Здравствуйте, уже которую неделю пытаюсь понять, из-за чего в файле /var/log/squid/cache.log появляется такое сообщение "ERROR: No forward-proxy ports configured." где может быть косяк в настройках сквида... вот парсинг конфига
sudo squid -k parse
2018/09/17 12:47:33| Startup: Initializing Authentication Schemes ...
2018/09/17 12:47:33| Startup: Initialized Authentication Scheme 'basic'
2018/09/17 12:47:33| Startup: Initialized Authentication Scheme 'digest'
2018/09/17 12:47:33| Startup: Initialized Authentication Scheme 'negotiate'
2018/09/17 12:47:33| Startup: Initialized Authentication Scheme 'ntlm'
2018/09/17 12:47:33| Startup: Initialized Authentication.
2018/09/17 12:47:33| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2018/09/17 12:47:33| Processing: acl localnet_first src 192.168.10.0/24
2018/09/17 12:47:33| Processing: acl localnet_two src 192.168.20.0/24
2018/09/17 12:47:33| Processing: acl localnet_three src 192.168.30.0/24
2018/09/17 12:47:33| Processing: acl localnet_four src 192.168.40.0/24
2018/09/17 12:47:33| Processing: acl SSL_ports port 443
2018/09/17 12:47:33| Processing: acl Safe_ports port 80 # http
2018/09/17 12:47:33| Processing: acl Safe_ports port 21 # ftp
2018/09/17 12:47:33| Processing: acl Safe_ports port 443 # https
2018/09/17 12:47:33| Processing: acl Safe_ports port 70 # gopher
2018/09/17 12:47:33| Processing: acl Safe_ports port 210 # wais
2018/09/17 12:47:33| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2018/09/17 12:47:33| Processing: acl Safe_ports port 280 # http-mgmt
2018/09/17 12:47:33| Processing: acl Safe_ports port 488 # gss-http
2018/09/17 12:47:33| Processing: acl Safe_ports port 591 # filemaker
2018/09/17 12:47:33| Processing: acl Safe_ports port 777 # multiling http
2018/09/17 12:47:33| Processing: acl CONNECT method CONNECT
2018/09/17 12:47:33| Processing: http_port 192.168.10.1:3127 intercept
2018/09/17 12:47:33| Starting Authentication on port 192.168.10.1:3127
2018/09/17 12:47:33| Disabling Authentication on port 192.168.10.1:3127 (interception enabled)
2018/09/17 12:47:33| Processing: http_port 192.168.10.1:3128 intercept
2018/09/17 12:47:33| Starting Authentication on port 192.168.10.1:3128
2018/09/17 12:47:33| Disabling Authentication on port 192.168.10.1:3128 (interception enabled)
2018/09/17 12:47:33| Processing: http_port 192.168.10.1:3129 intercept
2018/09/17 12:47:33| Starting Authentication on port 192.168.10.1:3129
2018/09/17 12:47:33| Disabling Authentication on port 192.168.10.1:3129 (interception enabled)
2018/09/17 12:47:33| Processing: http_port 192.168.10.1:3140 intercept
2018/09/17 12:47:33| Starting Authentication on port 192.168.10.1:3140
2018/09/17 12:47:33| Disabling Authentication on port 192.168.10.1:3140 (interception enabled)
2018/09/17 12:47:33| Processing: cache_mem 1024 MB
2018/09/17 12:47:33| Processing: maximum_object_size_in_memory 512 KB
2018/09/17 12:47:33| Processing: cache_dir ufs /var/spool/squid 2048 16 256
2018/09/17 12:47:33| Processing: access_log daemon:/var/log/squid/access.log squid
2018/09/17 12:47:33| Processing: logfile_rotate 31
2018/09/17 12:47:33| Processing: cache_log /var/log/squid/cache.log
2018/09/17 12:47:33| Processing: debug_options ALL,1 77,9
2018/09/17 12:47:33| Processing: coredump_dir /var/spool/squid
2018/09/17 12:47:33| Processing: refresh_pattern ^ftp: 1440 20% 10080
2018/09/17 12:47:33| Processing: refresh_pattern ^gopher: 1440 0% 1440
2018/09/17 12:47:33| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2018/09/17 12:47:33| Processing: refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
2018/09/17 12:47:33| Processing: refresh_pattern . 0 20% 4320
2018/09/17 12:47:33| Processing: delay_pools 2
2018/09/17 12:47:33| Processing: delay_class 1 3
2018/09/17 12:47:33| Processing: delay_class 2 3
2018/09/17 12:47:33| Processing: delay_access 1 deny localnet_two
2018/09/17 12:47:33| Processing: delay_access 1 allow localnet_first
2018/09/17 12:47:33| Processing: delay_access 2 allow localnet_two
2018/09/17 12:47:33| Processing: delay_access 2 deny all
2018/09/17 12:47:33| Processing: delay_parameters 1 -1/-1 -1/-1 -1/-1
2018/09/17 12:47:33| Processing: delay_parameters 2 -1/-1 -1/-1 125000/125000
2018/09/17 12:47:33| Processing: cache_peer 127.0.0.1 parent 8081 0 no-query no-digest no-netdb-exchange default
2018/09/17 12:47:33| Processing: cache_peer_access 127.0.0.1 allow all
2018/09/17 12:47:33| Processing: acl Scan_HTTP proto HTTP
2018/09/17 12:47:33| Processing: http_access deny !Safe_ports
2018/09/17 12:47:33| Processing: http_access deny CONNECT !SSL_ports
2018/09/17 12:47:33| Processing: http_access allow localhost manager
2018/09/17 12:47:33| Processing: http_access deny manager
2018/09/17 12:47:33| Processing: http_access allow localnet_first
2018/09/17 12:47:33| Processing: http_access allow localnet_two
2018/09/17 12:47:33| Processing: http_access allow localnet_three
2018/09/17 12:47:33| Processing: http_access allow localnet_four
2018/09/17 12:47:33| Processing: http_access allow localhost
2018/09/17 12:47:33| Processing: http_access deny all
2018/09/17 12:47:33| Processing: never_direct allow Scan_HTTP
Где у меня тут ошибка не могу понять.
