Squid3 Debian Squeeze amd64 [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 09/08/2012 - 15:48h

Boa tarde amigos, estou com problema com o squid.conf do squid3. Eu tinha um conf já completo. Funcionando mas pelo visto muita coisa mudou. Se puderem me ajduar vou postar a saida do erro quando inicio o squid e o squid.conf. Antecipo Agradecimentos.

Starting Squid HTTP Proxy 3.x: squid3Creating Squid HTTP Proxy 3.x cache structure ... (warning).
2012/08/09 15:43:35| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/08/09 15:43:35| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/08/09 15:43:35| WARNING: For now we will assume you meant to write /24
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:21 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:22 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:23 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:24 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:25 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:26 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:28 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:29 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:30 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:31 unrecognized: ';'
2012/08/09 15:43:35| Warning: empty ACL: acl diretoria proxy_auth "/etc/squid3/grupos/diretoria"
2012/08/09 15:43:35| Warning: empty ACL: acl administrativo proxy_auth "/etc/squid3/grupos/administrativo"
2012/08/09 15:43:35| Warning: empty ACL: acl informatica proxy_auth "/etc/squid3/grupos/informatica"
2012/08/09 15:43:35| Warning: empty ACL: acl financeiro proxy_auth "/etc/squid3/grupos/financeiro"
2012/08/09 15:43:35| Warning: empty ACL: acl usuariosMSN proxy_auth
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:56 unrecognized: 'update.microsoft.com:443'
2012/08/09 15:43:35| Warning: empty ACL: acl sites_informatica url_regex -i "/etc/squid3/regras/sites_liberados_informatica"
2012/08/09 15:43:35| Warning: empty ACL: acl sites_administrativo url_regex -i "/etc/squid3/regras/sites_liberados_administrativo"
2012/08/09 15:43:35| Warning: empty ACL: acl sites_diretoria url_regex -i "/etc/squid3/regras/sites_liberados_diretoria"
2012/08/09 15:43:35| Warning: empty ACL: acl sites_financeiro url_regex -i "/etc/squid3/regras/sites_liberados_financeiro"
2012/08/09 15:43:35| strtokFile: /etc/squid3/regras/extencoes not found
2012/08/09 15:43:35| Warning: empty ACL: acl extencoes urlpath_regex -i "/etc/squid3/regras/extencoes"
2012/08/09 15:43:35| aclParseAclList: ACL name 'localhost' not found.
FATAL: Bungled squid.conf line 85: http_access allow manager localhost
Squid Cache (Version 3.1.6): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys
Maximum Resident Size: 17552 KB
Page faults with physical i/o: 0
2012/08/09 15:43:35| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/08/09 15:43:35| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/08/09 15:43:35| WARNING: For now we will assume you meant to write /24
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:21 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:22 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:23 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:24 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:25 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:26 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:28 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:29 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:30 unrecognized: ';'
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:31 unrecognized: ';'
2012/08/09 15:43:35| Warning: empty ACL: acl diretoria proxy_auth "/etc/squid3/grupos/diretoria"
2012/08/09 15:43:35| Warning: empty ACL: acl administrativo proxy_auth "/etc/squid3/grupos/administrativo"
2012/08/09 15:43:35| Warning: empty ACL: acl informatica proxy_auth "/etc/squid3/grupos/informatica"
2012/08/09 15:43:35| Warning: empty ACL: acl financeiro proxy_auth "/etc/squid3/grupos/financeiro"
2012/08/09 15:43:35| Warning: empty ACL: acl usuariosMSN proxy_auth
2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:56 unrecognized: 'update.microsoft.com:443'
2012/08/09 15:43:35| Warning: empty ACL: acl sites_informatica url_regex -i "/etc/squid3/regras/sites_liberados_informatica"
2012/08/09 15:43:35| Warning: empty ACL: acl sites_administrativo url_regex -i "/etc/squid3/regras/sites_liberados_administrativo"
2012/08/09 15:43:35| Warning: empty ACL: acl sites_diretoria url_regex -i "/etc/squid3/regras/sites_liberados_diretoria"
2012/08/09 15:43:35| Warning: empty ACL: acl sites_financeiro url_regex -i "/etc/squid3/regras/sites_liberados_financeiro"
2012/08/09 15:43:35| strtokFile: /etc/squid3/regras/extencoes not found
2012/08/09 15:43:35| Warning: empty ACL: acl extencoes urlpath_regex -i "/etc/squid3/regras/extencoes"
2012/08/09 15:43:35| aclParseAclList: ACL name 'localhost' not found.
FATAL: Bungled squid.conf line 85: http_access allow manager localhost
Squid Cache (Version 3.1.6): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys
Maximum Resident Size: 17568 KB
Page faults with physical i/o: 0
failed!


_______________________________________________________________________________________________
#Squid.conf


acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8

############## REDE LOCAL #########################
### Aqui ele libera a rede 192.168.0.0/24 para se conectar ao squid ####
acl localnet src 192.168.0.0/255.255.255.0
## Na linha a baixo, ficarao os ips que poderao
## Navegar sem passar pelo proxy
acl ips_sem_senha src 192.168.0.5

############## ACL PORTAS ##############
#acl all src 192.168.0./24
acl SSL_ports port 443
acl Safe_ports port 80 # http
; acl Safe_ports port 21 # ftp
; acl Safe_ports port 25 # SMTP
; acl Safe_ports port 443 # https
; acl Safe_ports port 70 # gopher
; acl Safe_ports port 210 # wais
; acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
; acl Safe_ports port 488 # gss-http
; acl Safe_ports port 591 # filemaker
; acl Safe_ports port 777 # multiling http
; acl CONNECT method CONNECT

## ACL autenticacao ##
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid/passwd
## Nesta linha a baixo, vc ira informar qual mensagem ira aparecer
## Para o usuario, quando ele abrir o navegador
auth_param basic realm | Proxy Grupo MN - Entre com seu usuario e senha |
auth_param basic credentialsttl 10 hours
auth_param basic children 10

## ACL de GRUPOS ##
acl diretoria proxy_auth "/etc/squid3/grupos/diretoria"
acl administrativo proxy_auth "/etc/squid3/grupos/administrativo"
acl informatica proxy_auth "/etc/squid3/grupos/informatica"
acl financeiro proxy_auth "/etc/squid3/grupos/financeiro"

## ACL de MSN ##
acl usuariosMSN proxy_auth
acl MSN req_mime_type -i ^application/x-msn-messenger$
acl dll_MSN url_regex -i gateway.dll
acl dll2_MSN url_regex -i sqmserver.dll
acl msn_domains dstdomain .msn.com .msn.com:443 .hotmail.com .hotmail.com:443 .live.com .live.com:443 .microsoft.com .microsoft.com:443

#ACL's de update do Windows
acl windows_update dstdomain download.windowsupdate.com download.microsoft.com update.microsoft.com www.update.microsoft.com:443
update.microsoft.com:443

## ALCs de SITE ##
acl sites_informatica url_regex -i "/etc/squid3/regras/sites_liberados_informatica"
acl sites_administrativo url_regex -i "/etc/squid3/regras/sites_liberados_administrativo"
acl sites_diretoria url_regex -i "/etc/squid3/regras/sites_liberados_diretoria"
acl sites_financeiro url_regex -i "/etc/squid3/regras/sites_liberados_financeiro"

## EXTENCOES BLOQUEADAS ##
acl extencoes urlpath_regex -i "/etc/squid3/regras/extencoes"

## Bloqueando navegadores ##
acl firefox browser Firefox
acl chrome browser Chrome
acl opera browser Opera

hosts_file /etc/hosts

## Mailserver ##
acl mailserver url_regex mailserver
always_direct allow mailserver
http_access allow windows_update
http_access allow msn_domains
http_access allow dll2_MSN
http_access allow dll_MSN usuariosMSN
http_access allow MSN
http_access allow ips_sem_senha

acl pass proxy_auth REQUIRED
http_access allow manager localhost
http_access deny administrativo !sites_administrativo
http_access deny financeiro !sites_financeiro
## Libero tudo da informatica ##
http_access allow informatica
## Libero tudo da diretoria ##
http_access allow diretoria
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

http_access deny all
icp_access deny all
############## PORTA SQUID ##############
http_port 3128
visible_hostname proxy.xxxxxxx.com.br

hierarchy_stoplist cgi-bin ?

