Xbox 360 e Squid

fastnetjundiai
(usa Fedora)

Enviado em 03/09/2009 - 12:00h

Caros amigos...

Montei um Net server com FC11 e ative o squid para fazer cache e melhorar a velocidade do meu Speedy, pois faço manutenção de micros em casa e sempre estou fazendo download de updates.

Pois bem, depois que ativei o squid não consigo mais ficar online no Xbox Live. Alguém já passou por isso? Que ACL´s preciso criar para ele passar pelo squid? Ou tem como eu passar o IP dele por fora do squid?

Para acompanhamento, meu rc.local hoje está assim:

touch /var/lock/subsys/local
#ifup ppp0
iptables -F
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
/usr/local/bin/noip2

####################################################################################
# Redirecionamentos para Area de trabalho remota - Windows - Porta padrao: 3389 #
####################################################################################
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 5555 -j DNAT --to 192.168.0.254

####################################################################################
# Redirecionamentos para Servidor FTP - Windows Server 2003 - Porta padrao: 21 #
####################################################################################
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 21 -j DNAT --to 192.168.0.254

####################################################################################
# Redirecionamentos para e-Mule #
####################################################################################
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 13502 -j DNAT --to 192.168.0.2
iptables -t nat -A PREROUTING -p udp -i ppp0 --dport 13503 -j DNAT --to 192.168.0.2
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 15015 -j DNAT --to 192.168.0.253
iptables -t nat -A PREROUTING -p udp -i ppp0 --dport 20961 -j DNAT --to 192.168.0.253
#iptables -t nat -A PREROUTING -p tcp -i eth3 --dport 1723 -j DNAT --to 192.168.0.101
#iptables -t nat -A PREROUTING -p udp -i eth3 --dport 1723 -j DNAT --to 192.168.0.101

#####################################################################################
# Redirecionamento para Xbox360 #
#####################################################################################
iptables -t nat -A PREROUTING -p udp --dport 88 -i ppp0 -j DNAT --to 192.168.0.5
iptables -t nat -A PREROUTING -p tcp --dport 3074 -i ppp0 -j DNAT --to 192.168.0.5
iptables -t nat -A PREROUTING -p udp --dport 3074 -i ppp0 -j DNAT --to 192.168.0.5
iptables -t nat -A POSTROUTING -p udp -s 192.168.0.5 --sport 88 -j MASQUERADE --to-ports 88
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.5 --sport 3074 -j MASQUERADE --to-ports 3074
iptables -t nat -A POSTROUTING -p udp -s 192.168.0.5 --sport 3074 -j MASQUERADE --to-ports 3074

########################################################################
# Bloqueios Diversos #
########################################################################
#iptables -A FORwARD -s 192.168.0.244 -j REJECT
#iptables -A FORWARD -s 192.168.0.245 -j REJECT
#iptables -A FORWARD -s 192.168.0.89 -j REJECT

########################################################################
# Redirecionamento para o Squid Proxy Cache #
########################################################################
#iptables -t nat -A PREROUTING -i eth1 -p tcp ! -d 200.201.0.0/16 --dport 80 -j REDIRECT --to-port 3128

O meu squid.conf está assim:

http_port 3128 transparent
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 500 MB
cache_dir ufs /var/spool/squid 25000 64 512
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl minharede src 192.168.0.0/255.255.255.0
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# acl pra sites direto, nao passar pelo cache
# acl NOCACHE url_regex "/etc/squid/direto.txt" \?
# no_cache deny NOCACHE
# acl pra bloquear palavras nos enderecos e liberar excessao
# acl negapalavra url_regex "/etc/squid/negapalavra.txt"
# acl liberapalavra url_regex "/etc/squid/regras/Livres"
# http_access allow liberapalavra all
# http_access deny negapalavra all
http_access allow minharede
http_access deny all
cache_mgr fastnet@terra.com.br
cache_effective_user squid
cache_effective_group squid
visible_hostname firewall.fastnet.com