И вот еще вывод iptables
sudo iptables-save
# Generated by iptables-save v1.6.0 on Mon Sep 17 12:54:23 2018
*nat
:PREROUTING ACCEPT [1535:101961]
:INPUT ACCEPT [633:52726]
:OUTPUT ACCEPT [1966:129819]
:POSTROUTING ACCEPT [2844:177786]
-A PREROUTING ! -d 192.168.10.0/24 -i ens1 -p tcp -m multiport --dports 80,8080 -j DNAT --to-destination 192.168.10.1:3127
-A PREROUTING ! -d 192.168.20.0/24 -i ens1:0 -p tcp -m multiport --dports 80,8080 -j DNAT --to-destination 192.168.10.1:3128
-A PREROUTING ! -d 192.168.30.0/24 -i ens1:1 -p tcp -m multiport --dports 80,8080 -j DNAT --to-destination 192.168.10.1:3129
-A PREROUTING ! -d 192.168.40.0/24 -i ens1:2 -p tcp -m multiport --dports 80,8080 -j DNAT --to-destination 192.168.10.1:3140
-A POSTROUTING -s 192.168.0.0/24 -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Mon Sep 17 12:54:23 2018
# Generated by iptables-save v1.6.0 on Mon Sep 17 12:54:23 2018
*filter
:INPUT ACCEPT [126725:117182166]
:FORWARD ACCEPT [117788:7550095]
:OUTPUT ACCEPT [91910:226430410]
-A INPUT -i lo -j ACCEPT
-A FORWARD -i ens1 -o enp2s0 -j ACCEPT
-A FORWARD -i enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp2s0 -o ens1 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Sep 17 12:54:24 2018
В общем переписал nat теперь выглядит так:
# Generated by iptables-save v1.6.0 on Wed Sep 19 08:23:24 2018
*nat
:PREROUTING ACCEPT [7883:571270]
:INPUT ACCEPT [5621:366218]
:OUTPUT ACCEPT [46256:2867059]
:POSTROUTING ACCEPT [48098:2970320]
-A PREROUTING ! -d 192.168.10.0/24 -i ens1 -p tcp -m multiport --dports 80 -j DNAT --to-destination 192.168.10.1:3127
-A PREROUTING ! -d 192.168.20.0/24 -i ens1:0 -p tcp -m multiport --dports 80 -j DNAT --to-destination 192.168.10.1:3128
-A PREROUTING ! -d 192.168.30.0/24 -i ens1:1 -p tcp -m multiport --dports 80 -j DNAT --to-destination 192.168.10.1:3129
-A PREROUTING ! -d 192.168.40.0/24 -i ens1:2 -p tcp -m multiport --dports 80 -j DNAT --to-destination 192.168.10.1:3140
-A POSTROUTING -s 192.168.10.0/24 -o enp2s0 -j MASQUERADE
-A POSTROUTING -s 192.168.20.0/24 -o enp2s0 -j MASQUERADE
-A POSTROUTING -s 192.168.30.0/24 -o enp2s0 -j MASQUERADE
-A POSTROUTING -s 192.168.40.0/24 -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Wed Sep 19 08:23:24 2018
# Generated by iptables-save v1.6.0 on Wed Sep 19 08:23:24 2018
*filter
:INPUT ACCEPT [90998:15542649]
:FORWARD ACCEPT [194028:10582535]
:OUTPUT ACCEPT [548279:44294228]
-A INPUT -i lo -j ACCEPT
-A FORWARD -i ens1 -o enp2s0 -j ACCEPT
-A FORWARD -i ens1:0 -o enp2s0 -j ACCEPT
-A FORWARD -i ens1:1 -o enp2s0 -j ACCEPT
-A FORWARD -i ens1:2 -o enp2s0 -j ACCEPT
-A FORWARD -i enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp2s0 -o ens1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i enp2s0 -o ens1:0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i enp2s0 -o ens1:1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i enp2s0 -o ens1:2 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Sep 19 08:23:24 2018
в настройках сквида убрал параметр inetcept, но появилась другая проблема на клиентской машине если в браузере набирать сайты не содержащие https, то браузер выдает ошибку, вот такую:
Ошибка
Запрошенный URL не может быть получен
При получении URL /_ произошла следующая ошибка
Недопустимый URL
Какая-то часть запрашиваемого URL некорректна
Возможные проблемы:
Отсутствует или неверно указан протокол (должно быть "http://" или похожее)
Отсутствует имя узла (hostname)
Недопустимое двойное экранирование в пути URL (URL-Path)
Недопустимый символ в имени узла (hostname), подчеркивание запрещены.
Подскажите, как это побороть. Очень надо, а то уже почти месяц с этим вожусь.