problema com squid ou iptables?

1. problema com squid ou iptables?

João Alberto Rolim Rebouças
seth_beto

(usa Debian)

Enviado em 14/11/2007 - 14:45h

Pessoal... eu estou com o debian e terminei de configurar o Squid... porém o outlook n funciona... gostaria de saber como corrigir.
utilizo tanto as portas padrões (25, 110) como as ssl do gmail (995,465)

Possuo um roteador ligado no servidor linux (proxy) e uma rede de pcs interna...
o roteador pega ip valido e repassa por DMZ para o servidor proxy por DHCP...

roteador(192.168.1.1) - proxy(eth1 dhcp / eth2 10.0.0.1) - rede interna (10.0.0.0/24)

segue abaixo a configuração do Squid:

################################################
##### Porta, Nome e Cache #####
################################################
#
http_port 3128 transparent
visible_hostname Teste
#
cache_mem 150 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#
################################################
##### Log #####
################################################
#
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_log /var/squid/logs/cache.log
cache_dir ufs /var/spool/squid 20000 16 256
#
################################################
##### ACLs #####
################################################
#
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
#
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1025-65535 # unregistered ports
#
acl SSL_ports port 443 # https
acl SSL_ports port 465 # YAHOO - SMTP (SSL)
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 995 # YAHOO - POP3 (SSL)
#
acl purge method PURGE
acl CONNECT method CONNECT
#
################################################
##### Direitos de Acessos #####
################################################
#
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow SSL_ports
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access deny to_localhost
#
################################################
## USANDO NCSA_AUTH ##
################################################
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic realm Servidor Proxy de Internet Proinco. Entre com seu Usuario e Senha.
#auth_param basic children 5
#
#
################################################
## AUTENTICAÃÃO ##
################################################
#
acl autenticados proxy_auth REQUIRED
#
################################################
## BLOQUEAR PALAVRAS ##
################################################
#
acl acesso_full proxy_auth "/etc/squid/acessos/acesso_full"
acl bloquear_palavras url_regex -i "/etc/squid/bloqueios/bloquear_palavras"
deny_info http://www.proinco.com.br bloquear_palavras
#
################################################
## BLOQUEIA O MESSENGER ##
################################################
#
acl bloquear_msn dstdomain "/etc/squid/bloqueios/bloquear_msn"
acl acesso_msn proxy_auth "/etc/squid/acessos/acesso_msn"
http_access allow acesso_msn bloquear_msn
http_access deny bloquear_msn
deny_info http://www.proinco.com.br bloquear_msn
################################################
## BLOQUEIA ORKUT ##
################################################
#
acl bloquear_orkut url_regex -i "/etc/squid/bloqueios/bloquear_orkut"
acl acesso_orkut proxy_auth "/etc/squid/acessos/acesso_orkut"
http_access allow acesso_orkut bloquear_orkut
http_access deny bloquear_orkut
deny_info http://www.proinco.com.br bloquear_orkut
#
################################################
## BLOQUEIA GOOGLE TALK ##
################################################
#
acl bloquear_googletalk url_regex -i "/etc/squid/bloqueios/bloquear_googletalk"
acl acesso_googletalk proxy_auth "/etc/squid/acessos/acesso_googletalk"
http_access allow acesso_googletalk bloquear_googletalk
http_access deny bloquear_googletalk
deny_info http://www.proinco.com.br bloquear_googletalk
#
################################################
## CONTROLE DE BANDA ##
################################################
#
acl livre proxy_auth "/etc/squid/acessos/acesso_banda"
acl block src 10.0.0.0/255.255.255.0
delay_pools 2
#
# Classe 1 - Acesso a Internet a 512k
#
delay_class 1 2
delay_parameters 1 -1/-1 69000/69000
#
# Classe 2 - Acesso a Internet a 180k
#
delay_class 2 2
delay_parameters 2 -1/-1 22500/22500
delay_access 1 allow livre
delay_access 2 allow block
#
http_access allow autenticados acesso_full
http_access allow acesso_full bloquear_palavras
http_access deny bloquear_palavras
#
acl redelocal src 10.0.0.0/255.255.255.0
http_access allow localhost
http_access allow redelocal
#
http_access deny all




  


2. ajuda

João Alberto Rolim Rebouças
seth_beto

(usa Debian)

Enviado em 23/11/2007 - 20:51h

se alguem puder me ajudar... eu ficaria grato!


3. Re: problema com squid ou iptables?

Marcelo Cesario
msscesario

(usa Debian)

Enviado em 23/11/2007 - 21:06h

Seu fw posta ai ..

ou se naum libera as portas, para que eles posam sair ne fii

inte


4. Re: problema com squid ou iptables?

Pedro Augusto Malanga
malanga

(usa Debian)

Enviado em 23/11/2007 - 21:43h

as maquinas da tua rede conseguem resolver nomes

tipo ping www.uol.com.br????


5. Problemas do seu Firewall amigo

Leandro Alexandre ®
le-unix

(usa Debian)

Enviado em 25/11/2007 - 23:54h

Caro amigo o problema , citado esta no firewall.
Libere-as no seu firewall a porta 25 e 110


6. Abrindo as portas no firewall

GIULIANO LANES
lanes

(usa Debian)

Enviado em 29/11/2007 - 11:42h

Vc deve liberar as portas no firewall

#SMTP - IDA
$ipt -A FORWARD -p tcp -s 192.168.1.0/24 --sport 25 -d 0.0.0.0/0.0.0.0 -j ACCEPT
#SMTP - VOLTA
$ipt -A FORWARD -p tcp -s 192.168.1.0/24 --dport 25 -d 0.0.0.0/0.0.0.0 -j ACCEPT
#POP3 - IDA
$ipt -A FORWARD -p tcp -s 192.168.1.0/24 --sport 110 -d 0.0.0.0/0.0.0.0 -j ACCEPT
#POP3 - VOLTA
$ipt -A FORWARD -p tcp -s 192.168.1.0/24 --dport 110 -d 0.0.0.0/0.0.0.0 -j ACCEPT

Onde o IP 192.168.1.0 é tua rede ou seja tua faixa de IP da rede e o /24 e mascara da rede

O "0.0.0.0/0.0.0.0" e qualquer rede interna.

Espero que ajude!


7. Re: problema com squid ou iptables?

Elgio Schlemer
elgio

(usa OpenSuSE)

Enviado em 29/11/2007 - 12:08h

Como?

Estás tentando usar o squid para ser proxy de SMTP/POP/

Não não...

Squid é proxy HTTP e FTP!
Para SMTP deves implementar um relay interno.

Para POP (POPS, por favor) nat resolve.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts