Squid e firewall em 5 minutos
Este é um modelo simples para instalação e configuração do Squid e iptables. Baseado em dicas rápidas e transcrição de arquivos de configuração.
Parte 5: Redirecionando porta
Para redirecionar porta com iptables utilizaremos a seguinte linha. Levando em consideração que já exista um arquivo de firewall.
Segue a mesma lógica do squid (figura 6), lembrando que o caminho deve ser apontado para onde está o arquivo firewall, nada impede de mudar este nome ou sua localização.
A conexão utilizada é ADSL - Velox.
iptables -t nat -A PREROUTING -p tcp -s $local_net --destination-port 80 -j DNAT --to-destination $ip_local:3128
Exemplo de firewall
Abaixo segue um exemplo do firewall. Este é o conteúdo de um arquivo chamado firewall, que por sua vez devera ter permissão de execução. Para permitir a execução execute "chmod 777 firewall".
#!/bin/sh
#Configurações
#Interface da rede local
int_if="eth0"
#Interface do velox ***Recebe ip dinamicamente
ext_if="ppp0"
#IP da placa da rede local
ip_local="192.168.1.1"
#Rede local e mascara de rede
local_net=192.168.1.0/24
#Liberações de portas TCP para a LAN acessar na internet.
# As portas devem ser separadas por ,.
# EX: tcp_ports="80,443,21"
#Acrescentei a porta 5900
tcp_ports="21,25,80,110,443,465,587,995,1863,5190,8345,4500"
#Liberações de portas UDP para a LAN acessar na internet.
# As portas devem ser separadas por ,.
# EX: udp_ports="53,123"
udp_ports="53,123,5060"
#Ip de gerencia ssh
allow_ssh=192.168.1.43
allow_ssh_squid=192.168.1.3
#Ip da maquina que sera acessada via VNC
allow_vnc=192.168.1.4
echo -n "Iniciando firewall ..."
va_num=1
add_addr() {
addr=$1
nm=$2
dev=$3
type=""
aadd=""
L=`$IP -4 link ls $dev | grep "$dev:"`
if test -n "$L"; then
OIFS=$IFS
IFS=" /:,<"
set $L
type=$4
IFS=$OIFS
L=`$IP -4 addr ls $dev to $addr | grep " inet "`
if test -n "$L"; then
OIFS=$IFS
IFS=" /"
set $L
aadd=$2
IFS=$OIFS
fi
fi
if test -z "$aadd"; then
if test "$type" = "POINTOPOINT"; then
$IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
if test "$type" = "BROADCAST"; then
$IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
fi
}
getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet`
test -z "$L" && {
eval "$name=''"
return
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}
getinterfaces() {
NAME=$1
$IP link show | grep -E "$NAME[^ ]*: "| while read L; do
OIFS=$IFS
IFS=" :"
set $L
IFS=$OIFS
echo $2
done
}
LSMOD="/sbin/lsmod"
MODPROBE="/sbin/modprobe"
IPTABLES="/usr/sbin/iptables"
IP="/sbin/ip"
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_intvl
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/tcp_ecn
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
#echo 1 > /proc/sys/net/ipv4/ip_forward
#echo 1 > /proc/sys/net/ipv4/ip_dynaddr
getaddr $ext_if interface_ext
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
cat /proc/net/ip_tables_names | while read table; do
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done
# allow everything on loopback
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
#Liberando Radio uol
$IPTABLES -t nat -I PREROUTING -i $int_if -m tcp -p tcp -d 200.221.0.0/16 --dport 80 -j ACCEPT
# Rule 0(NAT)
# Saida para internet da rede Local
$IPTABLES -t nat -A PREROUTING -p tcp -s $local_net --destination-port 80 -j DNAT --to-destination $ip_local:3128
# Rule 1(NAT)
# Saida para internet da rede Local
$IPTABLES -t nat -A POSTROUTING -o $ext_if -s $local_net -j MASQUERADE
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# dropping TCP sessions opened prior firewall restart
