Hallo,
ich hätte mal wieder ein Problem. Nähmlich habe ich einen Squid3 Proxy und einen DHCP Server installiert. Ich möchte nun, dass der Proxy die Daten von der einen Schnittstelle auf die andere überträgt.
Schnitstellen:
eth0 = Switch
eth1 = Router
Nur wird bei jedem Start des Proxys folgende Fehlermeldung ausgegeben:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | Starting Squid HTTP Proxy 3.x: squid32013/11/02 17:52:19| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2013/11/02 17:52:19| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2013/11/02 17:52:19| WARNING: For now we will assume you meant to write /32 2013/11/02 17:52:19| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2013/11/02 17:52:19| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2013/11/02 17:52:19| WARNING: You should probably remove '::/0' from the ACL named 'all' 2013/11/02 17:52:19| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2013/11/02 17:52:19| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2013/11/02 17:52:19| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost' 2013/11/02 17:52:19| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2013/11/02 17:52:19| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2013/11/02 17:52:19| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost' 2013/11/02 17:52:19| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8' 2013/11/02 17:52:19| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable 2013/11/02 17:52:19| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost' 2013/11/02 17:52:19| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0' 2013/11/02 17:52:19| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable 2013/11/02 17:52:19| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost' 2013/11/02 17:52:19| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0' 2013/11/02 17:52:19| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable 2013/11/02 17:52:19| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost' 2013/11/02 17:52:19| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2013/11/02 17:52:19| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2013/11/02 17:52:19| WARNING: For now we will assume you meant to write /24 |
Dies ist die Konfiguration meiner Interfaces:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255 auto eth1 iface eth1 inet dhcp up service squid stop up /sbin/iptables -F up /sbin/iptables -X up /sbin/iptables -t nat -F up /sbin/iptables -A FORWARD -o eth1 -i eth0 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT up /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT up /sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE up /sbin/sysctl -w net.ipv4.ip_forward=1 post-up /usr/sbin/dnsmasq -i eth0 -I eth1 -F 192.168.3.100,192.168.3.150,infinite post-up /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 post-up service squid start -n |
Zusätzliche Konfiguration von Squid:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | # SQUID erforderliche Minimalkonfiguration acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 # Example rule allowing access from your local networks. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network # lokale Rechner freigegeben acl lokale_rechner src 192.168.0.0/255.255.255.0 http_access allow lokale_rechner acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports http_access deny all #Allow ICP queries from local networks only icp_access allow localnet icp_access deny all # verwendeter Port 3128 http_port 192.168.3.1:3128 transparent # Tag: Programmumleitung zu Squid-Guard / hier deaktiviert # redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf access_log /var/log/squid/access.log squid cache deny localnet |
Ich habe alles diesen Beiträgen entnommen:
http://forum.ubuntuusers.de/topic/squid-mit-2-netzwerkkarten-zwischen-router-und/#post-2803621
http://wiki.ubuntuusers.de/Internetverbindungsfreigabe#LAN-auf-LAN-2
Das restliche habe ich mit dem Video von SemperVideo bereits mit Webmin eingerichtet.
SemperVideo:
http://www.youtube.com/user/SemperVideo?feature=watch
Video:
http://www.youtube.com/watch?v=AcJJGQTlKuA
Die IP Adressen werden ohne Probleme vergeben.
Ich kann auch von eth0 auf Webmin zugreifen.
Ich verwende den Firefox und er gibt folgendes aus: Fehler: Proxy-Server verweigert die Verbindung
Ich hoffe auf Hilfe!
maxl342