Squid + Firewall (squid.conf )

Firewall + Proxy Transparente

Categoria: Samba

Software: Squid + Firewall

[ Hits: 22.349 ]

Por: STARCK


Sou iniciante em Linux , mas estou postando aqui um squid.conf e firewall que funciona perfeitamente no meu Ubuntu 8.10 e 9.10, ele é completo e cada string foi comentada.

Espero ter ajudado com a comunidade pela qual tenho muito orgulho em participar...

Um abraço a todos e VIVA O LINUX!


#!/bin/bash

# Firewall,configurado e montado por: Alexandre Starck de Oliveira 
# Para esse arquivo ser iniciado no boot deve ser colocado de acordo com as regras abaixo: 

### 1º)-Dar permissão de arquivo executável Ex: chmod +x /etc/init.d/firewall

### 2º)-Primeira opção,para ser iniciado no boot.Colocar o diretório completo no arquivo rc.local Ex:

# vim /etc/rc.local
# /etc/init.d/firewall # esse diretório deve ser colocado na última linha do arquivo rc.local

### 3º)-Outra opção é criar um link simbólico. Ex: ln -s /etc/init.d/firewall /etc/rc5.d/S99Firewall
# O link apontará para o arquivo /etc/init.d/firewall, que é o nosso script, o S99 do arquivo de link significa: 
# o "S" de Start (iniciar) e o 99 é a ordem que ele será executado juntamente com o sistema. 


# Compartilhando a Internet
echo 1 > /proc/sys/net/ipv4/ip_forward

# Variáveris #
LanExt=eth1 # placa de internet
LanInt=192.168.10.1/24
Rede=192.168.10.0/24 # minha rede local

# Módulos #
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

####################
### Função START ###
####################

firewall_start() {
echo "Iniciando o Firewall.......................[ OK ]"

# Limpa as regras #
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle

# Politicas padrao #
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

# Manter conexoes jah estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT

#######################
### LOG DO FIREWALL ###
#######################

#iptables -A INPUT -d $LanExt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 22"
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"


###############################
#         Proteções           #
###############################

# Protege contra os "Ping of Death"
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT

# Protege contra port scanners avançados (Ex.: nmap)
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 20/m -j ACCEPT

# Bloqueando tracertroute
iptables -A INPUT -p udp -s 0/0 -i eth1 --dport 33435:33525 -j REJECT

# Protecoes contra ataques
iptables -A INPUT -m state --state INVALID -j REJECT


###############################
#       TABELA Input          #
###############################
### Destino Externo ###

# Liberando Porta 22 (SSH)
#iptables -A INPUT -d $LanExt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 2222"
iptables -A INPUT -d $LanExt -p tcp --dport 22 -j ACCEPT

# Liberando Porta 21 (ftp)
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
iptables -A INPUT -d $LanExt -p tcp --dport 21 -j ACCEPT

### Destino Interno ###

# Liberando Porta 22 (SSH)
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
iptables -A INPUT -d $LanInt -p tcp --dport 22 -j ACCEPT

# Liberando porta 3128 (Squid)
iptables -A INPUT -d $LanInt -p tcp --dport 3128 -j ACCEPT

# Liberando Porta 80 (http)
#iptables -A INPUT -d $LanInt -p tcp --dport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP INT 80"
iptables -A INPUT -d $LanInt -p tcp --dport 80 -j ACCEPT


# Liberando Porta 21 (ftp)
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"
iptables -A INPUT -d $LanInt -p tcp --dport 21 -j ACCEPT

# Liberando porta 3000 (NTOP)
iptables -A INPUT -d $LanInt -p tcp --dport 3000 -j ACCEPT

###############################
#       TABELA Forward        #
###############################


# Libera computador das regras do firewall
iptables -A FORWARD -s 192.168.4.13 -p tcp  -j ACCEPT
iptables -A FORWARD -s 192.168.4.13 -p udp  -j ACCEPT

### MSN ###

# Libera msn para o IP #


# nome
iptables -A FORWARD -s 192.168.4.11 -p tcp --dport 1863 -j ACCEPT


# Bloqueio de MSN #

#iptables -A FORWARD -s 192.168.4.0 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 192.168.4.0 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d webmessenger.msn.com -j DROP
#iptables -A FORWARD -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -d 64.4.13.0/24 -j DROP

# Liberando Porta 2222 (SSH)
iptables -A FORWARD -s $Rede -p tcp --dport 2222 -j ACCEPT

# Liberando Porta 22 (SSH)
iptables -A FORWARD -s $Rede -p tcp --dport 22 -j ACCEPT
# Liberando Porta 110 (pop-3)
iptables -A FORWARD -s $Rede -p tcp --dport 110 -j ACCEPT

# Liberando Porta 995 (spop-3)
iptables -A FORWARD -s $Rede -p tcp --dport 995 -j ACCEPT

# Liberando Porta 25 (smtp)
iptables -A FORWARD -s $Rede -p tcp --dport 25 -j ACCEPT

# Liberando Porta 465 (smtp-s)
iptables -A FORWARD -s $Rede -p tcp --dport 465 -j ACCEPT

# Liberando Porta 2121 (ftp)
iptables -A FORWARD -s $Rede -p tcp --dport 2121 -j ACCEPT

# Liberando Porta 21 (ftp)
iptables -A FORWARD -s $Rede -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -s $Rede -p udp --dport 20 -j ACCEPT

