Здравствуйте!
Если в браузере пользователя (другой комп) указать настройки прокси (ip сквида, порт), страницы сайтов отображаются. Если в браузере указать напрямую, сквид прозрачит с ошибкой, в браузере это:
ERROR
The requested URL could not be retrieved
Invalid Request error was encountered while trying to process the request:
GET / HTTP/1.1
Host: ya.ru
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Cookie: yandexuid=1349896321324452497
Cache-Control: max-age=0
Some possible problems are:
Missing or unknown request method.
Missing URL.
Missing HTTP Identifier (HTTP/1.0).
Request is too large.
Content-Length missing for POST or PUT requests.
Illegal character in hostname; underscores are not allowed.
Your cache administrator is webmaster.
squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet10 src 192.168.10.0/24
acl localnet100 src 192.168.100.0/24
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
http_access allow localhost
http_access allow localnet10
http_access allow localnet100
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
# example line deb packages
#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
eth0 192.168.100.80/24
eth1 192.168.10.2/24
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.100.80
netmask 255.255.255.0
network 192.168.100.0
broadcast 192.168.100.255
gateway 192.168.100.2
auto eth1
iface eth1 inet static
address 192.168.10.2
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
up route add -net 192.168.100.0 netmask 255.255.255.0 dev eth0
в iptables направление в сквид:
-A PREROUTING -s 192.168.10.0/24 -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.2:3128
iptables-save
*nat
-A PREROUTING -s 192.168.10.0/24 -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.2:3128
-A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
COMMIT
*filter
-A FORWARD -i eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
*nat
-A PREROUTING -s 192.168.10.0/24 -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.2:3128
-A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
COMMIT
Если в iptables убрать проброс (запросы на 80 порт на 3128 сквида), пользователи ходят через шлюз мимо сквида, браузеры все отображают.
Подскажите, где поправить, чтобы сквид прозрачил?