Добрый день!
Собрал конфигурацию по следующей статье:
Настройка
ОС:
uname -a
Linux proxy 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) i686 GNU/Linux
Опции squid:
squid -v
Squid Cache: Version 3.5.17
Service Name: squid
Debian linux
configure options: '--build=i586-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIE -pie -Wl,-z,relro -Wl,-z,now' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-ssl' '--enable-ssl-crtd' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-openssl' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Debian linux' '--enable-linux-netfilter' 'build_alias=i586-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'
Настройки squid.conf:
acl localnet src 192.168.3.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
dns_nameservers 8.8.8.8
http_port 192.168.3.26:3128 options=NO_SSLv3:NO_SSLv2
http_port 192.168.3.26:3129 intercept options=NO_SSLv3:NO_SSLv2
https_port 192.168.3.26:3130 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connectionauth=off cert=/etc/squid/squidCA.pem
always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
Проверяем, чтобы squid слушал требуемые порты:
netstat -pnatu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 386/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 394/sshd
tcp 0 0 192.168.3.26:3128 0.0.0.0:* LISTEN 712/(squid-1)
tcp 0 0 192.168.3.26:3129 0.0.0.0:* LISTEN 712/(squid-1)
tcp 0 0 192.168.3.26:3130 0.0.0.0:* LISTEN 712/(squid-1)
tcp 0 464 192.168.3.26:22 192.168.3.106:33802 ESTABLISHED 458/0
tcp6 0 0 :::111 :::* LISTEN 386/rpcbind
tcp6 0 0 :::22 :::* LISTEN 394/sshd
udp 0 0 0.0.0.0:983 0.0.0.0:* 386/rpcbind
udp 0 0 0.0.0.0:47700 0.0.0.0:* 712/(squid-1)
udp 0 0 0.0.0.0:111 0.0.0.0:* 386/rpcbind
udp6 0 0 :::47403 :::* 712/(squid-1)
udp6 0 0 ::1:54690 ::1:60531 ESTABLISHED 714/(pinger)
udp6 0 0 :::983 :::* 386/rpcbind
udp6 0 0 :::111 :::* 386/rpcbind
udp6 0 0 ::1:60531 ::1:54690 ESTABLISHED 712/(squid-1)
service squid status
● squid.service - LSB: Squid HTTP Proxy version 3.x
Loaded: loaded (/etc/init.d/squid)
Active: active (running) since Ср 2016-05-11 18:19:49 MSK; 1min 17s ago
Process: 816 ExecStop=/etc/init.d/squid stop (code=exited, status=0/SUCCESS)
Process: 839 ExecStart=/etc/init.d/squid start (code=exited, status=0/SUCCESS)
Main PID: 879 (squid)
CGroup: /system.slice/squid.service
├─877 /usr/sbin/squid -YC -f /etc/squid/squid.conf
├─879 (squid-1) -YC -f /etc/squid/squid.conf
├─880 (logfile-daemon) /var/log/squid/access.log
└─881 (pinger)
май 11 18:19:49 proxy squid[877]: Squid Parent: will start 1 kids
май 11 18:19:49 proxy squid[877]: Squid Parent: (squid-1) process 879 started
май 11 18:19:49 proxy squid[839]: Starting Squid HTTP Proxy: squid.
май 11 18:19:49 proxy systemd[1]: squid.service: Supervising process 879 which is not our child. We'll most likely not notice when it exits.
Открываю браузер, явно прописываю прокси:порт, все работает.
А теперь нужно «завернуть» трафик с другого шлюза (он же и является натом) на данный прокси-сервер (network<->gateway<->proxy<->client).
gateway - 192.168.3.1
proxy - 192.168.3.26
client - 192.168.3.25
Политики iptables по умолчанию на прокси-сервере «разрешено все».
