squid3.0代理配置故障

squid3.0代理配置故障

# /usr/local/squid/sbin/squid -N -d1
2009/01/06 05:43:44| Warning: empty ACL: acl name url_regex -i
2009/01/06 05:43:44| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2009/01/06 05:43:44| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2009/01/06 05:43:44| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
WARNING: Cannot write log file: none
none: Permission denied
         messages will be sent to 'stderr'.
2009/01/06 05:43:44| Squid is already running!  Process ID 2690

日誌里報錯,不知道什麼願因
Jan  6 05:57:43 hwt squid: storeLateRelease: released 0 objects
Jan  6 05:57:45 hwt squid: Warning: empty ACL: acl name url_regex -i
Jan  6 05:57:45 hwt squid: WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
Jan  6 05:57:45 hwt squid: WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
Jan  6 05:57:45 hwt squid: WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
Jan  6 05:57:45 hwt squid: Squid is already running!  Process ID 20100
#

你這些報錯前面只是warning

none: Permission denied
         messages will be sent to 'stderr'.（很明顯是許可權問題導致的 從你提供的報錯信息我不能準確判斷是什麼對方許可權導致的，貌似是log文件。

# /usr/local/squid/sbin/squid  -N -d1
2009/01/06 06:39:23| Warning: empty ACL: acl name url_regex -i
2009/01/06 06:39:23| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2009/01/06 06:39:23| WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2009/01/06 06:39:23| WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
2009/01/06 06:39:23| Starting Squid Cache version 3.0.STABLE1 for x86_64-unknown-linux-gnu...
2009/01/06 06:39:23| Process ID 20138
2009/01/06 06:39:23| With 1024 file descriptors available
2009/01/06 06:39:23| Performing DNS Tests...
2009/01/06 06:39:24| Successful DNS name lookup tests...
2009/01/06 06:39:24| helperOpenServers: Starting 5 'dnsserver' processes
2009/01/06 06:39:24| Unlinkd pipe opened on FD 13
2009/01/06 06:39:24| Store logging disabled
2009/01/06 06:39:24| Swap maxSize 10240000 KB, estimated 787692 objects
2009/01/06 06:39:24| Target number of buckets: 39384
2009/01/06 06:39:24| Using 65536 Store buckets
2009/01/06 06:39:24| Max Mem  size: 1048576 KB
2009/01/06 06:39:24| Max Swap size: 10240000 KB
2009/01/06 06:39:24| Version 1 of swap file without LFS support detected...
2009/01/06 06:39:24| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2009/01/06 06:39:24| Version 1 of swap file without LFS support detected...
2009/01/06 06:39:24| Rebuilding storage in /home/cache (DIRTY)
2009/01/06 06:39:24| Using Least Load store dir selection
2009/01/06 06:39:24| Current Directory is /usr/local/squid/var/log

我把我的SQUID.CONF帖出來大家幫我看看原因出在那裡

http_port 3128 transparent
cache_mem 1 GB
maximum_object_size 9000 KB
maximum_object_size_in_memory 6128 KB
dns_nameservers 196.196.0.252
cache_dir ufs /usr/local/squid/cache 5000 32 512
cache_dir ufs /home/cache 5000 32 512
error_directory /usr/local/squid/share/errors/Simplify_Chinese
acl nocache urlpath_regex cookie.*\.php *\.jsp *\.asp *\.pl *\.cgi
no_cache deny nocache
acl audio urlpath_regex -i .torrent$ .avi$ .mp3$ .mp4$
http_access deny audio
acl name url_regex -i
http_access deny name
cache_access_log none
cache_log none
cache_store_log none
acl localhost src 196.196.0.0/24
http_access allow localhost
acl all src 0.0.0.0/0.0.0.0
http_access deny all
acl safe port 80 21 443 3128
http_access allow safe
cache_effective_user squid
cache_effective_group squid
cache_mgr worldrestart@yahoo.com.cn
acl conncount maxconn 5
visible_hostname LinuxProxyServer
icon_directory /usr/local/squid/share/icons
ipcache_size 2024
ipcache_low 90
ipcache_high 95
fqdncache_size 2024

acl all src 0.0.0.0/0.0.0.0
這個在3.0以上版本是不需要了
默認3.0中就已經把all定義了，所以只需要後面使用就行了

謝謝liuhanzhao 兄   的回復.  我現在還有一點點小問題,下面的規則問題出在那裡

# /sbin/iptables -A OUTPUT -d 0/0 -p ALL --dport 53 -j ACCEPT
iptables v1.3.5: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.
#

請問大家我這樣參數合理嗎?