# Liberando porta 53 (DNS)
iptables -A FORWARD -s $Rede -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s $Rede -p udp --dport 53 -j ACCEPT

# Regras forward para o funcionamento de redirecionamento de portas (NAT)
# Redirecionando porta 5900 (VNC)
#iptables -A FORWARD -p tcp --dport 5900 -j ACCEPT
#ptables -A FORWARD -p tcp --dport 5800 -j ACCEPT

###############################
######### TABELA NAT ## #######
###############################

# Redireconamento de portas
# VNC Para algum micro (192.168.1.31 = nome da pessoa)
#iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 5900 -j DNAT --to 192.168.0.77:5900

# Mascaramento de rede para acesso externo #
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

#Bloqueia todo o resto
#iptables -A INPUT -p tcp -j LOG --log-level 6 --log-prefix "FIREWALL: GERAL "
iptables -A INPUT -p tcp --syn -j DROP
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -p udp -j DROP

}

##################
### Função STOP ##
##################

firewall_stop() {

echo "Parando firewall e funcionando apenas com mascaramento ........................[ OK ]"

# Limpa as regras #

iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle

# Politicas padrao #

iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

# Manter conexoes jah estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT

###############################
#       TABELA Forward        #
###############################

### MSN ###

# Libera msn para o IP #


# nome
#iptables -A FORWARD -s 192.168.0.34 -p tcp --dport 1863 -j ACCEPT

# nome
#iptables -A FORWARD -s 192.168.0.5 -p tcp --dport 1863 -j ACCEPT


# Bloqueio de MSN #

#iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 192.168.1.0 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d webmessenger.msn.com -j DROP
#iptables -A FORWARD -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -d 64.4.13.0/24 -j DROP

###############################
######### TABELA NAT ## #######
###############################


# Mascaramento de rede para acesso externo #
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Efetivando o PROXY TRANPARENTE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 # (Redireciona para o squid) - eth1 -> Placa de rede local
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT




echo "Regras Limpas e Firewall desabilitado ...........................................[ << ATENÇÂO >> FIREWALL DESATIVADO ]"

firewall_restart() {

echo "Reiniciando Firewall.............................................................................[ OK ]"

  firewall_stop
  sleep 3
  firewall_start

echo "Firewall Reiniciado..............................................................................[ OK ]"

}

case "$1" in
'start')
  firewall_start

echo "Firewall Iniciado................................................................................[ OK ]"

  ;;
'stop')
  firewall_stop
  ;;
'restart')
  firewall_restart
  ;;
*)
        echo "Opções possíveis:"
        echo "firewall start"
        echo "firewall stop"
        echo "firewall restart"
esac


                   
### <<<FIM>>> ###

### Meu Proxy ######
###############################################################
# squid.conf (configuração) 
# Por Alexandre Starck de Oliveira 
# e-mail starck2007@hotmail.com 

# Nessa versão é bem diferente as configurações de proxy transparente, não é necessário mais acrescentar essas linhas no arquivo squid.conf:

# httpd_accel_port 80
# httpd_accel_host virtual
# httpd_accel_with_proxy on
# httpd_accel_uses_host_header on

# >> Agora só precisa colocar:

# http_port 3128 transparent vhost vport

# always_direct allow all

# >> O restante da configuração é o padrão do Squid. 


http_port 3128 transparent 192.168.10.1:3128
error_directory /usr/share/squid3/errors/pt-br
visible_hostname Servidor # como root digite hostname
dns_nameservers 200.149.55.140 200.165.132.147 # padrão "TELEMAR".Em caso de dúvida ligar para velox para fornecer seu número de DNS....
always_direct allow all A

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 22 80 139 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost 
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# Aqui entram todas as ACL's 

# *** Define a lista de palavras impróprias

acl palavras dstdomain -i "/etc/squid/list/palavras"
http_access deny palavras

# *** Define a lista de sites impróprios

acl sites url_regex -i "/etc/squid/list/sites"
http_access deny sites


acl Rede src 192.168.10.0/24
http_access allow localhost
http_access allow Rede
http_access deny all

# OBS: Não esquecendo de inserir os DNS's,IP's e GATEWAY nas "Máquinas Virtuais".
# IMPORTANTE: Usar cabo "crossouver" para as máquinas locais <<SEMPRE>>.
###<<<< FIM >>>>###
  


Comentários
[1] Comentário enviado por nokyboney em 05/05/2010 - 19:28h

Tenho o squid abaixo, tudo funciona, menos a internet... sou novato no linux, me deem um help, please.
"Onde foi que eu errei?"
Segue o script:

asprofw-sp:/etc/squid# vi squid.conf
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts

### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
"squid.conf" [converted] 102L, 3346C 1,1 Top
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts

### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts

### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all


http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy

#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################

error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
90,1 Bot
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts

### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
ftp_passive on
hosts_file /etc/hosts

### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
refresh_pattern . 0 20% 4320

#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all


http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy

#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################

error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw


Aguardo retorno.

Alcenir
alcenir_5@hotmail.com

[2] Comentário enviado por marcianofliegner em 22/02/2012 - 21:43h

Alcenir não funciona a internet na sua maquina ou na rede???



Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts