Доброго всем времени суток.
Вообщем трабла такая:
Зделал прозрачную проксю был доволен 30 минут после 30 минут заметил что строчка в /etc/pf.conf:
rdr on $if_in inet proto tcp from $our_network to any port = http -> 127.0.0.1 port 3128
работает токо для http протокола (смешно канешно но там явно написано), тут же возникла задача
ЗАВЕРНУТЬ ПРОЗРАЧНО ftp ЗАПРОСЫ на squid, недолго думая сделал:
rdr on $if_in inet proto tcp from $our_network to any port = ftp -> 127.0.0.1 port 3128
Пока копировал и перечитывал конфиги ПФа понимал что так просто всё не решиться, ВЫВОД "НЕ РЕШИЛОСЬ"
Начал гуглить вопрос. РЕШЕНИЕ:
ну из этих пары тройки статей:
http://www.opennet.ru/base/net/transparent_ftp.txt.htmlhttp://www.lissyara.su/?id=1018http://house.hcn-strela.ru/BSDCert/BSDA-co...conf-rdr+filterСлепил и прикрутил frox, вообщем пробился долго, frox (по идее) работает !!! НО !!! вот что выдаёт
Сижу под OpenSuse 11.0, Konqueror прозрачно бегает в инет, а вот джля проверки в Мозилле в ручную вбивались настройки http и ftp proxy серверов. Через явное указание на http-squid браузер работает нормально бегает по ftp`якам, а вот как токо прозрачно ни вкакую выдаёт
в konqueror`e
Ошибка при загрузке
ftp://frebsd.org:Ошибка соединения с узлом frebsd.org.
Причина: 501 Connection denied. Bye.
в мозилле:
421 Proxy tried to loop. Closing connection
В логах frox`a пишется такое:
Mon Nov 10 17:21:46 2008 frox[6785] Attempt to connect to self. Do you need to set DoNTP to yes?
Mon Nov 10 17:21:46 2008 frox[6785] Closing session
Mon Nov 10 17:22:48 2008 frox[6799] Connect from 192.168.1.101
Mon Nov 10 17:22:48 2008 frox[6799] ... to 208.73.210.121()
Mon Nov 10 17:22:48 2008 frox[6799] S: 501 Connection denied. Bye
Mon Nov 10 17:22:48 2008 frox[6799] Denied by ACLs.
Mon Nov 10 17:22:48 2008 frox[6799] Closing session
ERROR: "bind: Address already in use" at line 56 of misc.c
ERROR: "bind: Address already in use" at line 56 of misc.c
Mon Nov 10 17:24:30 2008 frox[6842] Connect from 192.168.1.101
Mon Nov 10 17:24:30 2008 frox[6842] ... to 82.200.78.133()
Mon Nov 10 17:24:38 2008 frox[6842] S: 501 Connection denied. Bye
Mon Nov 10 17:24:38 2008 frox[6842] Denied by ACLs.
Mon Nov 10 17:24:38 2008 frox[6842] Closing session
Mon Nov 10 17:24:39 2008 frox[6843] Connect from 192.168.1.101
Mon Nov 10 17:24:39 2008 frox[6843] ... to 208.73.210.121()
Mon Nov 10 17:24:42 2008 frox[6844] Connect from 192.168.1.101
Mon Nov 10 17:24:42 2008 frox[6844] ... to 82.200.78.133()
Mon Nov 10 17:24:46 2008 frox[6844] S: 501 Connection denied. Bye
Mon Nov 10 17:24:46 2008 frox[6844] Denied by ACLs.
Mon Nov 10 17:24:46 2008 frox[6844] Closing session
Mon Nov 10 17:24:50 2008 frox[6843] S: 501 Connection denied. Bye
Mon Nov 10 17:24:50 2008 frox[6843] Denied by ACLs.