Прописываю правила на шлюзе в iptables:
iptables -t nat -A POSTROUTING -s 192.168.3.25 -p tcp -d 192.168.3.26 -j SNAT --to-source 192.168.3.1
iptables -t nat -A PREROUTING -s 192.168.3.25 -p tcp --dport 80 -j DNAT --to-destination 192.168.3.26:3129
iptables -t nat -A PREROUTING -s 192.168.3.25 -p tcp --dport 443 -j DNAT --to-destination 192.168.3.26:3130
iptables -A FORWARD -s 192.168.3.25 -d 192.168.3.26 -p tcp --dport 3129 -j ACCEPT
iptables -A FORWARD -s 192.168.3.25 -d 192.168.3.26 -p tcp --dport 3130 -j ACCEPT
Запрошенный URL не может быть получен
Ваше подключение не защищено
cat /var/log/squid/access.log
1462979111.346 0 192.168.3.1 TAG_NONE/400 5691 GET /171817/prepareCode?pfc=a&pfb=a&pt=b&pd=11&pw=3&pv=19&prr=&pdw=1280&pdh=1024&dl=http%3A//www.rambler.ru/&pr1=900888&random=254811&pr=661145&puid3=r1o&puid4=zb0&puid11=t7d&puid22=&puid33=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m&puid37=&puid38=&puid55=7h&puid56=9p&puid57=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m:poor:not_moscow:295&eid1=00000BBC5729B601B9DF64D901335701&p1=brhii&p2=exqr&pct=a&pfc=a&pfb=a&puid29=21&puid6=MAIN&puid59=1 - HIER_NONE/- text/html
1462979111.658 0 192.168.3.1 TAG_NONE/400 5677 GET /171817/prepareCode?pfc=a&pfb=a&pt=b&pd=11&pw=3&pv=19&prr=&pdw=1280&pdh=1024&dl=http%3A//www.rambler.ru/&pr1=740220&random=561181&pr=661145&puid3=r1o&puid4=zb0&puid11=t7d&puid22=&puid33=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m&puid37=&puid38=&puid55=7h&puid56=9p&puid57=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m:poor:not_moscow:295&eid1=00000BBC5729B601B9DF64D901335701&p1=bscpi&p2=ewzc&pct=a&puid29=21&puid54=0&puid6=MAIN&puid59=1 - HIER_NONE/- text/html
1462979111.767 0 192.168.3.1 TAG_NONE/400 5651 GET /171817/prepareCode?pfc=a&pfb=a&pt=b&pd=11&pw=3&pv=19&prr=&pdw=1280&pdh=1024&dl=http%3A//www.rambler.ru/&pr1=364107&random=860036&pr=661145&puid3=r1o&puid4=zb0&puid11=t7d&puid22=&puid33=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m&puid37=&puid38=&puid55=7h&puid56=9p&puid57=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m:poor:not_moscow:295&eid1=00000BBC5729B601B9DF64D901335701&p1=bsisl&p2=fdvd&pct=b&puid29=21&puid6=MAIN&puid59=1 - HIER_NONE/- text/html
1462979111.783 0 192.168.3.1 TAG_NONE/400 5651 GET /171817/prepareCode?pfc=a&pfb=a&pt=b&pd=11&pw=3&pv=19&prr=&pdw=1280&pdh=1024&dl=http%3A//www.rambler.ru/&pr1=789753&random=441698&pr=661145&puid3=r1o&puid4=zb0&puid11=t7d&puid22=&puid33=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m&puid37=&puid38=&puid55=7h&puid56=9p&puid57=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m:poor:not_moscow:295&eid1=00000BBC5729B601B9DF64D901335701&p1=bsixb&p2=fdvd&pct=b&puid29=21&puid6=MAIN&puid59=1 - HIER_NONE/- text/html
1462979111.784 0 192.168.3.1 TAG_NONE/400 3931 GET /hockey-2016/informer/desktop - HIER_NONE/- text/html
1462979111.837 0 192.168.3.1 TAG_NONE/400 4003 GET /V13a***R%3E*rambler_ru/ru/UTF-8/tmsec=rambler_head-new2/41809744 - HIER_NONE/- text/html
1462979111.838 0 192.168.3.1 TAG_NONE/400 3899 GET /analytics.js - HIER_NONE/- text/html
1462979111.839 0 192.168.3.1 TAG_NONE/400 5691 GET /171817/prepareCode?pfc=a&pfb=a&pt=b&pd=11&pw=3&pv=19&prr=&pdw=1280&pdh=1024&dl=http%3A//www.rambler.ru/&pr1=911686&random=682784&pr=661145&puid3=r1o&puid4=zb0&puid11=t7d&puid22=&puid33=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m&puid37=&puid38=&puid55=7h&puid56=9p&puid57=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m:poor:not_moscow:295&eid1=00000BBC5729B601B9DF64D901335701&p1=bqwcg&p2=exqv&pct=a&pfc=a&pfb=a&puid29=21&puid6=MAIN&puid59=1 - HIER_NONE/- text/html
1462979111.852 0 192.168.3.1 TAG_NONE/400 3899 GET /ru_RU/sdk.js - HIER_NONE/- text/html
1462979111.900 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979111.979 0 192.168.3.1 TAG_NONE/400 3991 GET /sync2.302?pid=16&anket_id=vAsAAAG2KVfZZN%2b5AVczAQB%3d - HIER_NONE/- text/html
1462979112.072 0 192.168.3.1 TAG_NONE/400 3909 GET /0/9947/001001.htm - HIER_NONE/- text/html
1462979112.077 0 192.168.3.1 TAG_NONE/400 3977 GET /ban.ban?rn=11856425941&op=8&pg=9160 - HIER_NONE/- text/html
1462979112.077 0 192.168.3.1 TAG_NONE/400 3915 GET /gtm.js?id=GTM-KJBSQR - HIER_NONE/- text/html
1462979112.078 0 192.168.3.1 TAG_NONE/400 3907 GET /track/219567.gif - HIER_NONE/- text/html
1462979112.090 0 192.168.3.1 TAG_NONE/400 3907 GET /client/target.js - HIER_NONE/- text/html
1462979112.112 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979114.248 0 192.168.3.1 TAG_NONE/400 5645 GET /171817/prepareCode?pfc=a&pfb=a&pt=b&pd=11&pw=3&pv=19&prr=&pdw=1280&pdh=1024&dl=http%3A//www.rambler.ru/&pr1=714229&random=452818&pr=661145&puid3=r1o&puid4=zb0&puid11=t7d&puid22=&puid33=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m&puid37=&puid38=&puid55=7h&puid56=9p&puid57=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m:poor:not_moscow:295&eid1=00000BBC5729B601B9DF64D901335701&p1=bquwr&p2=y&pct=c&puid29=21&puid6=MAIN&puid59=1 - HIER_NONE/- text/html
1462979114.945 0 192.168.3.1 TAG_NONE/400 3875 GET / - HIER_NONE/- text/html
1462979114.958 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979114.966 0 192.168.3.1 TAG_NONE/400 3897 GET /favicon.ico - HIER_NONE/- text/html
1462979116.295 0 192.168.3.1 TAG_NONE/400 5701 GET /171817/prepareCode?pfc=a&pfb=a&pt=b&pd=11&pw=3&pv=19&prr=&pdw=1280&pdh=1024&dl=http%3A//www.rambler.ru/&pr1=174948&random=319057&pr=661145&puid3=r1o&puid4=zb0&puid11=t7d&puid22=&puid33=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m&puid37=&puid38=&puid55=7h&puid56=9p&puid57=aud35m_7_16:aud53_7m:aud53_8m:aud34_1m:aud42_2m:aud30_2m:aud45m3:aud8m1:aud42_4m:aud53_1m:aud48_3m:aud36m1:aud42_3m:aud47_2m:aud17m:aud53_13m:aud30_6m:aud16m:aud38m:aud9m3:aud53_2m:aud33_2m:aud42_1m:aud53_3m:aud14_7m:poor:not_moscow:295&eid1=00000BBC5729B601B9DF64D901335701&p1=bmdoj&p2=emhk&pct=a&puid23=&puid29=21&puid54=0&puid6=MAIN&puid59=1 - HIER_NONE/- text/html
1462979117.053 0 192.168.3.1 TAG_NONE/400 3875 GET / - HIER_NONE/- text/html
1462979117.064 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979117.079 0 192.168.3.1 TAG_NONE/400 3897 GET /favicon.ico - HIER_NONE/- text/html
1462979119.768 118812 192.168.3.25 TCP_TUNNEL/200 1197 CONNECT www.google-analytics.com:443 - HIER_DIRECT/83.169.197.217 -
1462979119.768 119021 192.168.3.25 TCP_TUNNEL/200 1389 CONNECT fonts.gstatic.com:443 - HIER_DIRECT/37.29.1.45 -
1462979119.769 119236 192.168.3.25 TCP_TUNNEL/200 3851 CONNECT fonts.googleapis.com:443 - HIER_DIRECT/173.194.220.95 -
1462979119.770 112054 192.168.3.25 TCP_TUNNEL/200 417 CONNECT www.gstatic.com:443 - HIER_DIRECT/83.169.197.240 -
1462979119.773 112551 192.168.3.25 TCP_TUNNEL/200 4417 CONNECT pixel.rubiconproject.com:443 - HIER_DIRECT/62.67.193.85 -
1462979119.792 118747 192.168.3.25 TCP_TUNNEL/200 618 CONNECT safebrowsing.google.com:443 - HIER_DIRECT/83.169.197.213 -
1462979124.004 0 192.168.3.1 TAG_NONE/400 3875 GET / - HIER_NONE/- text/html
1462979124.113 0 192.168.3.1 TAG_NONE/400 3897 GET /favicon.ico - HIER_NONE/- text/html
1462979128.700 0 192.168.3.1 TAG_NONE/400 3875 GET / - HIER_NONE/- text/html
1462979128.816 0 192.168.3.1 TAG_NONE/400 3897 GET /favicon.ico - HIER_NONE/- text/html
