Squid (squid.conf)
Uma configuração de Squid básica, pra rodar sem problemas, limpo e prático.
http_port 3123 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 512 MB cache_dir ufs /cache 2100 16 256 cache_access_log /var/lib/squid/logs/access.log cache_log /var/lib/squid/logs/cache.log cache_store_log /var/lib/squid/logs/store.log auth_param basic program /usr/libexec/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 1863 acl Safe_ports port 81 acl CONNECT method CONNECT acl negados url_regex -i "/etc/squid/negado" acl rede_interna src 192.168.10.0/32 acl user1 proxy_auth "/etc/squid/usuarios/user1" acl user2 proxy_auth "/etc/squid/usuarios/user2" http_access allow manager localhost http_access allow user1 all !negados http_access allow user2 all !negados http_access deny all http_access deny rede_interna negados http_reply_access allow all icp_access allow all
#!/bin/bash
ALLOW _TCP_FOR="20 22 53 80 443" FOR PT_FOR IN $ALLOW_TCP_FOR
ALLOW _TCP_FOR="8180" FOR PT_FOR IN $ALLOW_TCP_FOR
done
IPTABLES -A FORWARD -P TCP --DPORT 1024:$ALLOW_TCP_FOR
IPTABLES -A FORWARD -P TCP --SPORT 1024:$ALLOW_TCP_FOR
IPTABLES -A FORWARD -A TCP -O 3128:$ALLOW_TCP_FOR -J ACCEPT
IPTABLES -T NAT -A POSTROUTING -O $ IFAC _INET -J MASQUEREDE
IPTABLES -A FORWARD -S 0/0 -P UDP --SPORT 53 -J ACCEPT
IPTABLES -A INPUT -S 192.168.0.0/20 -J ACCEPT
IPTABLES -A OUTPUT -S 192.168.0.1/20 -J ACCEPT
IPTABLES -A OUTPUT -S 192.168.0.1 192.168.0.0 $ IFAC _INET -J ACCEPT MASQUEREDE