Mon Nov 10 17:24:50 2008 frox[6843] Closing session
конфиг frox`a:
# Ykazivaem IP interfeis na kotorom bydet slyshatca FROX
Listen 192.168.1.175
# Port proslyshivania
Port 2121
User nobody
Group nobody
#Nezabivaem datb prava polzovately nobody na polnii doctyp
WorkingDir /usr/local/frox/cache
DontChroot Yes
LogLevel 25
LogFile /usr/local/frox/log/frox.log
PidFile /usr/local/frox/log/frox.pid
APConv Yes
BounceDefend Yes
#CasheModule local
CacheModule http
HTTPProxy 192.168.1.175:3128
CacheSize 400
#minimalnii razmer fila kotori bydet zaprashivatbca cherez proxy
MinCacheSize 1
MaxForks 10
MaxForksPerHost 4
Acl Allow 192.168.0.0/16 - *
Потом сделал так в конце строчку Acl Allow 192.168.0.0/16 - * заменил на Acl Allow * - *
плюнул уже, перечитал логи - опаньки браузер начал, как я понял, в активном режиме на ФТП заходить, а не в пассивном заходил, заходил, дозаходился и перестал... в логе появилась новая строка :
Mon Nov 10 17:41:19 2008 frox[6949] S: 220-Welcome to Pure-FTPd.
Mon Nov 10 17:41:19 2008 frox[6949] S: 220-You are user number 1 of 10 allowed.
Mon Nov 10 17:41:19 2008 frox[6949] S: 220-Only anonymous FTP is allowed here
Mon Nov 10 17:41:19 2008 frox[6949] S: 220 You will be disconnected after 15 minutes of inactivity.
Mon Nov 10 17:41:19 2008 frox[6949] C: USER anonymous
Mon Nov 10 17:41:19 2008 frox[6949] S: 230 Anonymous user logged in
Mon Nov 10 17:41:19 2008 frox[6949] C: SYST
Mon Nov 10 17:41:19 2008 frox[6949] S: 215 UNIX Type: L8
Mon Nov 10 17:41:19 2008 frox[6949] C: PWD
Mon Nov 10 17:41:19 2008 frox[6949] S: 257 "/" is your current location
Mon Nov 10 17:41:20 2008 frox[6949] C: TYPE I
Mon Nov 10 17:41:20 2008 frox[6949] S: 200 TYPE is now 8-bit binary
Mon Nov 10 17:41:20 2008 frox[6949] Intercepted a PASV command
Mon Nov 10 17:41:20 2008 frox[6949] C: PASV
Mon Nov 10 17:41:20 2008 frox[6949] Rewritten 227 reply:
Mon Nov 10 17:41:20 2008 frox[6949] S: 227 Entering Passive Mode (192,168,1,175,173,12)
Mon Nov 10 17:41:20 2008 frox[6949] C: SIZE /
Mon Nov 10 17:41:20 2008 frox[6949] S: 550 I can only retrieve regular files
Mon Nov 10 17:41:20 2008 frox[6949] C: MDTM /
Mon Nov 10 17:41:20 2008 frox[6949] S: 550 I can only retrieve regular files
Mon Nov 10 17:41:20 2008 frox[6949] C: SIZE /
Mon Nov 10 17:41:20 2008 frox[6949] SIZE not accepted - aborting caching
Mon Nov 10 17:41:20 2008 frox[6949] C: RETR /
Mon Nov 10 17:41:20 2008 frox[6949] S: 550 I can only retrieve regular files
Mon Nov 10 17:41:20 2008 frox[6949] Intercepted a PASV command
Mon Nov 10 17:41:20 2008 frox[6949] C: PASV
Mon Nov 10 17:41:20 2008 frox[6949] Rewritten 227 reply:
Mon Nov 10 17:41:20 2008 frox[6949] S: 227 Entering Passive Mode (192,168,1,175,185,173)
Mon Nov 10 17:41:20 2008 frox[6949] C: CWD /
Mon Nov 10 17:41:20 2008 frox[6949] S: 250 OK. Current directory is /
Mon Nov 10 17:41:20 2008 frox[6949] Strictpath = "%2f/"
Mon Nov 10 17:41:20 2008 frox[6949] C: LIST
Mon Nov 10 17:41:25 2008 frox[6950] Connect from 192.168.1.101
Mon Nov 10 17:41:25 2008 frox[6950] ... to 82.200.78.133()
Mon Nov 10 17:41:25 2008 frox[6950] Connecting to server...
