服务器 Gind.cn
  1. 服务器 Gind.cn
  3. freebsd pf鱿鱼透明
Intereting Posts
压缩时SquashFS mksquashfs段错误 由于MaxRequestLen更新,无法上传大于128KB的文件 本地系统证书注册失败注册事件ID:13 如何使nagios不是类的主机,作为一个未处理的问题? dhcpd守护进程占用大量的内存并重新启动时出现内存不足错误 如何在Exchange中实现灰名单? access.log中奇怪的Java用户代理 Server 2003在远程系统上共享文件夹 Route 53 CNAME工作需要多长时间? VirtualSAMLPHP的虚拟主机 使HAProxy通过HTTPCHECK中的主机名 用于公共FTP的用户权限 Windows 7上的Hyper-V? 从EPEL回购更新权力DNS 更新Percona服务器时出错

freebsd pf鱿鱼透明

我打破了我的大脑处理这个问题。 鱿鱼是从启用了PF_TP的ports / usr / ports / www / squid32上构build的。

我有互联网,但奇怪的是它绕过鱿鱼。 显然,鱿鱼日志是空的。

我不知道什么是错的。 configuration似乎没问题。

这是我的SQUIDconfiguration 

1 # Squid normally listens to port 8080 2 http_port 127.0.0.1:8080 intercept 3 #http_port 8080 4 5 # Squid hostname 6 visible_hostname hqproxy.nis.edu.kz 7 cache_mgr [email protected] 8 9 cache_dir ufs /squid 20000 64 128 10 coredump_dir /var/squid/cache/squid 11 cache_mem 8 MB 12 maximum_object_size 50960 KB 13 maximum_object_size_in_memory 32 KB 14 15 cache_log /var/log/squid/cache.log 16 cache_store_log /var/log/squid/store.log 17 cache_access_log /var/log/squid/access.log 18 cache_effective_user squid 19 cache_effective_group squid 20 21 #server_persistent_connections on 22 #client_persistent_connections on 23 24 #dead_peer_timeout 30 seconds 25 26 #hierarchy_stoplist cgi-bin php asp conf ? 27 #acl QUERY urlpath_regex cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ \.conf$ 28 #no_cache deny QUERY 29 #acl myself dst 127.0.0.1 192.168.1.68 30 #always_direct allow myself 31 #always_direct allow QUERY 32 33 #negative_ttl 5 minutes 34 #positive_dns_ttl 6 hours 35 #negative_dns_ttl 1 minute 36 #connect_timeout 60 seconds 37 #request_timeout 3 minutes 38 #persistent_request_timeout 1 minute 39 #read_timeout 15 minutes 40 #client_lifetime 1 day 41 #half_closed_clients off 42 #pconn_timeout 2 minutes 43 #shutdown_lifetime 1 seconds 44 45 #Configure downloading even after aborted requests. 46 #quick_abort_min 0 KB 47 #quick_abort_max 0 KB 48 49 acl localnet src 192.168.1.0/24 50 acl SSL_ports port 443 51 acl Safe_ports port 80 # http 52 acl Safe_ports port 21 # ftp 53 acl Safe_ports port 443 # https 54 acl Safe_ports port 70 # gopher 55 acl Safe_ports port 210 # wais 56 acl Safe_ports port 1025-65535 # unregistered ports 57 acl Safe_ports port 280 # http-mgmt 58 acl Safe_ports port 488 # gss-http 59 acl Safe_ports port 591 # filemaker 60 acl Safe_ports port 777 # multiling http 61 acl CONNECT method CONNECT 62 63 #include /usr/local/etc/squid/auth.conf 64 65 http_access allow localnet 66 http_access deny !Safe_ports 67 http_access deny CONNECT !SSL_ports 68 http_access deny all

这是PFconfiguration 

  1 ## --- VARS ----------------------------------------------------------------- ## 2 3 if_int="em1" 4 if_ext="em0" 5 if_vpn="tun0" 6 7 ip_ext="aaaa/32" 8 ip_int="192.168.1.68/32" 9 10 ports_client = "{ 21, 22, 25, 110, 123, 80, 443, 53, 3389,8080, >=49151 }" 11 ports_ext_tcp = "{ 22, 8329 }" 12 ports_ext_udp = "{ 1194 }" 13 14 net_local = "192.168.1.0/24" 15 net_tunvpn = "10.0.1.0/24" 16 net_semfm = "10.18.0.0/24" 17 net_noroute= "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 0.0. 0.0/8, 240.0.0.0/4 }" 18 19 state_mod = "flags S/SA modulate state" 20 state_syn = "flags S/SA synproxy state" 21 22 ## --- OPTIONS ------------------------------------------------------------------ ## 23 24 set block-policy drop 25 set state-policy floating 26 set loginterface $if_ext 27 set optimization normal 28 set skip on lo0 29 30 ## --- NORMALIZATION ------------------------------------------------------------- ## 31 32 scrub in all 33 scrub on $if_ext all reassemble tcp 34 35 ## --- QUEUEING ------------------------------------------------------------------ ## 36 37 altq on $if_ext cbq bandwidth 40Mb queue {normal, high, top} 38 queue normal bandwidth 40% priority 1 cbq (default borrow) 39 queue high bandwidth 50% priority 5 cbq (borrow ecn) 40 queue top bandwidth 10% priority 7 cbq (borrow) 41 42 43 ## --- NAT RDR ------------------------------------------------------------------- ## 44 45 nat on $if_ext from $net_local to any -> ($if_ext) 46 ## redirect all www to squid 8080 47 rdr on $if_ext inet proto tcp from $net_local to any port {80, 443} -> 127.0.0.1 port 8080 48 49 ## --- FILTERING ----------------------------------------------------------------- 50 51 antispoof quick for $if_int 52 53 54 block log all 55 pass in on $if_ext inet proto icmp all icmp-type echoreq 56 57 pass in on $if_ext inet proto tcp from any to any port $ports_ext_tcp flags S/SA keep state 58 pass in on $if_ext inet proto udp from any to any port $ports_ext_udp keep state 59 60 pass out on $if_ext keep state 61 62 pass in quick on $if_int route-to lo0 inet proto tcp from $net_local to 127.0.0.1 port 8080 keep state 63 pass in on $if_int inet proto icmp all icmp-type echoreq 64 pass in on $if_int inet proto {tcp,udp} from $net_local to any port $ports_client keep state 65 pass out on $if_int keep state

更改: 

 rdr on $if_ext inet proto tcp from $net_local to any port {80, 443} -> 127.0.0.1 port 8080

至: 

 rdr on $if_int inet proto tcp from $net_local to any port {80, 443} -> 127.0.0.1 port 8080