1462979184.477 123 192.168.3.26 TCP_MISS/403 4565 GET http://ya.ru/ - HIER_NONE/- text/html
1462979184.477 174 192.168.3.1 TCP_MISS/403 4655 GET http://ya.ru/ - ORIGINAL_DST/192.168.3.26 text/html
1462979184.486 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979184.514 0 192.168.3.26 TCP_MISS/403 4536 GET http://ya.ru/favicon.ico - HIER_NONE/- text/html
1462979184.514 0 192.168.3.1 TCP_MISS/403 4626 GET http://ya.ru/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
1462979187.144 0 192.168.3.26 TCP_MISS/403 5696 GET http://rambler.ru/ - HIER_NONE/- text/html
1462979187.144 51 192.168.3.1 TCP_MISS/403 5786 GET http://rambler.ru/ - ORIGINAL_DST/192.168.3.26 text/html
1462979187.154 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979187.183 0 192.168.3.26 TCP_MISS/403 5672 GET http://rambler.ru/favicon.ico - HIER_NONE/- text/html
1462979187.183 0 192.168.3.1 TCP_MISS/403 5762 GET http://rambler.ru/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
1462979201.904 0 192.168.3.26 TCP_MISS/403 5696 GET http://rambler.ru/ - HIER_NONE/- text/html
1462979201.904 0 192.168.3.1 TCP_MISS/403 5786 GET http://rambler.ru/ - ORIGINAL_DST/192.168.3.26 text/html
1462979201.911 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979201.919 0 192.168.3.26 TCP_MISS/403 5672 GET http://rambler.ru/favicon.ico - HIER_NONE/- text/html
1462979201.919 0 192.168.3.1 TCP_MISS/403 5762 GET http://rambler.ru/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
1462979502.811 0 192.168.3.26 TCP_MISS/403 5696 GET http://rambler.ru/ - HIER_NONE/- text/html
1462979502.811 46 192.168.3.1 TCP_MISS/403 5786 GET http://rambler.ru/ - ORIGINAL_DST/192.168.3.26 text/html
1462979502.819 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979502.825 0 192.168.3.26 TCP_MISS/403 5672 GET http://rambler.ru/favicon.ico - HIER_NONE/- text/html
1462979502.825 1 192.168.3.1 TCP_MISS/403 5762 GET http://rambler.ru/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
1462979575.252 0 192.168.3.26 TCP_MISS/403 5696 GET http://rambler.ru/ - HIER_NONE/- text/html
1462979575.252 1 192.168.3.1 TCP_MISS/403 5786 GET http://rambler.ru/ - ORIGINAL_DST/192.168.3.26 text/html
1462979575.262 0 192.168.3.1 TCP_IMS_HIT/304 294 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979575.269 0 192.168.3.26 TCP_MISS/403 5672 GET http://rambler.ru/favicon.ico - HIER_NONE/- text/html
1462979575.270 1 192.168.3.1 TCP_MISS/403 5762 GET http://rambler.ru/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
1462979581.993 0 192.168.3.26 TCP_MISS/403 4608 GET http://vk.com/ - HIER_NONE/- text/html
1462979581.993 29 192.168.3.1 TCP_MISS/403 4698 GET http://vk.com/ - ORIGINAL_DST/192.168.3.26 text/html
1462979582.005 0 192.168.3.1 TCP_MEM_HIT/200 13054 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462979582.109 0 192.168.3.26 TCP_MISS/403 4557 GET http://vk.com/favicon.ico - HIER_NONE/- text/html
1462979582.110 0 192.168.3.1 TCP_MISS/403 4647 GET http://vk.com/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
1462979672.229 0 192.168.3.26 TCP_MISS/403 4565 GET http://ya.ru/ - HIER_NONE/- text/html
1462979672.229 47 192.168.3.1 TCP_MISS/403 4655 GET http://ya.ru/ - ORIGINAL_DST/192.168.3.26 text/html
1462979672.240 0 192.168.3.26 TCP_MISS/403 4518 GET http://ya.ru/favicon.ico - HIER_NONE/- text/html
1462979672.240 0 192.168.3.1 TCP_MISS/403 4608 GET http://ya.ru/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
1462979720.305 0 192.168.3.26 TCP_MISS/403 4411 POST http://tools.google.com/service/update2? - HIER_NONE/- text/html
