PROXY TRANSPARENTE
olá lista tenho em meu servidor o iptables liberando o acesso a internet
atravez do speedy (eth1) para minha rede interna 192.168.1.0
(eth0) porem agora preciso bloquear sites, downloads, rádios, icq e afins,
configurei td para um proxy tranaparente Adicionei as linhas necessárias ao
squid.conf mas acho q a posiçao das linhas naum estaum
corretas.Pois naum funciona tipo no navegador eu adiciono o servidor
proxy, ai td bem ele navega se eu tiro o servidor proxy ele navaga tb.....
A linha do iptables q uso eh iptables -t nat -A PREROUTING -i eth0 -p tcp --
dport 80 -j REDIRECT -to-port 3128 (jah tentei sem o -i eth0 tb)
Para minha rede navegar sem o proxy uso iptables -t nat -A POSTROUTING -s
192.168.1.0/24 -j MASQUERADE
Oq pode estar errado ?
Abaixo estah meu squid.conf
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 90 MB
cache_swap_low 95
cache_swap_high 98
maximum_object_size 9000 KB
maximum_object_size_in_memory 20 KB
cache_dir ufs /var/spool/squid 500 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
authenticate_program /usr/lib/squid/ncsa_auth /etc/squid/passwd
authenticate_children 5
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 21
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT
acl purge method PURGE
acl intranet src 192.168.1.0/24
acl proibir_sites dstdomain "/etc/squid/proibidos"
acl proibir_palavras url_regex -i "/etc/squid/palavras"
acl password proxy_auth REQUIRED
acl liberar_palavras url_regex -i "/etc/squid/liberado"
acl controle1 url_regex -i 192.168.1
acl controle2 url_regex -i ftp .exe mp3 .vqf .tar.gz .gz .rpm .zip .rar
.avi .mp
eg .mpg .qt .ram .rm .iso .raw .wav .mov .wmv http_access allow localhost
#http_access allow password
http_access allow intranet password
http_access allow manager localhost
http_access allow purge localhost
http_access allow liberar_palavras
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny proibir_sites
http_access deny proibir_palavras
http_access deny manager
http_access deny purge
http_access deny all
icp_access allow all
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow controle1
delay_class 2 2
delay_access 2 allow controle2
Alguem poderia me ajudar ?
Grato
Josemar Vieira
Reply to: