01 02

Servidor squid com 2 links de internet

1. Servidor squid com 2 links de internet

igorcruz
(usa Outra)

Enviado em 08/12/2011 - 17:06h

Boa tarde

Tenho um servidor squid rodando perfeitamente ,fazendo alguns bloqueios de sites,mas estou com um grande problema com a conectividade social da caixa,nao funciona de jeito nenhum.
Entao como nos temos 2 velox,pensei em criar uma rede privada ,so para esse usuario.Ai que vem o grande problema,preciso colocar esse usuario na outra rede ,pois temos impressora na rede ,softwares que funcionam em rede.
Alguem tem alguma sugestao .

0 0

Quote

2. Re: Servidor squid com 2 links de internet

renato_pacheco
(usa Debian)

Enviado em 08/12/2011 - 17:14h

Se o seu squid for transparente, coloque assim nas regras do seu iptables:



iptables -t nat -I PREROUTING -d IP_CONECTIVIDADE_SOCIAL -j RETURN

Assim o acesso ficará liberado.

0 0

Quote

3. Re: Servidor squid com 2 links de internet

igorcruz
(usa Outra)

Enviado em 08/12/2011 - 21:20h

Meu squid nao e transparente ,sera que funciona..

0 0

Quote

4. Re: Servidor squid com 2 links de internet

renato_pacheco
(usa Debian)

Enviado em 09/12/2011 - 11:12h

Então tente liberar no seu squid:

acl conectsoc src IP_CONECTIVIDADE_SOCIAL
always_direct allow conectsoc

ANTES de todas as regras d http_access.

0 0

Quote

5. Re: Servidor squid com 2 links de internet

igorcruz
(usa Outra)

Enviado em 12/12/2011 - 10:23h

http_port 3128
visible_hostname server
error_directory /usr/share/squid/errors/pt-br

cache_mem 1324 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 3000 MB
minimum_object_size 0 KB
cache_swap_low 80
cache_swap_high 85
cache_dir ufs /var/spool/squid 2048 16 256

refresh_pattern ^ftp: 15 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_access_log /var/log/squid/access.log

acl localhost src 127.0.0.1/32
acl localnet src 192.168.1.0/24

acl manager proto cache_object
http_access allow manager localhost
http_access deny manager

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 3128
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # nntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1024 #eletrocard
acl Safe_ports port 1863 #hotmail
acl Safe_ports port 2631 #caixa
acl Safe_ports port 7358 #Skype
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl SSL_ports port 80 # https
acl SSL_ports port 443 # nntps
acl SSL_ports port 563 # rsync
acl SSL_ports port 873
http_access deny connect !SSL_ports

acl msn url_regex -i "/etc/squid/msn"
http_access allow msn

acl ipliberado src "/etc/squid/ipliberado"
http_access allow ipliberado

acl domains dstdomain "/etc/squid/bloqueados"
http_access deny domains

acl words url_regex -i "/etc/squid/words"
http_access deny words

acl extensions urlpath_regex -i "/etc/squid/extensions"
http_access deny extensions

acl redelocal src 192.168.1.0/24
http_access allow localhost
http_access allow redelocal
http_access deny all

esse e meu squid.conf,onde eu encaixo essa regra ai ...

0 0

Quote

6. Re: Servidor squid com 2 links de internet

renato_pacheco
(usa Debian)

Enviado em 12/12/2011 - 10:32h

Após a linha "cache_access_log /var/log/squid/access.log".

0 0

Quote

7. Re: Servidor squid com 2 links de internet

igorcruz
(usa Outra)

Enviado em 13/12/2011 - 14:31h

Renato ,

Fiz a alteracao e nao funcionou.Sera que pode ser outra coisa

segue abaixo o squid.conf

http_port 3128
visible_hostname server
error_directory /usr/share/squid/errors/pt-br

cache_mem 1324 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 3000 MB
minimum_object_size 0 KB
cache_swap_low 80
cache_swap_high 85
cache_dir ufs /var/spool/squid 2048 16 256

refresh_pattern ^ftp: 15 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_access_log /var/log/squid/access.log

acl conectsoc src 200.201.173.68 200.201.174.207 200.201.174.204
always_direct allow conectsoc

acl localhost src 127.0.0.1/32
acl localnet src 192.168.1.0/24

acl manager proto cache_object
http_access allow manager localhost
http_access deny manager

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 3128
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # nntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1024 #eletrocard
acl Safe_ports port 1863 #hotmail
acl Safe_ports port 2631 #caixa
acl Safe_ports port 7358 #Skype
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl SSL_ports port 80 # https
acl SSL_ports port 443 # nntps
acl SSL_ports port 563 # rsync
acl SSL_ports port 873
http_access deny connect !SSL_ports

acl msn url_regex -i "/etc/squid/msn"
http_access allow msn

acl ipliberado src "/etc/squid/ipliberado"
http_access allow ipliberado

acl domains dstdomain "/etc/squid/bloqueados"
http_access deny domains

acl words url_regex -i "/etc/squid/words"
http_access deny words

acl extensions urlpath_regex -i "/etc/squid/extensions"
http_access deny extensions

acl redelocal src 192.168.1.0/24
http_access allow localhost
http_access allow redelocal
http_access deny all

0 0

Quote

8. Re: Servidor squid com 2 links de internet

renato_pacheco
(usa Debian)

Enviado em 13/12/2011 - 14:46h

Vc pode olhar nos logs do squid se há algum bloqueio relativo ao Conectividade Social?



cat /var/log/squid/access.log | grep TCP_DENIED

0 0

Quote

9. Re: Servidor squid com 2 links de internet

igorcruz
(usa Outra)

Enviado em 26/12/2011 - 14:30h

Pedi o log e nao aparece nada relacionado a isso .
Sera que nao pode ser Firewall ?

0 0

Quote

10. Re: Servidor squid com 2 links de internet

igorcruz
(usa Outra)

Enviado em 08/03/2012 - 09:45h

Sera que tem outra solucao pra liberar a conectividade ....

0 0

Quote

11. Re: Servidor squid com 2 links de internet

removido
(usa Nenhuma)

Enviado em 08/03/2012 - 10:02h

Pode postar o cenário aqui ?

os link do servidor,

EX:

eth0 = LINK1
eth1 = LINK2

Endereço da máquina cliente = ?

LINK que deseja usar para fazer a conexão = ?

Endereço que deseja acessar = ?

0 0

Quote

12. Re: Servidor squid com 2 links de internet

igorcruz
(usa Outra)

Enviado em 08/03/2012 - 10:13h

Vamos la ...

ETH2 - 192.168.20.1-REDE EXTERNA (VELOX)
ETH3 - 192.168.1.1 -REDE INTERNA (REDE LOCAL)

Ta minha duvida e a seguinte ,tenho um squid rodando fazendo alguns bloqueios,e nao estou conseguindo acessar a conectividade social da caixa.segue abaixo o meu squid.conf

http_port 3128
visible_hostname server
error_directory /usr/share/squid/errors/pt-br

cache_mem 1324 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 3000 MB
minimum_object_size 0 KB
cache_swap_low 80
cache_swap_high 85
cache_dir ufs /var/spool/squid 2048 16 256

refresh_pattern ^ftp: 15 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_access_log /var/log/squid/access.log

acl localhost src 127.0.0.1/32
acl localnet src 192.168.1.0/24

acl manager proto cache_object
http_access allow manager localhost
http_access deny manager

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 3128
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # nntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1024 #eletrocard
acl Safe_ports port 1494 #sigov
acl Safe_ports port 1863 #hotmail
acl Safe_ports port 2631 #caixa
acl Safe_ports port 7358 #Skype
acl Safe_ports port 2210 #Dude
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl SSL_ports port 80 # https
acl SSL_ports port 443 # nntps
acl SSL_ports port 563 # rsync
acl SSL_ports port 873
http_access deny connect !SSL_ports

acl msn url_regex -i "/etc/squid/msn"
http_access allow msn

acl ipliberado src "/etc/squid/ipliberado"
http_access allow ipliberado

acl domains dstdomain "/etc/squid/bloqueados"
http_access deny domains

acl words url_regex -i "/etc/squid/words"
http_access deny words

acl extensions urlpath_regex -i "/etc/squid/extensions"
http_access deny extensions

acl redelocal src 192.168.1.0/24
http_access allow localhost
http_access allow redelocal
http_access deny all

Precisa de outra informacao estou a disposicao ....

0 0

Quote