Mon Nov 10 17:41:25 2008 frox[6950] OK
Mon Nov 10 17:41:25 2008 frox[6950] Apparent address = 82.200.78.133(lanserv3.it.tusur.ru)
Mon Nov 10 17:41:25 2008 frox[6950] Real address = 82.200.78.133(lanserv3.it.tusur.ru)
Mon Nov 10 17:41:25 2008 frox[6950] Proxy address = 82.200.78.133(lanserv3.it.tusur.ru)
Mon Nov 10 17:41:25 2008 frox[6950] S: 220 Microsoft FTP Service (Version 5.0).
Mon Nov 10 17:41:25 2008 frox[6950] C: USER anonymous
Mon Nov 10 17:41:25 2008 frox[6950] S: 331 Please specify the password.
Mon Nov 10 17:41:25 2008 frox[6950] C: pass anonymous@
Mon Nov 10 17:41:25 2008 frox[6950] S: 230 Login successful.
Mon Nov 10 17:41:25 2008 frox[6950] C: SYST
Mon Nov 10 17:41:25 2008 frox[6950] S: 215 UNIX Type: L8
Mon Nov 10 17:41:25 2008 frox[6950] C: PWD
Mon Nov 10 17:41:25 2008 frox[6950] S: 257 "/"
Mon Nov 10 17:41:25 2008 frox[6950] C: cwd /pub/NetBSD/3.1
Mon Nov 10 17:41:25 2008 frox[6950] S: 250 Directory successfully changed.
Mon Nov 10 17:41:25 2008 frox[6950] Strictpath = "%2fpub%2fNetBSD%2f3.1/"
Mon Nov 10 17:41:25 2008 frox[6950] C: TYPE I
Mon Nov 10 17:41:25 2008 frox[6950] S: 200 Switching to Binary mode.
Mon Nov 10 17:41:25 2008 frox[6950] Intercepted a PASV command
Mon Nov 10 17:41:25 2008 frox[6950] C: PASV
Mon Nov 10 17:41:25 2008 frox[6950] Rewritten 227 reply:
Mon Nov 10 17:41:25 2008 frox[6950] S: 227 Entering Passive Mode (192,168,1,175,185,36)
Mon Nov 10 17:41:29 2008 frox[6950] Command EPSV not implemented
Mon Nov 10 17:41:29 2008 frox[6950] S: 502 Command not implemented.
Mon Nov 10 17:41:29 2008 frox[6950] Command eprt not implemented
Mon Nov 10 17:41:29 2008 frox[6950] S: 502 Command not implemented.
Mon Nov 10 17:41:29 2008 frox[6950] Rewriting PORT command to PASV
Mon Nov 10 17:41:29 2008 frox[6950] C: PASV
Mon Nov 10 17:41:29 2008 frox[6950] Rewriting 227 reply.
Mon Nov 10 17:41:29 2008 frox[6950] S: 200 PORT command OK.
Mon Nov 10 17:41:29 2008 frox[6950] Connecting to both data streams for list command
Mon Nov 10 17:41:29 2008 frox[6951] Connect from 192.168.1.101
Mon Nov 10 17:41:29 2008 frox[6951] ... to 82.200.78.133()
Mon Nov 10 17:41:29 2008 frox[6951] Connecting to server...
Mon Nov 10 17:41:29 2008 frox[6951] OK
Mon Nov 10 17:41:29 2008 frox[6951] Apparent address = 82.200.78.133(lanserv3.it.tusur.ru)
Mon Nov 10 17:41:29 2008 frox[6951] Real address = 82.200.78.133(lanserv3.it.tusur.ru)
Mon Nov 10 17:41:29 2008 frox[6951] Proxy address = 82.200.78.133(lanserv3.it.tusur.ru)
Mon Nov 10 17:41:29 2008 frox[6951] S: 220 Microsoft FTP Service (Version 5.0).
