controlar o acesso da rede pelo webmin

fabianopmth
(usa CentOS)

Enviado em 30/08/2013 - 09:59h

bom dia pessoal

queria fazer o bloqueio de alguns sites da minha rede interna pelo web min, mas nao estou conseguindo configurar o squid.conf, acaba nao rodadando o squid.
minha rede interna é 192.168.1.0/24

o erro que da no webmin é que nao consegue iniciar o squid.
o erro é esse:



Iniciando o squid: [FALHOU]
2013/08/30 06:42:59| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2013/08/30 06:42:59| cache_cf.cc(364) parseOneConfigFile: squid.conf:1 unrecognized: 'Z'
2013/08/30 06:42:59| WARNING: 'server1' rDNS test failed: (0) Success
2013/08/30 06:42:59| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2013/08/30 06:42:59| WARNING: 'server1' rDNS test failed: (0) Success
2013/08/30 06:42:59| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2013/08/30 06:42:59| Initializing https proxy context


alguem pode me ajudar ou me dar alguma sujestão?
obrigado

fabianopmth
(usa CentOS)

Enviado em 30/08/2013 - 10:02h

esqueci de mencionar que o sistema operacional é um centos 6.4

danniel-lara
(usa Fedora)

Enviado em 30/08/2013 - 10:04h

posta ai o seu squid.conf

fabianopmth
(usa CentOS)

Enviado em 30/08/2013 - 11:52h

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl proibidos proxy_auth REQUIRED
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
~
1,1 Topo

saitam
(usa Slackware)

Enviado em 30/08/2013 - 11:59h

O erro esta dizendo


Iniciando o squid: [FALHOU]
2013/08/30 06:42:59| Processing Configuration File: /etc/squid/squid.conf (depth 0)
Verifique a linha 364 (parseOneConfigFile) do squid.conf
2013/08/30 06:42:59| cache_cf.cc(364) parseOneConfigFile: squid.conf:1 unrecognized: 'Z'
Verifique seu DNS e hostname do servidor
2013/08/30 06:42:59| WARNING: 'server1' rDNS test failed: (0) Success
2013/08/30 06:42:59| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2013/08/30 06:42:59| WARNING: 'server1' rDNS test failed: (0) Success
2013/08/30 06:42:59| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2013/08/30 06:42:59| Initializing https proxy context

fabianopmth
(usa CentOS)

Enviado em 30/08/2013 - 12:20h

43
44 # We strongly recommend the following be uncommented to protect innocent
45 # web applications running on the proxy server who think the only
46 # one who can access services on "localhost" is a local user
47 #http_access deny to_localhost
48
49 #
50 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
51 #
52
53 # Example rule allowing access from your local networks.
54 # Adapt localnet in the ACL section to list your (internal) IP networks
55 # from where browsing should be allowed
56 http_access allow localnet
57 http_access allow localhost
58
59 # And finally deny all other access to this proxy
60 http_access deny all
61
62 # Squid normally listens to port 3128
63 http_port 3128
64
65 # We recommend you to use at least the following line.
66 hierarchy_stoplist cgi-bin ?
67
68 # Uncomment and adjust the following to add a disk cache directory.
69 #cache_dir ufs /var/spool/squid 100 16 256
70
71 # Leave coredumps in the first cache dir
72 coredump_dir /var/spool/squid
73
74 # Add any of your own refresh_pattern entries above these.
75 refresh_pattern ^ftp: 1440 20% 10080
76 refresh_pattern ^gopher: 1440 0% 1440
77 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
78 refresh_pattern . 0 20% 4320
79 cache_effective_user squid
80 cache_effective_group squid
-- INSERÇÃO --
amigo encerra assim

server1 é o nome do servidor

e o dns é 127.21.0.2

o erro no webmin é esse


Falhou ao reconfigurar o squid :

2013/08/30 09:18:58| Can't use proxy auth because no authentication schemes are fully configured.
FATAL: ERROR: Invalid ACL: acl proibidos proxy_auth "/etc/squid/bloqueados/sites"

Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.001 user + 0.007 sys
Maximum Resident Size: 22512 KB
Page faults with physical i/o: 0


alguma luz?

saitam
(usa Slackware)

Enviado em 30/08/2013 - 13:23h

2013/08/30 09:18:58| Can't use proxy auth because no authentication schemes are fully configured.
FATAL: ERROR: Invalid ACL: acl proibidos proxy_auth "/etc/squid/bloqueados/sites"

Verifique a ACL proibidos esta setada e o arquivo /etc/squid/bloqueados/sites existe com permissão de leitura.

saitam
(usa Slackware)

Enviado em 30/08/2013 - 13:25h

Segue o howto Squid proxy autenticado - http://mundodacomputacaointegral.blogspot.com.br/2012/05/entendendo-o-funcionamento-de-um.html

fabianopmth
(usa CentOS)

Enviado em 02/09/2013 - 11:28h

pessoal, o erro aparece assim

[root@server1 squid]# service squid restart
Parando o squid: [FALHOU]
Iniciando o squid: [FALHOU]
2013/09/02 08:19:54| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2013/09/02 08:19:54| aclParseAclList: ACL name '3128' not found.
FATAL: Bungled squid.conf line 33: http_access deny 3128
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.005 seconds = 0.004 user + 0.001 sys
Maximum Resident Size: 22544 KB
Page faults with physical i/o: 0

nao estou sabendo como ajustar.

alguma dica a mais ou alguem disposto a fazer um acesso remoto pelo team viewer?

agradeço

joaoaraujo
(usa openSUSE)

Enviado em 02/09/2013 - 12:09h

tenta com este squid.conf, não esqueça de mudar o ip de acordo com a sua rede e criar o sites_proibidos em /etc/squid/.

######## Porta de proxy #########
http_port 192.168.10.7:3128

######## Host visível ##########
visible_hostname seu_dominio

##### Log de acesso à páginas ######
access_log /var/log/squid/access.log


httpd_suppress_version_string on

## Páginas de bloqueios exibidos em Português

error_directory /usr/share/squid/errors/pt-br

cache_effective_user proxy
cache_effective_group proxy

## Tamanho máximo do arquivo no cache em RAM e disco, respectivamente

maximum_object_size_in_memory 64 KB

maximum_object_size 5000 MB
minimum_object_size 0 KB

## Porcentagem de uso do cache de disco mínimo e máximo,respectivamente

cache_swap_low 90
cache_swap_high 95

## Log de uso do cache em disco

cache_access_log /var/log/squid/cache.log

## Espaço de 5GB em disco para o cache de páginas

cache_dir ufs /var/spool/squid 5200 128 256


###### Regra que ir-a bloquer todos os sites que estaja na lista ####
acl sites_proibidos url_regex -i "/etc/squid/sites_proibidos"
http_access deny sites_proibidos

### Tamanho de armazenamento de cahe ####
cache_mem 512 MB

############################################################################
################# Especificação de portas seguras ##########################
############################################################################
acl manager proto cache_object
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 11194 # vpn
acl Safe_ports port 8069 # aplicacao h2a
acl Safe_ports port 1521 # oracle
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 243 563 443 2200 4343 8008 8009 10001 10002 1723 47 # https, snews
acl Safe_ports port 70 # goper
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl purge method PURGE
acl CONNECT method CONNECT

######## Rede interna ########
acl all src 0.0.0.0/0.0.0.0
acl rede_local src 192.168.10.0/24
acl localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
http_access allow localhost
http_access allow rede_local
http_access deny all

fabianopmth
(usa CentOS)

Enviado em 02/09/2013 - 12:20h

o meu ip
eu recebo no servidor 10.1.1.3
faço o roteamento para 192.168.1.0/24

no meu ip eu uso o 192.168.1.0?

joaoaraujo
(usa openSUSE)

Enviado em 02/09/2013 - 12:25h

onde tiver 192.168.1.0 você troca pelo ip da sua rede que no caso deve ser 10.1.1.0 e onde tem 192.168.1.7:3128 você poe o ip do seu servidor