robson_lem
(usa Debian)
Enviado em 05/03/2010 - 11:42h
Bom Dia pessol
desde já agredeço mais uma vez pela coloboração
Estou com o seguinte problema:
Criei a acl acesso_total, bom ela esta funcionando com os demais sites so o que esta acontecendo não estou conseguindo entrar no Hotmail alias ele so chega ate a tela de login.
Problema com msn:
criei as diretivas de bloqueio do menssenger so que mesmo com elas desabilitadas ele esta bloquiando
Peço a coloboração - Obrigado e desculpas pelo tamanho do post^^
#Firewall
##########################################################
#!/bin/sh
iniciar(){
#carrega os modulos
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
#liberando portas Deflaut
iptables -A FORWARD -s 192.10.10.101/24 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.10.10.101/24 -p tcp --dport 5190 -j ACCEPT
#Fechando porta 1863 e 5190 (login msn)
iptables -A FORWARD -s 192.10.10.101/24 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.10.10.101/24 -p tcp --dport 5190 -j REJECT
#Liberando portas SSH apartir de qualquer Interface
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#Liberando Portas para Squid
iptables -A INPUT -p tcp --dport 3128 -i eth0 -j ACCEPT
#Jogando o trafego da porta 80 para o Squid Transparente
iptables -t nat -A PREROUTING -s 192.10.10.101/255.255.255.0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -s 10.0.0.1/255.0.0.0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#Compartilhando a Conexão
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Compartilhameto e Firewall............................[OK]ATIVADO"
#Ativa Proxy Transparente:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to port 3128
echo "Proxy Transparente....................................[OK]ATIVADO"
}
parar(){
#Zera Regras e Desativa Compartilhamento e Firewall:
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t filter
iptables -X -t filter
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
echo > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Compartilhameto e Firewall............................[OK]DESATIVADO"
echo "Proxy Transparente....................................[OK]DESATIVADO"
}
case "$1" in
"start") iniciar ;;
"stop") parar ;;
"restart") parar; iniciar ;;
*) echo "Use os parâmetros start,stop ou restart"
esac
#####################################
Squid.conf
#####################################
http_port 3128 transparent
visible_hostname ServerNet2
cache_mem 1000 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 212 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid3 120048 16 256
cache_access_log /var/log/squid3/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
error_directory /usr/share/squid3/errors/Portuguese
coredump_dir /var/spool/squid3
acl alll src 192.10.10.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Acesso total
acl acesso_total src "/etc/squid3/acesso_total"
http_access allow acesso_total
#Bloquiar Sites
acl sites dstdom_regex "/etc/squid3/sites_bloqueados"
http_acess deny sites
#Liberar msn
acl msn_liberado src "/etc/squid3/msn_liberado"
http_access allow msn_liberado
#bloquear msn
acl msn_bloqueado url_regex -i "/etc/squid3/msn_bloqueado"
http_access deny msn_bloqueado
cache_acces_log /var/log/squid/access.log