Mon Nov 10 17:41:29 2008 frox[6951] C: USER anonymous
Mon Nov 10 17:41:29 2008 frox[6951] S: 331 Please specify the password.
Mon Nov 10 17:41:29 2008 frox[6951] C: pass anonymous@
Mon Nov 10 17:41:29 2008 frox[6951] S: 230 Login successful.
Mon Nov 10 17:41:29 2008 frox[6951] C: SYST
Mon Nov 10 17:41:29 2008 frox[6951] S: 215 UNIX Type: L8
Mon Nov 10 17:41:29 2008 frox[6951] C: PWD
Mon Nov 10 17:41:29 2008 frox[6951] S: 257 "/"
Mon Nov 10 17:41:29 2008 frox[6951] C: cwd /pub/NetBSD
Mon Nov 10 17:41:29 2008 frox[6951] S: 250 Directory successfully changed.
Mon Nov 10 17:41:29 2008 frox[6951] Strictpath = "%2fpub%2fNetBSD/"
Mon Nov 10 17:41:32 2008 frox[6951] C: cwd /
Mon Nov 10 17:41:32 2008 frox[6951] S: 250 Directory successfully changed.
Mon Nov 10 17:41:32 2008 frox[6951] Strictpath = "%2fpub%2fNetBSD/%2f/"
Mon Nov 10 17:41:32 2008 frox[6951] C: TYPE I
Mon Nov 10 17:41:32 2008 frox[6951] S: 200 Switching to Binary mode.
Mon Nov 10 17:41:32 2008 frox[6951] Intercepted a PASV command
Mon Nov 10 17:41:32 2008 frox[6951] C: PASV
Mon Nov 10 17:41:32 2008 frox[6951] Rewritten 227 reply:
Mon Nov 10 17:41:32 2008 frox[6951] S: 227 Entering Passive Mode (192,168,1,175,195,74)
Mon Nov 10 17:41:32 2008 frox[6882] Connect from 192.168.1.101 refused: too many connections from that host
Mon Nov 10 17:41:34 2008 frox[6882] Connect from 192.168.1.101 refused: too many connections from that host
Mon Nov 10 17:41:34 2008 frox[6882] Connect from 192.168.1.101 refused: too many connections from that host
Mon Nov 10 17:41:37 2008 frox[6882] Connect from 192.168.1.101 refused: too many connections from that host
Mon Nov 10 17:41:37 2008 frox[6882] Connect from 192.168.1.101 refused: too many connections from that host
ERROR: "bind: Address already in use" at line 56 of misc.c
Mon Nov 10 17:41:52 2008 frox[6951] Command EPSV not implemented
Mon Nov 10 17:41:52 2008 frox[6951] S: 502 Command not implemented.
Mon Nov 10 17:41:52 2008 frox[6951] Command eprt not implemented
Mon Nov 10 17:41:52 2008 frox[6951] S: 502 Command not implemented.
Mon Nov 10 17:41:52 2008 frox[6951] Rewriting PORT command to PASV
Mon Nov 10 17:41:52 2008 frox[6951] C: PASV
Mon Nov 10 17:41:52 2008 frox[6951] Rewriting 227 reply.
Mon Nov 10 17:41:52 2008 frox[6951] S: 200 PORT command OK.
Mon Nov 10 17:41:52 2008 frox[6951] Connecting to both data streams for list command
ERROR: "bind: Address already in use" at line 56 of misc.c
ERROR: "bind: Address already in use" at line 56 of misc.c
ERROR: "bind: Address already in use" at line 56 of misc.c
ERROR: "bind: Address already in use" at line 56 of misc.c
как я понял в конфиге фрокса у меня стоит:
MaxForksPerHost 4
так он у меня, получается, 4ре раза соединился и всё теперь бреет, как-то странно он соединяет, почему не сбрасывает старый счётчик?
Потом пытаюсь через явное указание в настройке браузера ftp proxy 192.168.1.175 порт 2121 он мне опять отсылает
421 Proxy tried to loop. Closing connection
даже после перезагрузки фрокса тоже самое