web服务转向的问题

ahking

网络结构为：一台linux服务器，双网卡，一块接大网，一块接局域网，接大网网卡有固定的大网IP

实现目标：当大网用户访问该liunx服务器的大网IP时，直接转向到局域网的另一台WEB服务器上
参照以前的帖子：
假定内IP提供服务的主机IP为1.1.1.1，提供互联网代理的主机外网IP为2.2.2.2

/sbin/iptables -t nat -A POSTROUTING -s 1.1.1.1 -o eth0 -j SNAT --to 2.2.2.2
/sbin/iptables -t nat -A PREROUTING -p tcp -d 2.2.2.2 --dport 80 -i eth0 -j DNAT --to 1.1.1.1


结果出现错误：
ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: /

The following error was encountered:

Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:

Missing or incorrect access protocol (should be `http://'' or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
Your cache administrator is root.



--------------------------------------------------------------------------------
Generated Mon, 22 Jan 2007 01:13:37 GMT by localhost (Squid/2.4.STABLE7)

请问是什么原因？
该linux服务器还跑着squid，而且代理用的端口也用80，不知道有没有影响？

dream3401

Post by ahking
网络结构为：一台linux服务器，双网卡，一块接大网，一块接局域网，接大网网卡有固定的大网IP

实现目标：当大网用户访问该liunx服务器的大网IP时，直接转向到局域网的另一台WEB服务器上
参照以前的帖子：
假定内IP提供服务的主机IP为1.1.1.1，提供互联网代理的主机外网IP为2.2.2.2

/sbin/iptables -t nat -A POSTROUTING -s 1.1.1.1 -o eth0 -j SNAT --to 2.2.2.2
/sbin/iptables -t nat -A PREROUTING -p tcp -d 2.2.2.2 --dport 80 -i eth0 -j DNAT --to 1.1.1.1


结果出现错误：
ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: /

The following error was encountered:

Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:

Missing or incorrect access protocol (should be `http://'' or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
Your cache administrator is root.



--------------------------------------------------------------------------------
Generated Mon, 22 Jan 2007 01:13:37 GMT by localhost (Squid/2.4.STABLE7)

请问是什么原因？
该linux服务器还跑着squid，而且代理用的端口也用80，不知道有没有影响？

我想是squid引起的,把你的iptables脚本全部贴出来,然后说明上面的情况是在谁访问谁时引起的.

ahking

我没用iptables脚本，squid如下：

visible_hostname localhost
http_port 80
cache_mem 76 MB
cache_swap_low 80
cache_swap_high 95
#cache_peer 10.68.139.34 parent 8999 3130 no-query default
hierarchy_stoplist cgi-bin ?
half_closed_clients off
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.asp \.php \.jsp \.cgi
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl

ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

ftp_user Squid@
ftp_passive on

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object

acl Safe_ports port 80                # http
acl Safe_ports port 21                # ftp
acl Safe_ports port 443 563        # https, snews
acl Safe_ports port 70                # gopher
acl Safe_ports port 210                # wais
#acl Safe_ports port 1025-65535        # unregistered ports
acl Safe_ports port 280                # http-mgmt
acl Safe_ports port 488                # gss-http
acl Safe_ports port 591                # filemaker
acl Safe_ports port 777                # multiling http
http_access deny !Safe_ports

acl SSL_ports port 443 563 8601
acl CONNECT method CONNECT
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

http_access allow localhost

# And finally deny all other access to this proxy
#never_direct allow all


acl ken src 1.1.1.2
http_access allow ken



http_access deny all


icp_access allow all