Win7 網際網路「打叉」卻又可以連上網際網路


win7 x64 網際網路存取打叉,但是可以上網


今天就是因為 office2013 無法插入線上圖片,原因是一直出現網際網路無法連線,但是電腦又可以上網。只有網際網路存取是打叉的狀態。果然,一停用VirtualPC 所建立的 HostOnly 網路介面卡後,上述兩個問題就一並解決了。同時也解決,先前IE開首頁一直很慢的問題(首頁是google首頁)。

後記:沒多久,同一台電腦又出現同樣的問題。這次的發現是因為,在 Win7 上不宜直接將 squid 代理伺服器:通透式代理(Transparent Proxy) 設為預設閘道,最好是在IE上設定其為代理伺服器。才不會出現無網路連線的狀態(網際網路打叉的問題)。

Using a parent proxy with Squid

Using a parent proxy with Squid

January 23rd, 2007 | Tech

If you want Squid to be part of a hierarchy of proxies or you just want Squid to fetch content not directly from a web server but rather indirectly from another proxy then read on how to do that.
You can use the cache_peer directive to add parent proxies which Squid will ask for content. Furthermore you can control whether content will be fetched directly or indirectly with always_direct or never_direct respectively.

For example

cache_peer parent 8080 0 no-query no-digest
never_direct allow all
would tell Squid to always fetch content from the parent proxy, which is located at If we wouldn’t use the second directive there may be certain circumstances where Squid would ask directly for content and would ignore the parent proxy; this isn’t what we want.

There are a lot of options available which I don’t want to discuss here, because they are very well documented, but no-query and no-digest say that no ICP requests or cache digests should be send to the parent proxy (read: nagging should be turned off ).

Multiple parent proxies

If you would like to have more than one parent proxy you can add more cache_peer directives; one for each parent. Now you can define either weight or round-robin to control the way Squid will communicate with the proxies: while weight tells Squid to prefer one cache over another, round-robin tries to spread connections evenly among the defined caches.

First of all a simple example for two parent proxies:

cache_peer parent 8080 0 no-query no-digest default
cache_peer parent 8080 0 no-query no-digest

If you define more than one parent proxy you might want to set one as the default proxy, which is used as a last resort.

An example for weight:

cache_peer parent 8080 0 no-query no-digest weight=1
cache_peer parent 8080 0 no-query no-digest weight=2

In this example it is likely that the proxy from the second ISP will be favored over the first one.

And here an example for round-robin:

cache_peer parent 8080 round-robin no-query
cache_peer parent 8080 round-robin no-query
cache_peer parent 8080 round-robin no-query

All connections to our proxy would be round-robined among these three caches. Because Squid treats all parents equally, it is currently not possible to define a weight here, e.g. to forward 50% of the requests to the first proxy and 25% to the second and third proxy respectively.

This post documents how to configure Squid to use a parent proxy or various parent proxies. Please have a look at the most recent documentation to learn more about the configuration details and features available in the latest version of Squid.


Squid Increase Processes WARNING: All redirector processes are busy.

11.4.2 redirect_children

The redirect_children directive specifies how many redirector processes Squid should start. For example:
redirect_children 20
Squid warns you (via cache.log) when all redirectors are simultaneously busy:
WARNING: All redirector processes are busy.

WARNING: 1 pending requests queued.
If you see this warning, you should increase the number of child processes and restart (or reconfigure) Squid. If the queue size becomes twice the number of redirectors, Squid aborts with a fatal message.
Don’t attempt to disable Squid’s use of the redirectors by setting redirect_children to 0. Instead, simply remove the redirect_program line from squid.conf.

squidGuard 允許

Squid to 已設定 squidGuard 允許,但實際卻不能連上。

已開放 domain 「 及」,都不行拜訪 網站。

需要加上 「 及」,兩個 domain name 才能正常拜訪

squid+c-icap+clamav = gateway antivirus scanner

squid+c-icap+clamav = gateway antivirus scanner

建置簡單的網路代理閘道,代理內部網路 Http 協定的流量。系統使用 64 位元 CentOS 6.3 ,並安裝 squid3 代理伺服器與 c-icap 伺服器(實作 icap 的工具程式),利用 c-icap clamav modules 掃描代理下載 Http 的內容是否含有病毒。

1.安裝 centos 6.3 系統,選擇安裝為 Web Server 系列套件安裝。安裝CentOS6.3

FEDORA 專案所使用的 GPG 金鑰

2.安裝 EPEL 套件庫

#rpm –import

#rpm -ivh

3.系統安裝完成後, 第一件事「系統更新」

#yum update

4.安裝 squid,clamav,clamav-devel 套件及更新病毒碼

#yum install squid clamav clamav-devel

5.下載 c-icap 和 c-icap-modules ,c-icap 專案位址



#yum groupinstall “Development Tools"

7.解壓縮及安裝 c-icap 和 c-icap-modules

#tar -xzvf c_icap-0.2.5.tar.gz
#cd c_icap-0.2.5
#make install
#cd ..
#tar -xzvf c_icap_modules-0.2.4.tar.gz
#cd c_icap_modules-0.2.4
#make install

7.允許squid啟用icap協定,參照 編輯設定 /etc/squid/squid.conf 。avscan 服務被定義在 /usr/local/etc/virus_scan.conf 設定檔中。proxy transparent mode is important for gateway proxy.

#vim /etc/squid/squid.conf

http_port 3128 transparent

icap_enable on

icap_service service_req reqmod_precache bypass=1 icap://
adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=0 icap://
adaptation_access service_resp allow all

8.設定 /usr/local/etc/c-icap.conf ,引入 virus_scan.conf 設定檔(由 /usr/local/etc/virus_scan.conf 內容得知)。

#vim /usr/local/etc/c-icap.conf

Include virus_scan.conf

9.啟動 c-icap daemon 並設定開機自動啟用服務

#c-icap -f /usr/local/etc/c-icap.conf
#echo /usr/local/bin/c-icap -f /usr/local/etc/c-icap.conf >> /etc/rc.local

10.允許 iptables 開啟 squid 服務端口 3128 ,將 http 協定導向 3128 port 並放行 https 直接 forward。

#iptables -I INPUT -p tcp –dport 3128 -j ACCEPT
#iptables -I FORWARD -p tcp –dport 443 -j ACCEPT
#iptables -A PREROUTING -t nat -p tcp –dport 80 -j REDIRECT –to-port 3128iptables_filter_listiptables_nat_list

11.允許 squid gateway ip_forward , set net.ipv4.ip_forward enabled

#echo 1 > /proc/sys/net/ipv4/ip_forward

#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

12.儲存 iptables 設定檔,並設定開機時自動載入設定。

#iptables-save > /etc/iptables.conf
#echo “iptables-restore < /etc/iptables.conf" >> /etc/rc.local

13.設定開機自動啟用 squid 服務,並啟動 squid daemon 。

#chkconfig squid on
#servie squid startsquid&c-icap_ports

14.連線至 下載病毒測試檔,測試病毒是否有被成功阻擋。

# Gateway is squid Server and client ip is fall in which default squid localnet setting range.client_ip_address_setting


squid setting transparent proxy for every version

If you don’t want to modify the browser for using a proxy there is a method that is called “Transparent Proxy“; to use this you need to do like this:

Prior to Squid Version 2.6:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Squid Version 2.6 to 3.0:

http_port 3128 transparent

Squid Version 3.1+ :

http_port 3128 intercept

Thanks for taking the time to read this guide, I hope it’s helpful.