############## LOGS ##############
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log

############## DESEMPENHO/DISCO ##############
cache_mem 512 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /var/spool/squid3 60000 16 256

### Tamanho maximo do arquivo que ira ser armazenado em cache ###
maximum_object_size 200000 KB

icp_access allow all

______________________________________________________________________________________________

Pra falar a verdade já fuçei tanto que nem sei mais o que está acontecendo. Um abraço!

fed suco
(usa Fedora)

Enviado em 10/08/2012 - 09:55h

São "errors" pequenos aparentamente...vamos la
erro: 2012/08/09 15:43:35| cache_cf.cc(363) parseOneConfigFile: squid.conf:21 unrecognized: ';'. Solução: troque todos os ";" por "#"
erro: Warning: empty ACL: acl diretoria proxy_auth "/etc/squid3/grupos/diretoria"
Solução provavelmente o arquivo esteja vazio

espero ter ajudado

removido
(usa Nenhuma)

Enviado em 10/08/2012 - 10:03h

Eu tava meio bitolado já de tanto ficar vendo esse conf. Dei uma mudada nele. Não era bem o que queria. Vou postar o novo conf e os novos erros....rs

## PORTA ##
http_port 3128

## ESQUEMA AUTENTICACAO ##
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm | Grupo MN - Digite seu usuario e senha
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
visible_hostname s3cserver
cache_mgr webmaster@domain.com.br
error_directory /usr/share/squid3/errors/Portuguese

hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 100 MB
cache_dir ufs /var/spool/squid3 2040 16 256

refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

access_log /var/log/squid3/access.log

acl localhost src 127.0.0.1/32
acl localnet src 10.30.0.0/16


## ESQUEMA DE CONTROLE POR GRUPOS DE USUARIOS

## Acesso total
acl acesso_livre proxy_auth "/etc/squid3/controle/usr_livre"
http_access allow acesso_livre

## Acesso restrito
acl acesso_restrito proxy_auth "/etc/squid3/listas/usr_restrito"
acl url_bloqueado url_regex -i "/etc/squid3/listas/url_bloqueado"
http_access deny url_bloqueado
http_access allow acesso_restrito !url_bloqueado

## Acesso somente a sites liberados
acl acesso_bloqueado proxy_auth "/etc/squid3/listas/usr_bloqueado"
acl url_liberado url_regex -i "/etc/squid3/listas/url_liberado"

http_access allow url_liberado
http_access deny acesso_bloqueado !url_liberado

http_access allow usuarios acesso_livre
http_access allow usuarios acesso_restrito
http_access allow usuarios acesso_bloqueado

## AUTENTICACAO ##
acl usuarios proxy_auth REQUIRED
http_access allow usuarios

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl ssl_ports port 443 # https
acl ssl_ports port 563 # mntps
acl ssl_ports port 873 # rsync
http_access deny connect !SSL_ports

#http_access allow localhost
#http_access deny allow

___________________________________________________________________________


Starting Squid HTTP Proxy 3.x: squid32012/08/10 10:01:05| strtokFile: /etc/squid3/controle/usr_livre not found
2012/08/10 10:01:05| Warning: empty ACL: acl acesso_livre proxy_auth "/etc/squid3/controle/usr_livre"
2012/08/10 10:01:05| Warning: empty ACL: acl acesso_restrito proxy_auth "/etc/squid3/listas/usr_restrito"
2012/08/10 10:01:05| Warning: empty ACL: acl url_bloqueado url_regex -i "/etc/squid3/listas/url_bloqueado"
2012/08/10 10:01:05| Warning: empty ACL: acl acesso_bloqueado proxy_auth "/etc/squid3/listas/usr_bloqueado"
2012/08/10 10:01:05| Warning: empty ACL: acl url_liberado url_regex -i "/etc/squid3/listas/url_liberado"
2012/08/10 10:01:05| aclParseAclList: ACL name 'usuarios' not found.
FATAL: Bungled squid.conf line 57: http_access allow usuarios acesso_livre
Squid Cache (Version 3.1.6): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys
Maximum Resident Size: 17568 KB
Page faults with physical i/o: 0
failed!

____________________________________________________________________________

Os primeiros erros são simples, por conta de não conter nada no arquivo. Ainda não inseri usuarios e dominios nos arquivos. Sei que o erro da acl usuarios também deve ser muito bobo. Se puderem ajudar fico muito grato.

Antecipo Agradecimentos.

fed suco
(usa Fedora)

Enviado em 10/08/2012 - 10:08h

que distro você está usando parceiro?

removido
(usa Nenhuma)

Enviado em 10/08/2012 - 10:16h

Debian Squeeze amd64

fed suco
(usa Fedora)

Enviado em 10/08/2012 - 10:23h

veja se isto ajuda:
http://www.vivaolinux.com.br/topico/Redes/Erro-no-squid-6?pagina=2&num_por_pagina=12

removido
(usa Nenhuma)

Enviado em 10/08/2012 - 16:32h

Bom, está funcionando. Autenticando. Dei uma limpada em algumas coisas. Só que agora nao entra nada https://
Resolvo um problema e surge outro. É a vida. Valew pela ajuda. Agora vou correr para liberar https.


## PORTA ##
http_port 3128

## ESQUEMA AUTENTICACAO ##
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm | Grupo XX - Digite seu usuario e senha
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
visible_hostname s3cserver
cache_mgr webmaster@domain.com.br
error_directory /usr/share/squid3/errors/Portuguese

hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 100 MB
cache_dir ufs /var/spool/squid3 2040 16 256

refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

access_log /var/log/squid3/access.log

acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/24

#############################################
## PAGINA DE ERRO EM PORTUGUES
error_directory /usr/share/squid3/errors/pt-br
#############################################

##############################################
#BLOQUEIO DE PESQUISA POR PALAVRAS
acl bloqueio_por_palavras url_regex -i "/etc/squid3/listas/palavras"
http_access deny bloqueio_por_palavras

#BLOQUEIO DE EXTENSOES VIA BROWSER

acl bloqueio_extensoes url_regex -i "/etc/squid3/listas/extensoes"
http_access deny bloqueio_extensoes
#############################################

## ESQUEMA DE CONTROLE POR GRUPOS DE USUARIOS

## Acesso total
acl acesso_livre proxy_auth "/etc/squid3/listas/usr_livre"
http_access allow acesso_livre

## Acesso restrito
acl acesso_restrito proxy_auth "/etc/squid3/listas/usr_restrito"
acl url_bloqueado url_regex -i "/etc/squid3/listas/url_bloqueado"
http_access deny url_bloqueado
http_access allow acesso_restrito !url_bloqueado

## Acesso somente a sites liberados
acl acesso_bloqueado proxy_auth "/etc/squid3/listas/usr_bloqueado"
acl url_liberado url_regex -i "/etc/squid3/listas/url_liberado"

http_access allow url_liberado
http_access deny acesso_bloqueado !url_liberado

## AUTENTICACAO ##
acl usuarios proxy_auth REQUIRED
http_access allow usuarios

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl ssl_ports port 443 # https
acl ssl_ports port 563 # mntps
acl ssl_ports port 873 # rsync
http_access deny connect !SSL_ports

fed suco
(usa Fedora)

Enviado em 10/08/2012 - 17:32h

tudo certo?? se tiver finalize a pergunta por favor.
lembrando que tem que colocar no navegador, se for firefox, o ip e a porta do proxy em todas as portas.

johnnyb
(usa Fedora)

Enviado em 11/08/2012 - 07:46h

# *** Amigo acrescenta essa linha
acl SSL_ports port 22 443

# *** Antes Dessa
acl Safe_ports port 21 # ftp

removido
(usa Nenhuma)

Enviado em 13/08/2012 - 16:25h

Depois de uma lutinha deixei no caminho creio que certo. Vou postar como ficou meu squid.conf e o que fiz no iptables para fazer funcionar.

#cat /etc/squid3/squid.con
## PORTA ##
http_port 3128

## ESQUEMA AUTENTICACAO ##
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm | Grupo MN - Digite seu usuario e senha
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
visible_hostname s3cserver
cache_mgr webmaster@moginews.com.br
error_directory /usr/share/squid3/errors/Portuguese


hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 100 MB
cache_dir ufs /var/spool/squid3 2040 16 256

refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

access_log /var/log/squid3/access.log

acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/24

#############################################
## PAGINA DE ERRO EM PORTUGUES
error_directory /usr/share/squid3/errors/pt-br
#############################################

#############################################
# BLOQUEIO MSN
acl libmsnmessenger url_regex -i gateway.dll
acl msn dstdomain loginnet.passport.com
acl msn1 req_mime_type -i ^application/x-msn-messenger$
acl msn2 dstdomain messenger.hotmail.com
acl msn3 dstdomain gateway.messenger.hotmail.com
# ACL BLOQUEIO MSN
http_access deny msn
http_access deny msn1
http_access deny msn2
http_access deny msn3
http_access deny libmsnmessenger
#############################################

############################################
# BLOQUEIO GOOGLE TALK GMAIL
acl url_gtalk url_regex -i "/etc/squid3/listas/url_gtalk"
http_access deny url_gtalk all
##############################################

##############################################
# LIBERANDO GTALK
acl ip_gtalk_liberado src "/etc/squid/regras/ip_gtalk_liberado.txt"
http_access allow ip_gtalk_liberado url_gtalk

#BLOQUEIO DE PESQUISA POR PALAVRAS
acl bloqueio_por_palavras url_regex -i "/etc/squid3/listas/palavras"
http_access deny bloqueio_por_palavras

#BLOQUEIO DE PESQUISA POR PALAVRAS
acl bloqueio_por_palavras url_regex -i "/etc/squid3/listas/palavras"
http_access deny bloqueio_por_palavras

#BLOQUEIO DE EXTENSOES VIA BROWSER

acl bloqueio_extensoes url_regex -i "/etc/squid3/listas/extensoes"
http_access deny bloqueio_extensoes
#############################################

## ESQUEMA DE CONTROLE POR GRUPOS DE USUARIOS

## Acesso total
acl acesso_livre proxy_auth "/etc/squid3/listas/usr_livre"
http_access allow acesso_livre

## Acesso restrito
acl acesso_restrito proxy_auth "/etc/squid3/listas/usr_restrito"
acl url_bloqueado url_regex -i "/etc/squid3/listas/url_bloqueado"
http_access deny url_bloqueado
http_access allow acesso_restrito !url_bloqueado

## Acesso somente a sites liberados
acl acesso_bloqueado proxy_auth "/etc/squid3/listas/usr_bloqueado"
acl url_liberado url_regex -i "/etc/squid3/listas/url_liberado"

http_access allow url_liberado
http_access deny acesso_bloqueado !url_liberado

#http_access allow usuarios acesso_livre
#http_access allow usuarios acesso_restrito
#http_access allow usuarios acesso_bloqueado

## AUTENTICACAO ##
acl usuarios proxy_auth REQUIRED
http_access allow usuarios

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl ssl_ports port 443 # https
acl ssl_ports port 563 # mntps
acl ssl_ports port 873 # rsync
http_access deny connect !SSL_ports
_______________________________________________________________________________________________________________-

Criei um script no diretório /etc/init.d com as configurações do iptables. Abaixo o conteúdo do script:
#cat /etc/init.d/firewall.sh
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -L -n
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth2 -p tcp -s 192.168.0.0/255.255.255.0 --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 3128 -j DROP
iptables -A FORWARD -d talk.l.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talk.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 443 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 80 -j DROP

_________________________________________________________________________________________________________________
Tive que bloquear a porta 80 para a "internet" pois como coloquei o sarg pra gerar relatório, consequentemente instalei o apache no servidor. Então achei melhor bloquear a porta 80.
Tá meio bagunçado ainda. Estou longe de terminar. Quero deixar esse server o mais seguro possível.
Valew pela ajuda de todos. Abraço!