lorometal
(usa CentOS)
Enviado em 26/04/2010 - 20:55h
Precisei refazer um servidor de proxy, e to batendo cabeça com um problema que nunca tive, fiz vários gateways de usando centOS+iptabes+squid e é a primeira vez que me pego nessa situação. ve se alguem ai pode dar uma força.
segue o conf
# Arquivo de configuracao proxy squid v2.6
# escrito por evandro alves
cache_mgr cpd@colatinadiesel.com.br
visible_hostname CDIESEL-GATEWAY
unique_hostname CDIESEL-GATEWAY
cache_dir ufs /var/spool/squid/cache1 100 16 256
cache_dir ufs /var/spool/squid/cache2 100 16 256
cache_dir ufs /var/spool/squid/cache3 100 16 256
cache_dir ufs /var/spool/squid/cache4 100 16 256
cache_mem 256 MB
http_port 88 transparent
cache_effective_user squid
cache_effective_group squid
access_log /var/log/squid/access.log squid
# ACLs
acl safe_ports port 88
acl safe_ports port 80
acl safe_ports port 3128
acl safe_ports port 443
acl safe_ports port 21
acl safe_ports port 110
acl safe_ports port 587
acl safe_ports port 8081
acl safe_ports port 8080
acl safe_ports port 10000
acl safe_ports port 10001
acl safe_ports port 9000
acl SSL_ports port 443
acl SSL_ports port 110
acl SSL_ports port 587
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl webserver src 192.168.10.252/255.255.255.255
# Chama a autenticacao
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squidpasswd
auth_param basic children 5
auth_param basic realm [ Digite seu nome de usuário e senha!]
auth_param basic credentialsttl 10 minute
acl autenticacao proxy_auth REQUIRED
acl usuarios-master proxy_auth "/etc/squid/usuarios-master"
acl usuarios-administracao proxy_auth "/etc/squid/usuarios-administracao"
acl usuarios-pecas proxy_auth "/etc/squid/usuarios-pecas"
acl usuarios-veiculos proxy_auth "/etc/squid/usuarios-veiculos"
acl usuarios-estoque proxy_auth "/etc/squid/usuarios-estoque"
acl usuarios-recepcao proxy_auth "/etc/squid/usuarios-recepcao"
acl usuarios-oficina proxy_auth "/etc/squid/usuarios-oficina"
acl usuarios-pneus proxy_auth "/etc/squid/usuarios-pneus"
acl usuarios-telefonista proxy_auth "/etc/squid/usuarios-telefonista"
acl usuarios-starclass proxy_auth "/etc/squid/usuarios-starclass"
acl urls-bloqueadas url_regex -i "/etc/squid/urls-bloqueadas"
acl urls-liberadas url_regex -i "/etc/squid/urls-liberadas"
acl urls-liberadas-administracao url_regex -i "/etc/squid/urls-liberadas-administracao"
acl urls-liberadas-pecas url_regex -i "/etc/squid/urls-liberadas-pecas"
acl urls-liberadas-veiculos url_regex -i "/etc/squid/urls-liberadas-veiculos"
acl urls-liberadas-estoque url_regex -i "/etc/squid/urls-liberadas-estoque"
acl urls-liberadas-recepcao url_regex -i "/etc/squid/urls-liberadas-recepcao"
acl urls-liberadas-oficina url_regex -i "/etc/squid/urls-liberadas-oficina"
acl urls-liberadas-pneus url_regex -i "/etc/squid/urls-liberadas-pneus"
acl urls-liberadas-telefonista url_regex -i "/etc/squid/urls-liberadas-telefonista"
acl urls-liberadas-starclass url_regex -i "/etc/squid/urls-liberadas-starclass"
http_access allow manager localhost
http_access allow manager webserver
http_access deny manager
http_access deny !safe_ports
http_access deny CONNECT !SSL_ports
http_access deny urls-bloqueadas
http_access allow usuarios-master
http_access allow urls-liberadas-administracao usuarios-administracao
http_access allow urls-liberadas-pecas usuarios-pecas
http_access allow urls-liberadas-veiculos usuarios-veiculos
http_access allow urls-liberadas-estoque usuarios-estoque
http_access allow urls-liberadas-recepcao usuarios-recepcao
http_access allow urls-liberadas-oficina usuarios-oficina
http_access allow urls-liberadas-pneus usuarios-pneus
http_access allow urls-liberadas-telefonista usuarios-telefonista
http_access allow urls-liberadas-starclass usuarios-starclass
http_access deny all
e segue o log de erro
2010/04/26 20:47:14| Starting Squid Cache version 2.6.STABLE6 for i686-redhat-linux-gnu...
2010/04/26 20:47:14| Process ID 6624
2010/04/26 20:47:14| With 1024 file descriptors available
2010/04/26 20:47:14| Using epoll for the IO loop
2010/04/26 20:47:14| DNS Socket created at 0.0.0.0, port 32778, FD 5
2010/04/26 20:47:14| Adding nameserver 200.255.255.70 from /etc/resolv.conf
2010/04/26 20:47:14| Adding nameserver 200.165.132.147 from /etc/resolv.conf
2010/04/26 20:47:14| helperOpenServers: Starting 5 'ncsa_auth' processes
2010/04/26 20:47:14| User-Agent logging is disabled.
2010/04/26 20:47:14| Referer logging is disabled.
2010/04/26 20:47:14| Unlinkd pipe opened on FD 15
2010/04/26 20:47:14| Swap maxSize 409600 KB, estimated 31507 objects
2010/04/26 20:47:14| Target number of buckets: 1575
2010/04/26 20:47:14| Using 8192 Store buckets
2010/04/26 20:47:14| Max Mem size: 262144 KB
2010/04/26 20:47:14| Max Swap size: 409600 KB
2010/04/26 20:47:14| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2010/04/26 20:47:14| Rebuilding storage in /var/spool/squid/cache1 (DIRTY)
2010/04/26 20:47:14| Rebuilding storage in /var/spool/squid/cache2 (DIRTY)
2010/04/26 20:47:14| Rebuilding storage in /var/spool/squid/cache3 (DIRTY)
2010/04/26 20:47:14| Rebuilding storage in /var/spool/squid/cache4 (DIRTY)
2010/04/26 20:47:14| Using Least Load store dir selection
2010/04/26 20:47:14| Current Directory is /
2010/04/26 20:47:14| Loaded Icons.
2010/04/26 20:47:14| commBind: Cannot bind socket FD 19 to *:88: (13) Permission denied
FATAL: Cannot open HTTP Port
Squid Cache (Version 2.6.STABLE6): Terminated abnormally.
CPU Usage: 0.038 seconds = 0.026 user + 0.012 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 2512 KB
Ordinary blocks: 2463 KB 2 blks
Small blocks: 0 KB 1 blks
Holding blocks: 244 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 48 KB
Total in use: 2707 KB 98%
Total free: 48 KB 2%