-arp-acl --enable-arp-acl transparent, увеличение скорости обработки ACL и использование списков ARP ACL (по MAC-адресам) Код: testbsd# tail -f /var/log/messages Jan 20 10:02:31 testbsd squid[209]: Squid Parent: child process 514 exited with status 1 Jan 20 10:02:31 testbsd squid[225]: Squid Parent: child process 516 started Jan 20 10:02:31 testbsd squid[225]: Squid Parent: child process 516 exited with status 1 Jan 20 10:02:34 testbsd squid[209]: Squid Parent: child process 521 started Jan 20 10:02:34 testbsd squid[209]: Squid Parent: child process 521 exited with status 1 Jan 20 10:02:34 testbsd squid[209]: Exiting due to repeated, frequent failures Jan 20 10:02:34 testbsd squid[225]: Squid Parent: child process 523 started Jan 20 10:02:34 testbsd squid[225]: Squid Parent: child process 523 exited with status 1 Jan 20 10:02:34 testbsd squid[225]: Exiting due to repeated, frequent failures | Не работает как прозрачный=( Подскажите что не так? правила ipfw.... lnc0- смотрит в и-нет lnc1- в локалку Код: testbsd# ipfw show 00100 16 832 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 fwd 127.0.0.1,3128 tcp from 192.168.119.0/24 to any dst-port 80,443,21 via lnc1 00400 0 0 deny ip from 127.0.0.0/8 to any in recv lnc0 00500 0 0 deny ip from 10.0.0.0/8 to any in recv lnc0 00600 0 0 deny ip from 172.16.0.0/16 to any in recv lnc0 00700 0 0 deny ip from 192.168.0.0/24 to any in recv lnc0 00800 136 15124 allow ip from 192.168.119.0/24 to any in recv lnc1 00900 64 8852 allow ip from any to 192.168.119.0/24 out xmit lnc1 01000 0 0 divert 8668 ip from 192.168.119.0/24 to any out xmit lnc0 01100 44 5994 divert 8668 ip from any to 212.10.92.4 01200 0 0 allow tcp from 212.10.92.4 1025-65535 to any dst-port 25,110,80,443,53,5190,22,21 out xmit lnc0 01300 0 0 allow tcp from any 25,110,53,80,443 to 192.168.119.0/24 dst-port 1025-65535 in recv lnc0 established 01400 0 0 allow tcp from any 21,53,22 to 212.10.92.4 dst-port 1025-65535 in recv lnc0 established 01500 43 2624 allow udp from 212.10.92.4 1025-65535 to any dst-port 53 out xmit lnc0 01600 43 5574 allow udp from any 53 to 212.10.92.4 dst-port 1025-65535 in recv lnc0 01700 0 0 allow udp from any 53 to 192.168.119.0/24 dst-port 1025-65535 in recv lnc0 01800 0 0 allow tcp from 212.10.92.4 1025-65535 to any dst-port 1025-65535 out xmit lnc0 01900 0 0 allow tcp from any 1025-65535 to 212.10.92.4 dst-port 1025-65535 in recv lnc0 established 02000 0 0 allow icmp from any to me icmptypes 0,3,4,11,12 in 02100 0 0 allow icmp from any to 192.168.119.0/24 icmptypes 0,3,4,11,12 in recv lnc0 02200 0 0 allow icmp from me to any icmptypes 3,8,12 out 02300 0 0 deny log logamount 700 tcp from any to 212.10.92.4 in recv lnc0 setup 02400 6 1281 deny ip from any to any 65535 8 560 allow ip from any to any | конфиг сквида.... Код: http_port 127.0.0.1:3128 icp_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 64 MB error_directory /usr/local/squid/share/errors/Russian-koi8-r maximum_object_size 16384 KB cache_dir ufs /usr/local/squid/cache 256 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log /usr/local/squid/logs/store.log quick_abort_pct 60 negative_ttl 1 minutes positive_dns_ttl 6 hours negative_dns_ttl 5 minutes half_closed_clients on visible_hostname localhost acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl users src "/usr/local/squid/etc/users.txt" httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access allow users http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all cache_effective_user squid cache_effective_group squid forwarded_for on cachemgr_passwd passwd all client_db on | Ядро FreeBSD 6.0 собрано так... Код: options TCP_DROP_SYNFIN options IPDIVERT options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd options IPFIREWALL_VERBOSE_LIMIT=30 #limit verbosity options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default | В итоге прокси не работает как прозрачный, скорей всего проблема в дивёрте трафика, подскажите где не так... | Всего записей: 627 | Зарегистр. 31-03-2005 | Отправлено: 11:37 20-01-2006 | Исправлено: L_S_V, 11:41 20-01-2006 |
|