Dnsmasq

1. Dnsmasq

NandoCentos
(usa CentOS)

Enviado em 26/01/2016 - 15:47h

Fala galera to montando um servidor firewall/squid, so que o servidor não ta resolvendo alguns site, gostaria de saber como configurar o serviço dnsmasq para ver se resolveria esse problema, vou postar meu squid.conf aqui e meu iptables tbm, e vcs me dizem o que pode ser, de qualquer forma gostaria de saber como configurar um servidor dnsmasq na mesma maquina..

Firewall:

#!/bin/sh
#Firewall iptables
### Firewall Homologação
######################################
#Lan Local declarada
LOCAL=192.168.150.0/24
LHOST=127.0.0.1
######################################

echo "#### Carregando Firewall... ####"
echo "#### Limpando regras anteriores... ####"

#Limpa Regras
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t mangle -F
iptables -t nat -F
iptables -X

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -j ACCEPT -i lo
iptables -A INPUT -s $LHOST -j ACCEPT
iptables -A INPUT -i eth0-s $LOCAL -j ACCEPT
iptables -A FORWARD -s $LOCAL -j ACCEPT
iptables -A FORWARD -d $LOCAL -j ACCEPT

iptables -t filter -A OUTPUT -p icmp -j ACCEPT

#Redirecionamento no arquivo ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "#### Redirecionando... ####"

#Abertura
#Permissão de Pacotes LocalLan
iptables -A INPUT -i eth0-j ACCEPT
iptables -A FORWARD -i eth0-j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth+ -j ACCEPT

iptables -I INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -I INPUT -m state --state RELATED -j ACCEPT
iptables -I INPUT -p icmp -j ACCEPT

#Permissão de Ping
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -i eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -i eth1 -j ACCEPT

#Permissão de Serviços
iptables -A INPUT -p tcp --dport http -j ACCEPT
iptables -A INPUT -p tcp --dport https -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT

#Manutenção de Conexão localhost e locallan
iptables -A OUTPUT -m state --state NEW -o eth+ -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -o eth+ -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#############################################
echo "######### Liberando Portas... #########"
######### Portas Liberadas p/ Uso ###########
iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -j MASQUERADE
iptables -p udp -A FORWARD -s 192.168.150.0/24 --dport 53 -j ACCEPT
iptables -p udp -A FORWARD -d 192.168.150.0/24 --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
####################
echo "#### http... ####"
#HTTP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p udp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
####################
echo "#### https... ####"
#HTTPS
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT

#Proxy transparente SQUID
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

#liberacao google
iptables -I FORWARD -i eth0 -m string --algo bm --string "google" -j ACCEPT

echo "#### Finalizando... ###################"

echo "###############################################"
echo "######## Firewall Ativado com Sucesso! ########"
echo "###############################################"

SQUIDCONF

######################################
######### Proxy Teste@2016 ###########

http_port 8080 intercept
visible_hostname Teste@2016

error_directory /usr/share/squid/errors/pt-br

cache_mem 512 MB
maximum_object_size_in_memory 256 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 512 128 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 25 110 304 443 143 563 8443 2631
acl Safe_ports port 21 25 110 143 80 304 443 563 70 210 280 488 59 777 901 1025 8014
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl redeinterna src 192.168.150.0/24

dns_nameservers 208.67.222.222 8.8.8.8

################## Navegação Liberada ####################
acl ADMINISTRADOR src "/etc/squid/grupos/list-ADMINISTRADOR
http_access allow ADMINISTRADOR

################# Navegação Restrita ####################
acl USUARIO src "/etc/squid/grupos/list-USUARIO"
acl USUARIO-conteudo url_regex -i "/etc/squid/conteudo/conteudo-USUARIO"
http_access deny USUARIO USUARIO-conteudo

################
http_access allow localhost
http_access deny all

0 0

Quote