1462979720.306 47 192.168.3.1 TCP_MISS/403 4501 POST http://tools.google.com/service/update2? - ORIGINAL_DST/192.168.3.26 text/html
1462979720.313 0 192.168.3.26 TCP_MISS/403 4418 POST http://tools.google.com/service/update2? - HIER_NONE/- text/html
1462979720.313 1 192.168.3.1 TCP_MISS/403 4508 POST http://tools.google.com/service/update2? - ORIGINAL_DST/192.168.3.26 text/html
1462979754.809 18 192.168.3.26 TCP_MISS/403 4355 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462979754.809 73 192.168.3.1 TCP_MISS/403 4445 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462979808.998 2 192.168.3.26 TCP_MISS/403 4350 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462979809.002 9 192.168.3.1 TCP_MISS/403 4440 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462979905.456 0 192.168.3.26 TCP_MISS/403 4355 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462979905.457 1 192.168.3.1 TCP_MISS/403 4445 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462980009.389 0 192.168.3.26 TCP_MISS/403 4355 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462980009.390 53 192.168.3.1 TCP_MISS/403 4445 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462980038.332 0 192.168.3.26 TCP_MISS/403 4355 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462980038.332 1 192.168.3.1 TCP_MISS/403 4445 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462980161.842 0 192.168.3.26 TCP_MISS/403 4355 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462980161.842 45 192.168.3.1 TCP_MISS/403 4445 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462980167.823 0 192.168.3.26 TCP_MISS/403 4355 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462980167.823 0 192.168.3.1 TCP_MISS/403 4445 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462980240.967 0 192.168.3.26 TCP_MISS/403 4355 GET http://www.gstatic.com/generate_204 - HIER_NONE/- text/html
1462980240.967 47 192.168.3.1 TCP_MISS/403 4445 GET http://www.gstatic.com/generate_204 - ORIGINAL_DST/192.168.3.26 text/html
1462980251.115 0 192.168.3.26 TCP_MISS/403 4425 GET http://mail.ru/ - HIER_NONE/- text/html
1462980251.116 29 192.168.3.1 TCP_MISS/403 4515 GET http://mail.ru/ - ORIGINAL_DST/192.168.3.26 text/html
1462980251.125 0 192.168.3.1 TCP_MEM_HIT/200 13054 GET http://proxy:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
1462980251.225 0 192.168.3.26 TCP_MISS/403 4375 GET http://mail.ru/favicon.ico - HIER_NONE/- text/html
1462980251.226 0 192.168.3.1 TCP_MISS/403 4465 GET http://mail.ru/favicon.ico - ORIGINAL_DST/192.168.3.26 text/html
cat /var/log/squid/cache.log
2016/05/11 18:32:35 kid1| WARNING: Forwarding loop detected for:
GET /generate_204 HTTP/1.1
Host: www.gstatic.com
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Via: 1.1 proxy (squid/3.5.17)
X-Forwarded-For: 192.168.3.1
Cache-Control: no-cache
Connection: keep-alive
2016/05/11 18:32:35| Pinger exiting.
2016/05/11 18:32:44 kid1| WARNING: Forwarding loop detected for:
GET /generate_204 HTTP/1.1
Host: www.gstatic.com
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Via: 1.1 proxy (squid/3.5.17)
X-Forwarded-For: 192.168.3.1
Cache-Control: no-cache
Connection: keep-alive
2016/05/11 18:33:00 kid1| WARNING: Forwarding loop detected for:
GET /generate_204 HTTP/1.1
Host: www.gstatic.com
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Via: 1.1 proxy (squid/3.5.17)
X-Forwarded-For: 192.168.3.1
Cache-Control: no-cache
Connection: keep-alive
Бьюсь об заклад, уже и не знаю, что делать, несколько дней пытался его заставить работать, но пока никак не получается. Может кто сталкивался с настройкой squid с похожими параметрами?