Duvida no Squid

1. Duvida no Squid

Enviado em 21/09/2010 - 11:31h

Ola pessoal estou montando um servidor de internet com squid. Minhas situação é o seguinte tenho duas placa de rede eth0 que é aque recebe a internet de fora e a eth1 que rede local, tenho squid.conf montado e rodando sem erro mas na hora que libero os ips para acessar as maquinas clientes não acessao nada. seque o squid.conf

http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 200 MB
cache_swap_low 80
cache_swap_high 100
maximum_object_size 4000 KB
minimum_object_size 5 KB
maximum_object_size_in_memory 1000 KB
ipcache_size 5000
ipcache_low 90
ipcache_high 95
fqdncache_size 5000
cache_replacement_policy lru
memory_replacement_policy lru
cache_effective_user proxy
cache_effective_group proxy
cachemgr_passwd none all
error_directory /usr/share/squid/errors/Portuguese
cache_dir diskd /cache 5000 16 256 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
visible_hostname EMPRESA
logfile_rotate 10
#auth_param basic program /usr/local/squid/libexec/ncsa_auth /etc/squid/autenticacao/passwd
#auth_param basic children 5
#auth_param basic realm Digite a sua senha
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
connect_timeout 120 seconds
peer_connect_timeout 120 seconds
read_timeout 15 minutes
request_timeout 2 minutes
half_closed_clients off
shutdown_lifetime 15 seconds

########################################## ACLs ###################################
acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.5.0/24
acl manager proto cache_object
acl pcmanager src 127.0.0.1/255.255.255.255
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

##### ACL DE BLOQUEIOS
#Extensoes de arquivos
acl bloqext url_regex -i "/etc/squid/bloqext.txt"

# Bloquear ORKUT
acl bloqtotal url_regex -i "/etc/squid/bloqtotal.txt"

# bloquear sites pornos
acl bloqporno dstdomain "/etc/squid/[*****]"

# bloquear blacklist
acl sitesbloqueados dstdomain "/etc/squid/blacklist.txt"

# bloquear skype
acl blskype urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

##################################################

##### LISTA DE PCS
# Equipamentos de informatica
acl pc_infor src "/etc/squid/pc_infor.txt"

# Equipamentos servidores
acl pc_servidores src "/etc/squid/pc_srv.txt"

# pcs que acessam so whitelist
acl pcwhitelist src "/etc/squid/pc_whitelist.txt"

# pcs que acessam menos blacklist
acl pcblacklist src "/etc/squid/pc_blacklist.txt"
##################################################

##### LIBERACAO
#Sites liberados para whitelist
acl sitesliberados dstdomain "/etc/squid/whitelist.txt"

####################################### ACESSOS ##################################

# CONFIG ESSENCIAIS
#always_direct deny local
# Deny requests to unknown ports
http_access deny !Safe_ports
http_access allow to_localhost
http_access allow localhost
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
######
############ ACESSOS ESPECIFICOS
# acesso estatisticas squid
http_access allow manager pcmanager
http_access deny manager

# acesso snmp
snmp_access allow all

# acesso equip. informatica
http_access allow pc_infor

# bloqueio total ([*****])
http_access deny bloqporno
http_access deny bloqtotal

# acesso equip. servidores
http_access allow pc_servidores

# bloqueios
http_access deny bloqext

# bloquear skype
http_access deny CONNECT blskype

# whitelist
http_access allow pcwhitelist sitesliberados

# blacklist
http_access allow pcblacklist !sitesbloqueados

# rede local
http_access allow lan

#bloquear outros acessos
http_access deny all

Coloquei as maquinas no arquivo pc_infor mas não acessarao nada.

andei dando um pesquizada tem q usar algumas regras de iptables como redirecionamento como tudo q chegar na eth1 redirecionar para porta 3128 se for so isso como eu fasso ?

estou precisando urgente pessoal pois os usuarios estao acessando a internte sem nem um controle.

0 0

Quote