Re: PROXY TRANSPARENTE
On Mon, Jun 02, 2003 at 04:07:41PM -0300, Josemar Vieira wrote:
> ol?? lista tenho em meu servidor o iptables liberando o acesso a internet
> atravez do speedy (eth1) para minha rede interna 192.168.1.0
> (eth0) porem agora preciso bloquear sites, downloads, r??dios, icq e afins,
> configurei td para um proxy tranaparente Adicionei as linhas necess??rias
> ao squid.conf mas acho q a posi??ao das linhas naum estaum
> corretas.Pois naum funciona tipo no navegador eu adiciono o servidor
> proxy, ai td bem ele navega se eu tiro o servidor proxy ele navaga tb.....
> A linha do iptables q uso eh iptables -t nat -A PREROUTING -i eth0 -p tcp
> --
> dport 80 -j REDIRECT -to-port 3128 (jah tentei sem o -i eth0 tb)
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -s 192.168.1.0/24 -j DNAT --to-destination IP_DO_SERVIDOR:3128
sysctl -w net.ipv4.ip_forward = 1
Eu tenho um squid.conf: www.maluco.com.br/conf/squid.conf
-Thiago Rondon
> Para minha rede navegar sem o proxy uso iptables -t nat -A POSTROUTING -s
> 192.168.1.0/24 -j MASQUERADE
>
> Oq pode estar errado ?
>
> Abaixo estah meu squid.conf
>
> http_port 3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_mem 90 MB
> cache_swap_low 95
> cache_swap_high 98
> maximum_object_size 9000 KB
> maximum_object_size_in_memory 20 KB
> cache_dir ufs /var/spool/squid 500 16 256
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> emulate_httpd_log on
> authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd
> authenticate_children 5
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563 21
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 901 # SWAT
> acl CONNECT method CONNECT
> acl purge method PURGE
> acl intranet src 192.168.1.0/24
> acl proibir_sites dstdomain "/etc/squid/proibidos"
> acl proibir_palavras url_regex -i "/etc/squid/palavras"
> acl password proxy_auth REQUIRED
> acl liberar_palavras url_regex -i "/etc/squid/liberado"
> acl controle1 url_regex -i 192.168.1
> acl controle2 url_regex -i ftp .exe mp3 .vqf .tar.gz .gz .rpm .zip .rar
> .avi .mp
> eg .mpg .qt .ram .rm .iso .raw .wav .mov .wmv http_access allow localhost
> #http_access allow password
> http_access allow intranet password
> http_access allow manager localhost
> http_access allow purge localhost
> http_access allow liberar_palavras
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny proibir_sites
> http_access deny proibir_palavras
> http_access deny manager
> http_access deny purge
> http_access deny all
> icp_access allow all
> delay_pools 2
> delay_class 1 2
> delay_parameters 1 -1/-1 -1/-1
> delay_access 1 allow controle1
> delay_class 2 2
> delay_access 2 allow controle2
>
> Alguem poderia me ajudar ?
>
> Grato
> Josemar Vieira
>
>
> --
> To UNSUBSCRIBE, email to debian-user-portuguese-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
Reply to: