irodin
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Всем привет, нужна помощь в настройке связки прозрачного squid и openwrt Если настроить браузер на проксю (192.168.174.2:3130), то http открывается без проблем. Если перенаправляю трафик на прозрачный порт, то в access.log ничего не пишется, а в cache.log: 2019/12/26 13:45:02 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.174.2:3128 remote=192.168.174.1:43574 FD 13 flags=33: (2) No such file or directory 2019/12/26 13:45:02 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.174.2:3128 remote=192.168.174.1:43574 FD 13 flags=33 В браузере ошибка: Connection refused Куда копать, чего ему не хватает? Конфигурация сети: шлюз на openwrt(192.168.174.1) squid сервер ubuntu 19.04(192.168.174.2) Конфигурация firewall openwrt Код: config redirect option name 'squid_http_dnat' option src lan option dest wan option proto tcp option src_ip !192.168.174.2 option src_dport 80 option dest_ip 192.168.174.2 option dest_port 3128 option target DNAT option enabled 1 config redirect option name 'squid_http_snat' option dest lan option proto tcp option src_dip 192.168.174.1 option dest_ip 192.168.174.2 option dest_port 3128 option target SNAT option enabled 1 | Конфигурация squid.conf Код: http_port 3130 accel allow-direct http_port 3128 intercept client_dst_passthru off acl localnet src 192.168.174.0/24 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 8080 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access allow localnet http_access allow localhost http_access deny all always_direct allow all cache_dir ufs /var/spool/squid 2048 64 256 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_v4_first on shutdown_lifetime 3 seconds cache_mem 256 MB maximum_object_size_in_memory 1 MB dns_nameservers 192.168.174.1 visible_hostname home-srv.local redirect_program /usr/local/rejik3/redirector /usr/local/rejik3/redirector.conf | Параметры squid Код: Squid Cache: Version 4.4 Service Name: squid Ubuntu linux configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid-y3c0Vk/squid-4.4=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--enable-build-info=Ubuntu linux' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,SMB_LM' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-security-cert-validators=fake' '--enable-storeid-rewrite-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--with-gnutls' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/squid-y3c0Vk/squid-4.4=. -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid-y3c0Vk/squid-4.4=. -fstack-protector-strong -Wformat -Werror=format-security' |
| Всего записей: 14 | Зарегистр. 25-03-2015 | Отправлено: 17:17 26-12-2019 | Исправлено: irodin, 17:19 26-12-2019 |
|