./configure --prefix=/usr/local/squid
--enable-poll
--disable-internal-dns
--disable-wccp
--disable-wccpv2
--disable-carp
--disable-ident-lookups
--enable-dlmalloc
--enable-truncate
--enable-stacktrace
--enable-storeio=aufs,coss,diskd,ufs,null
--enable-linux-netfilter         //要想實現透明代理，必須選取這個參數，啟用linux netfilter支持
--enable-err-language=Simplify_Chinese
--enable-default-err-languages=Simplify_Chinese
--enable-arp-acl
--enable-snmp
--enable-async-io=180       //1G內存，並且是雙核的選180，否則選100以下
--enable-cahce-digests      
--enable-underscore          //允許請求的URL出現下劃線
--enable-gnuregex  
--enable-icmp
--enable-kill-parent-hack

--enable-linux-netfilter         //要想實現透明代理，必須選取這個參數，啟用linux netfilter支持
不用這個參數我同樣可以做透明代理的
其他都是ok的

謝謝liuhanzhao    兄的回復,小弟還有一個問題,SQUID3.0是不是不支持以下三個規則?..我在squid.conf 加下面三個會報錯.不知道是什麼原因.
refresh_pattern . 0 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload
broken_vary_encoding allow apache
header_access header allow all


# /usr/local/squid/sbin/squid  -N -d1
2009/01/08 06:12:50| parseConfigFile: 'squid.conf' line 58 unrecognized: 'broken_vary_encoding allow apache'
2009/01/08 06:12:50| parseConfigFile: 'squid.conf' line 60 unrecognized: 'header_access header allow all'
2009/01/08 06:12:50| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2009/01/08 06:12:50| Squid is already running!  Process ID 21532
#


下面是我的腳本
http_port 3128 transparent
cache_mem 256 MB
dns_nameservers 196.196.0.252
fqdncache_size 2024
maximum_object_size_in_memory 2 MB
#memory_replacement_policy heap LFUDA
#cache_replacement_policy heap LFUDA
cache_dir ufs /usr/local/squid/cache 5000 32 512
cache_dir ufs /home/cache 5000 32 512
error_directory /usr/local/squid/share/errors/Simplify_Chinese
acl nocache urlpath_regex cookie.*\.php *\.jsp *\.asp *\.pl *\.cgi
no_cache deny nocache
acl audio urlpath_regex -i .torrent$ .avi$ .mp3$ .mp4$
http_access deny audio
acl download urlpath_regex -i \.zip$ \.exe$ \.mp3$ \.ra$ \.avi$ \.avi$ \.rar$ \.rvmb$ \.mpe$
http_access deny download
acl localhost src 196.196.0.0/24
http_access allow localhost
http_access deny all
acl safe port 80 21 443 3128
http_access allow safe
cache_effective_user squid
cache_effective_group squid
icp_port 0
cache_mgr worldrestart@yahoo.com.cn
acl OverConnLimit maxconn 16
http_access deny OverConnLimit
acl conncount maxconn 5
visible_hostname 196.196.0.252
icon_directory /usr/local/squid/share/icons
max_open_disk_fds 0
minimum_object_size 1 KB
maximum_object_size 20 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 2024
ipcache_low 90
ipcache_high 95
access_log /usr/local/squid/var/logs/access.log squid
cache_log /usr/local/squid/var/logs/cache.log squid
cache_store_log none
emulate_httpd_log on
#refresh_pattern . 0 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload
acl buggy_server url_regex ^http://.... http://
broken_posts allow buggy_server
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
request_entities off
#header_access header allow all
relaxed_header_parser on
client_lifetime 120 minute
cache_peer 196.196.0.252 parent 80 0 no-query default multicast-responder no-netdb-exchange
cache_peer_domain 196.196.0.252
hostname_aliases 196.196.0.252
error_directory /usr/local/squid/share/errors/Simplify_Chinese
always_direct allow all
ignore_unknown_nameservers on
coredump_dir  /var/log/squid
half_closed_clients off
buffered_logs on

[ 本帖最後由 bigbigsh 於 2009-1-7 09:29 編輯 ]

Tags: