|
|
楼主 |
发表于 2007-3-20 20:02:18
|
显示全部楼层
[0:0] -A PREROUTING -d ! 192.168.0.0/255.255.0.0 -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
[0:0] -A PREROUTING -d ! 192.168.0.0/255.255.0.0 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
在iptables中我目前情况我用的是如上两句.
当我要对443服务进行代理时
我并没有对443进行任何的设置..
看了一会/etc/squid/squid.conf
中的会有
# TAG: https_port
# Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
#
# The socket address where Squid will listen for HTTPS client
# requests.
#
# This is really only useful for situations where you are running
# squid in accelerator mode and you want to do the SSL work at the
# accelerator level.
#
# You may specify multiple socket addresses on multiple lines,
# each with their own SSL certificate and/or options.
#
# Options:
#
# cert= Path to SSL certificate (PEM format)
#
# key= Path to SSL private key file (PEM format)
# if not specified, the certificate file is
# assumed to be a combined certificate and
# key file
#
# version= The version of SSL/TLS supported
# 1 automatic (default)
# 2 SSLv2 only
# 3 SSLv3 only
# 4 TLSv1 only
#
# cipher= Colon separated list of supported ciphers
#
# options= Various SSL engine options. The most important
# being:
# NO_SSLv2 Disallow the use of SSLv2
# NO_SSLv3 Disallow the use of SSLv3
# NO_TLSv1 Disallow the use of TLSv1
# See src/ssl_support.c or OpenSSL documentation
# for a more complete list.
#
我没有对其上选项进行设置,
结果是不可以访问http://mail.google.com因其会调到https
然后我在网络上搜索了一会找到了相关如下信息.
我有在/etc/squid/squid.conf加上
https_port 443 cert=/etc/squid/cert.pem key=/etc/squid/key.pem
而且运行了
openssl req -new -keyout /etc/squid/key.pem -nodes -x509 -days 365 -out /etc/squid/cert.pem
[0:0] -A PREROUTING -d ! 192.168.0.0/255.255.0.0 -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
[0:0] -A PREROUTING -d ! 192.168.0.0/255.255.0.0 -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
reload相关服务后
不过还是不可以...在/var/log/squid.log中会提示DENIED.
可是我并没有对其deny,
兄弟们谁碰过呢... |
|
IP卡
狗仔卡
发表于 2007-3-20 00:25:06
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