centos cent os上的Squid代理会阻止一切

0g0grzrc  于 12个月前  发布在  其他
关注(0)|答案(1)|浏览(161)

当我在centos 7 vm上安装squid转发代理,然后告诉ubuntu vm使用centos vm作为代理时,squid会阻止所有内容,即使我创建一个新的centos vm并安装一个新版本的squid,也会发生这种情况。如果我在squid中什么都不做,问题仍然存在。我在esxi 8中创建了这些vm
我试着在squid.conf文件中写入http_access allow all。

5w9g7ksd

5w9g7ksd1#

你能发布你的配置吗?您是否在CentOS 7上使用Squid并启用了SELinux?执行命令getenforce来找出答案。如果其输出显示Enforcing,则SELinux已启用,您应该与Squid the same way the RedHat documentation specifies进行交互(启动/停止/更改)。
使用Squid,您应该在配置中添加一个新的acl,引用您的Ubuntu服务器IP。
示例:acl ubuntu src 216.128.143.117/32
然后,您应该添加一个新的http_access指令,允许您的acl访问Squid。
示例:http_access allow ubuntu
我有一种感觉,你正在使用一个本地IP地址,所以你必须确保Squid配置为允许来自本地IP的流量。如果你正在添加一个http_access allow all指令(不建议),那么确保它在http_access deny all指令之上,如果它存在的话。
在Ubuntu上,你可以enable an http/s proxy by doing
export http_proxy="http://{host}:{port}/"用于http代理,以及
export https_proxy="https://{host}:{port}/"用于https代理。
这将把所有http和https请求转发到指定的服务器。
将这些指令添加到users .bashrc文件中,使其对于 that 用户是永久的,或者将它们添加到/etc/environment中,使其在系统范围内是永久的。
如果你还在挣扎,我自己测试了它,并在几分钟内得到它的工作。
我在德克萨斯州达拉斯的Vultr上部署了2台服务器:
一个运行CentOS 7 SELinux,另一个运行Ubuntu 22.04 LTS
在CentOS服务器上,我做了以下操作:
sudo yum update
sudo yum install squid
sudo firewall-cmd --add-port=3128/tcp --permanent
sudo firewall-cmd --reload
nano /etc/squid/squid.conf并添加:
acl ubuntu src 216.128.143.117/32http_access allow ubuntu
然后,我做了systemctl start squid.service
我的squid.conf看起来像这样:

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
##########
acl ubuntu src 216.128.143.117/32
##########
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
##########
http_access allow ubuntu
##########
# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

字符串
在Ubuntu服务器上,我做了:
sudo apt-get update
export http_proxy="http://216.128.131.111:3128/"
export https_proxy="https://216.128.131.111:3128/"
然后我做了curl ipinfo.io/ip,响应是216.128.131.111,我的CentOS服务器IP。

相关问题