[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

gateway e proxy (squid) e computadores separados



	Lista

	O meu objetivo agora é configurar o squid para trabalahar como proxy
só que localizado em um computador separado do gateway. Sei como configurar o
squid localizado no gateway, o que eu estou querendo fazer é instalar em
outro computador. O que eu fiz até agora foi:

#: Title : Squid Howto
#: Date : 2010-10-19
#: Author : "Caio Abreu Ferreira" <idic_terra.com.br>
#: Version : 1.0
#: Description : Servidor Squid
#: Options : None
#: Reference : 
#: Technical information
	gateway		192.168.0.2
	servidor	192.168.0.7

# /etc/init.d/firewall.sh (gateway)
	$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.7:3128
	$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

# aptitude install squid3 (server)

# /etc/squid/squid.conf (server)
	# Port on which connections are redirected
	http_port  192.168.0.7:3128 transparent

	cache_dir ufs /var/spool/squid3 100 16 256
	cache_mgr   root@particula.local
	cache_effective_user    proxy

	ftp_user    root@particula.local

	# Define the access log format
	logformat squid  %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
	# Log client request activities ('squid' is the name of the log format to use)
	access_log 	/var/log/squid3/access.log squid
	# Log information about the cache's behavior
	cache_log /var/log/squid3/cache.log
	# Log the activities of the storage manager
	cache_store_log /var/log/squid3/store.log

	# Classes
	acl  all           src    all               # Any IP address
	acl  localhost     src    127.0.0.0/8       # Localhost
	acl  lan           src    192.168.0.0/24    # LAN where authorized clients reside
	acl  manager       proto  cache_object      # Cache object protocol
	acl  to_localhost  dst    127.0.0.0/8       # Requests to localhost
	acl  SSL_ports     port   443               # https port
	acl  Safe_ports    port   80 21 443         # http, ftp, https ports
	acl  CONNECT       method CONNECT           # SSL CONNECT method

	# Only allow cachemgr access from localhost
	http_access  allow  manager localhost
	http_access  deny   manager

	# Deny requests to unknown ports
	http_access  deny   !Safe_ports

	# Deny CONNECT to other than SSL ports
	http_access  deny   CONNECT !SSL_ports

	# Prevent access to local web applications from remote users
	http_access  deny   to_localhost

	# Allow access from the local network
	http_access  allow  lan

	# Default deny (this must be the last rule)
	http_access  deny   all

	Alguem na lista por acaso já fez algo parecido?

Desde já obrigado.

-- 
 

 .''`.   Caio Abreu Ferreira
: :'  :  idic@terra.com.br
`. `'`   Debian User
  `-     Key fingerprint = 97F8 61AC 605F 8A8B 3BA1  D479 8C9A 52E8 6478 601F 

Attachment: signature.asc
Description: Digital signature


Reply to: