Squid + Firewall (squid.conf )
Firewall + Proxy Transparente
Categoria: Samba
Software: Squid + Firewall
[ Hits: 22.204 ]
Por: STARCK
Sou iniciante em Linux , mas estou postando aqui um squid.conf e firewall que funciona perfeitamente no meu Ubuntu 8.10 e 9.10, ele é completo e cada string foi comentada.
Espero ter ajudado com a comunidade pela qual tenho muito orgulho em participar...
Um abraço a todos e VIVA O LINUX!
#!/bin/bash
# Firewall,configurado e montado por: Alexandre Starck de Oliveira
# Para esse arquivo ser iniciado no boot deve ser colocado de acordo com as regras abaixo:
### 1º)-Dar permissão de arquivo executável Ex: chmod +x /etc/init.d/firewall
### 2º)-Primeira opção,para ser iniciado no boot.Colocar o diretório completo no arquivo rc.local Ex:
# vim /etc/rc.local
# /etc/init.d/firewall # esse diretório deve ser colocado na última linha do arquivo rc.local
### 3º)-Outra opção é criar um link simbólico. Ex: ln -s /etc/init.d/firewall /etc/rc5.d/S99Firewall
# O link apontará para o arquivo /etc/init.d/firewall, que é o nosso script, o S99 do arquivo de link significa:
# o "S" de Start (iniciar) e o 99 é a ordem que ele será executado juntamente com o sistema.
# Compartilhando a Internet
echo 1 > /proc/sys/net/ipv4/ip_forward
# Variáveris #
LanExt=eth1 # placa de internet
LanInt=192.168.10.1/24
Rede=192.168.10.0/24 # minha rede local
# Módulos #
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
####################
### Função START ###
####################
firewall_start() {
echo "Iniciando o Firewall.......................[ OK ]"
# Limpa as regras #
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle
# Politicas padrao #
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
# Manter conexoes jah estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
#######################
### LOG DO FIREWALL ###
#######################
#iptables -A INPUT -d $LanExt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 22"
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"
###############################
# Proteções #
###############################
# Protege contra os "Ping of Death"
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
# Protege contra port scanners avançados (Ex.: nmap)
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 20/m -j ACCEPT
# Bloqueando tracertroute
iptables -A INPUT -p udp -s 0/0 -i eth1 --dport 33435:33525 -j REJECT
# Protecoes contra ataques
iptables -A INPUT -m state --state INVALID -j REJECT
###############################
# TABELA Input #
###############################
### Destino Externo ###
# Liberando Porta 22 (SSH)
#iptables -A INPUT -d $LanExt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 2222"
iptables -A INPUT -d $LanExt -p tcp --dport 22 -j ACCEPT
# Liberando Porta 21 (ftp)
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
iptables -A INPUT -d $LanExt -p tcp --dport 21 -j ACCEPT
### Destino Interno ###
# Liberando Porta 22 (SSH)
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
iptables -A INPUT -d $LanInt -p tcp --dport 22 -j ACCEPT
# Liberando porta 3128 (Squid)
iptables -A INPUT -d $LanInt -p tcp --dport 3128 -j ACCEPT
# Liberando Porta 80 (http)
#iptables -A INPUT -d $LanInt -p tcp --dport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP INT 80"
iptables -A INPUT -d $LanInt -p tcp --dport 80 -j ACCEPT
# Liberando Porta 21 (ftp)
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"
iptables -A INPUT -d $LanInt -p tcp --dport 21 -j ACCEPT
# Liberando porta 3000 (NTOP)
iptables -A INPUT -d $LanInt -p tcp --dport 3000 -j ACCEPT
###############################
# TABELA Forward #
###############################
# Libera computador das regras do firewall
iptables -A FORWARD -s 192.168.4.13 -p tcp -j ACCEPT
iptables -A FORWARD -s 192.168.4.13 -p udp -j ACCEPT
### MSN ###
# Libera msn para o IP #
# nome
iptables -A FORWARD -s 192.168.4.11 -p tcp --dport 1863 -j ACCEPT
# Bloqueio de MSN #
#iptables -A FORWARD -s 192.168.4.0 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 192.168.4.0 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d webmessenger.msn.com -j DROP
#iptables -A FORWARD -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -d 64.4.13.0/24 -j DROP
# Liberando Porta 2222 (SSH)
iptables -A FORWARD -s $Rede -p tcp --dport 2222 -j ACCEPT
# Liberando Porta 22 (SSH)
iptables -A FORWARD -s $Rede -p tcp --dport 22 -j ACCEPT
# Liberando Porta 110 (pop-3)
iptables -A FORWARD -s $Rede -p tcp --dport 110 -j ACCEPT
# Liberando Porta 995 (spop-3)
iptables -A FORWARD -s $Rede -p tcp --dport 995 -j ACCEPT
# Liberando Porta 25 (smtp)
iptables -A FORWARD -s $Rede -p tcp --dport 25 -j ACCEPT
# Liberando Porta 465 (smtp-s)
iptables -A FORWARD -s $Rede -p tcp --dport 465 -j ACCEPT
# Liberando Porta 2121 (ftp)
iptables -A FORWARD -s $Rede -p tcp --dport 2121 -j ACCEPT
# Liberando Porta 21 (ftp)
iptables -A FORWARD -s $Rede -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -s $Rede -p udp --dport 20 -j ACCEPT
# Liberando porta 53 (DNS)
iptables -A FORWARD -s $Rede -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s $Rede -p udp --dport 53 -j ACCEPT
# Regras forward para o funcionamento de redirecionamento de portas (NAT)
# Redirecionando porta 5900 (VNC)
#iptables -A FORWARD -p tcp --dport 5900 -j ACCEPT
#ptables -A FORWARD -p tcp --dport 5800 -j ACCEPT
###############################
######### TABELA NAT ## #######
###############################
# Redireconamento de portas
# VNC Para algum micro (192.168.1.31 = nome da pessoa)
#iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 5900 -j DNAT --to 192.168.0.77:5900
# Mascaramento de rede para acesso externo #
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#Bloqueia todo o resto
#iptables -A INPUT -p tcp -j LOG --log-level 6 --log-prefix "FIREWALL: GERAL "
iptables -A INPUT -p tcp --syn -j DROP
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -p udp -j DROP
}
##################
### Função STOP ##
##################
firewall_stop() {
echo "Parando firewall e funcionando apenas com mascaramento ........................[ OK ]"
# Limpa as regras #
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle
# Politicas padrao #
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
# Manter conexoes jah estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
###############################
# TABELA Forward #
###############################
### MSN ###
# Libera msn para o IP #
# nome
#iptables -A FORWARD -s 192.168.0.34 -p tcp --dport 1863 -j ACCEPT
# nome
#iptables -A FORWARD -s 192.168.0.5 -p tcp --dport 1863 -j ACCEPT
# Bloqueio de MSN #
#iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 192.168.1.0 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d webmessenger.msn.com -j DROP
#iptables -A FORWARD -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -d 64.4.13.0/24 -j DROP
###############################
######### TABELA NAT ## #######
###############################
# Mascaramento de rede para acesso externo #
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Efetivando o PROXY TRANPARENTE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 # (Redireciona para o squid) - eth1 -> Placa de rede local
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
echo "Regras Limpas e Firewall desabilitado ...........................................[ << ATENÇÂO >> FIREWALL DESATIVADO ]"
firewall_restart() {
echo "Reiniciando Firewall.............................................................................[ OK ]"
firewall_stop
sleep 3
firewall_start
echo "Firewall Reiniciado..............................................................................[ OK ]"
}
case "$1" in
'start')
firewall_start
echo "Firewall Iniciado................................................................................[ OK ]"
;;
'stop')
firewall_stop
;;
'restart')
firewall_restart
;;
*)
echo "Opções possíveis:"
echo "firewall start"
echo "firewall stop"
echo "firewall restart"
esac
### <<<FIM>>> ###
### Meu Proxy ######
###############################################################
# squid.conf (configuração)
# Por Alexandre Starck de Oliveira
# e-mail starck2007@hotmail.com
# Nessa versão é bem diferente as configurações de proxy transparente, não é necessário mais acrescentar essas linhas no arquivo squid.conf:
# httpd_accel_port 80
# httpd_accel_host virtual
# httpd_accel_with_proxy on
# httpd_accel_uses_host_header on
# >> Agora só precisa colocar:
# http_port 3128 transparent vhost vport
# always_direct allow all
# >> O restante da configuração é o padrão do Squid.
http_port 3128 transparent 192.168.10.1:3128
error_directory /usr/share/squid3/errors/pt-br
visible_hostname Servidor # como root digite hostname
dns_nameservers 200.149.55.140 200.165.132.147 # padrão "TELEMAR".Em caso de dúvida ligar para velox para fornecer seu número de DNS....
always_direct allow all A
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 22 80 139 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Aqui entram todas as ACL's
# *** Define a lista de palavras impróprias
acl palavras dstdomain -i "/etc/squid/list/palavras"
http_access deny palavras
# *** Define a lista de sites impróprios
acl sites url_regex -i "/etc/squid/list/sites"
http_access deny sites
acl Rede src 192.168.10.0/24
http_access allow localhost
http_access allow Rede
http_access deny all
# OBS: Não esquecendo de inserir os DNS's,IP's e GATEWAY nas "Máquinas Virtuais".
# IMPORTANTE: Usar cabo "crossouver" para as máquinas locais <<SEMPRE>>.
###<<<< FIM >>>>###
Comentários
[1] Comentário enviado por nokyboney em 05/05/2010 - 19:28h
Tenho o squid abaixo, tudo funciona, menos a internet... sou novato no linux, me deem um help, please.
"Onde foi que eu errei?"
Segue o script:
asprofw-sp:/etc/squid# vi squid.conf
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
"squid.conf" [converted] 102L, 3346C 1,1 Top
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
90,1 Bot
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
Aguardo retorno.
Alcenir
alcenir_5@hotmail.com
Tenho o squid abaixo, tudo funciona, menos a internet... sou novato no linux, me deem um help, please.
"Onde foi que eu errei?"
Segue o script:
asprofw-sp:/etc/squid# vi squid.conf
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
"squid.conf" [converted] 102L, 3346C 1,1 Top
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
90,1 Bot
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
Aguardo retorno.
Alcenir
alcenir_5@hotmail.com
[2] Comentário enviado por marcianofliegner em 22/02/2012 - 21:43h
Alcenir não funciona a internet na sua maquina ou na rede???
Alcenir não funciona a internet na sua maquina ou na rede???
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Melhorando o tempo de boot do Fedora e outras distribuições
Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46
E a guerra contra bots continua
Tradução do artigo do filósofo Gottfried Wilhelm Leibniz sobre o sistema binário
Conheça o firewall OpenGFW, uma implementação do (Great Firewall of China).
Dicas
Instalando o FreeOffice no LMDE 6
Anki: Remover Tags de Estilo HTML de Todas as Cartas
Colocando uma opção de redimensionamento de imagem no menu de contexto do KDE
Tópicos
Como adicionar módulo de saúde da bateria dos notebooks Acer ao kernel... (19)
Top 10 do mês
-
Xerxes
1° lugar - 71.169 pts -
Fábio Berbert de Paula
2° lugar - 58.185 pts -
Clodoaldo Santos
3° lugar - 43.661 pts -
Buckminster
4° lugar - 23.976 pts -
Sidnei Serra
5° lugar - 23.178 pts -
Daniel Lara Souza
6° lugar - 17.325 pts -
Mauricio Ferrari
7° lugar - 17.387 pts -
Alberto Federman Neto.
8° lugar - 17.338 pts -
Diego Mendes Rodrigues
9° lugar - 16.027 pts -
edps
10° lugar - 14.544 pts
Scripts
[Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse
[Shell Script] Script para criar certificados de forma automatizada no OpenVpn
[Shell Script] Conversor de vídeo com opção de legenda
[C/C++] BRT - Bulk Renaming Tool
[Shell Script] Criação de Usuarios , Grupo e instalação do servidor de arquivos samba
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
