PROXY TRANSPARENTE

To: lista <debian-user-portuguese@lists.debian.org>
Subject: PROXY TRANSPARENTE
From: Josemar Vieira <josemarcaragua@yahoo.com.br>
Date: Mon, 02 Jun 2003 16:07:41 -0300
Message-id: <[🔎] oprp5l23gmoyulee@smtp.mail.yahoo.com.br>

olá lista tenho em meu servidor o iptables liberando o acesso a internetatravez do speedy (eth1) para minha rede interna 192.168.1.0(eth0) porem agora preciso bloquear sites, downloads, rádios, icq e afins,configurei td para um proxy tranaparente Adicionei as linhas necessárias aosquid.conf mas acho q a posiçao das linhas naum estaum

corretas.Pois naum funciona tipo no navegador eu adiciono o servidor
proxy, ai td bem ele navega se eu tiro o servidor proxy ele navaga tb.....

A linha do iptables q uso eh iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT -to-port 3128 (jah tentei sem o -i eth0 tb)

Para minha rede navegar sem o proxy uso iptables -t nat -A POSTROUTING -s192.168.1.0/24 -j MASQUERADE


Oq pode estar errado ?

Abaixo estah meu squid.conf

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 90 MB
cache_swap_low 95
cache_swap_high 98
maximum_object_size 9000 KB
maximum_object_size_in_memory 20 KB
cache_dir ufs /var/spool/squid 500 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd
authenticate_children 5
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 21
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 901         # SWAT
acl CONNECT method CONNECT
acl purge method PURGE
acl intranet src 192.168.1.0/24
acl proibir_sites dstdomain "/etc/squid/proibidos"
acl proibir_palavras url_regex -i "/etc/squid/palavras"
acl password proxy_auth REQUIRED
acl liberar_palavras url_regex -i "/etc/squid/liberado"
acl controle1 url_regex -i 192.168.1

acl controle2 url_regex -i ftp .exe mp3 .vqf .tar.gz .gz .rpm .zip .rar.avi .mp

eg .mpg .qt .ram .rm .iso .raw .wav .mov .wmv http_access allow localhost
#http_access allow password
http_access allow intranet password
http_access allow manager localhost
http_access allow purge localhost
http_access allow liberar_palavras
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny proibir_sites
http_access deny proibir_palavras
http_access deny manager
http_access deny purge
http_access deny all
icp_access allow all
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow controle1
delay_class 2 2
delay_access 2 allow controle2

Alguem poderia me ajudar  ?

Grato
Josemar Vieira

Reply to:

Follow-Ups:
- Re: PROXY TRANSPARENTE
  - From: Thiago Rondon <thiago@ananke.com.br>

Prev by Date: Re: Shel Script
Next by Date: Re: Shel Script
Previous by thread: blzinha???
Next by thread: Re: PROXY TRANSPARENTE
Index(es):
- Date
- Thread