thiagoradical
(usa Debian)
Enviado em 30/11/2011 - 11:13h
Boa tarde a todos, como mencionei sou novo no linux, tem uns 6 meses que migrei para o linux, de agora em diante uso servidores linux. Enfim...
Instalei squid 2.7 stable 9 no Debian 6 pra roda em modo transparent, o squid esta operando, ja adicionei as regras do iptables, eu nao consigo fazer nat, abaixo segue as configurações da rede, squid.conf e rc.local:
Minhas configurações de rede são as seguintes, uso classe para ip tipo C, 192.168.0.0, GW 192.168.0.1
etho entra a internet
eth1 rede externa #eu necessito da nat para uma classe ip diferente#
Haveria possibilidade de roda um servidor proxy enviando endereçamento IP por DHCP.
Desculpe os possiveis erros, estou aprendendo e fazendo um cursinho ja.
http_port 3128 transparent
visible_hostname servidorsquid
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 110 25 # pop-smtp
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl bloqueados url_regex -i "/etc/squid/bloqueados"
http_access deny bloqueados
acl palavrasproibidas dstdom_regex "etc/squid/palavrasproibidas"
http_access deny palavrasproibidas
acl redelocal src 192.168.0.0/255.255.255.0
http_access allow localhost
http_access allow redelocal
http_access deny all
##############################################################################
rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/usr/local/bin/firewall
exit 0
#############################################################################
firewall
#!/bin/bash
#
# Script criado por Office
echo "Ativando compartilhamento"
#Ativando Roteamento de pacote
echo1 > /proc/sys/net/ipv4/ip_forward
#NAT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo "Compartinhamento ativado"
iptables -t nat -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#################################################################################################
interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.35
netmask 255.255.255.0
gateway 192.168.0.1
network 192.168.0.0
broadcast 192.168.0.255
auto eth1
iface eth1 inet static
address 192.168.1.40
netmask 255.255.255.0
broadcast 192.168.1.255
#######################################################################################################
erro quando restarto as interfaces
Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces ... (warning).
Reconfiguring network interfaces...done.