#
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPTABLES -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPTABLES -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
# Rule 0(ext_if)
# Saida do proxy
test -n "$interface_ext" && $IPTABLES -A OUTPUT -o $ext_if -p tcp -s $interface_ext -m multiport --destination-port $tcp_ports -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A OUTPUT -o $ext_if -p udp -m multiport -s $interface_ext --destination-ports $udp_ports -m state --state NEW -j ACCEPT
#Libera bate papo uol
$IPTABLES -A FORWARD -i $int_if -o $ext_if -p tcp --dport 8010:8020 -j ACCEPT
# Anti-spoofing rule
$IPTABLES -N ppp0_In_RULE_1
test -n "$interface_ppp0" && $IPTABLES -A FORWARD -i $ext_if -s $interface_ext -j ppp0_In_RULE_1
$IPTABLES -A FORWARD -i $ext_if -s $ip_local -j ppp0_In_RULE_1
$IPTABLES -A FORWARD -i $ext_if -s $local_net -j ppp0_In_RULE_1
$IPTABLES -A ppp0_In_RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- DENY "
$IPTABLES -A ppp0_In_RULE_1 -j DROP
# Rule 2(ppp0)
# Anti-spoofing rule
$IPTABLES -N Cid44B50ABB.0
$IPTABLES -A FORWARD -o $ext_if -j Cid44B50ABB.0
test -n "$interface_ext" && $IPTABLES -A Cid44B50ABB.0 -o $ext_if -s $interface_ext -j RETURN
$IPTABLES -A Cid44B50ABB.0 -o $ext_if -s $ip_local -j RETURN
$IPTABLES -A Cid44B50ABB.0 -o $ext_if -s $local_net -j RETURN
$IPTABLES -N ppp0_Out_RULE_2_3
$IPTABLES -A Cid44B50ABB.0 -o $ext_if -j ppp0_Out_RULE_2_3
$IPTABLES -A ppp0_Out_RULE_2_3 -j LOG --log-level info --log-prefix "RULE 2 -- DENY "
$IPTABLES -A ppp0_Out_RULE_2_3 -j DROP
# Rule 0(int_if)
# Ping e trace route
$IPTABLES -A FORWARD -i $int_if -p icmp -s $local_net -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $int_if -p udp -s $local_net --destination-port 33434:33524 -m state --state NEW -j ACCEPT
# Rule 1($int_if)
# Liberacoes TCP
$IPTABLES -A FORWARD -i $int_if -p tcp -m multiport -s $local_net --destination-ports $tcp_ports -m state --state NEW -j ACCEPT
# Rule 2($int_if)
# Liberacoes UDP
$IPTABLES -A FORWARD -i $int_if -p udp -m multiport -s $local_net --destination-ports $udp_ports -m state --state NEW -j ACCEPT
# Permite ping e trace route da LAN para o Firewall
test -n "$interface_ext" && $IPTABLES -A INPUT -p icmp -s $local_net -d $interface_ext -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -s $local_net -d $ip_local -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A INPUT -p udp -s $local_net -d $interface_ext --destination-port 33434:33524 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p udp -s $local_net -d $ip_local --destination-port 33434:33524 -m state --state NEW -j ACCEPT
# Permite ping e trace route do firewall
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p icmp -s $interface_ext -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -s $ip_local -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p udp -s $interface_ext --destination-port 33434:33524 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s $ip_local --destination-port 33434:33524 -m state --state NEW -j ACCEPT
#Conexao ao squid
$IPTABLES -A INPUT -p tcp -s $local_net -d $ip_local --destination-port 3128 -m state --state NEW -j ACCEPT
#acesso ssh
$IPTABLES -A INPUT -p tcp -s $allow_ssh -d $ip_local --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -s $allow_ssh_squid -d $ip_local --destination-port 22 -m state --state NEW -j ACCEPT
#VNC
$IPTABLES -t nat -A PREROUTING -p tcp -d $interface_ext --destination-port 5900 -j DNAT --to-destination $allow_vnc
$IPTABLES -N VNC_IN
$IPTABLES -A FORWARD -i ppp0 -p tcp -d $allow_vnc --destination-port 5900 -m state --state NEW -j VNC_IN
$IPTABLES -A VNC_IN -j LOG --log-level info --log-prefix "ACESSO_VNC: "
$IPTABLES -A VNC_IN -j ACCEPT
#Consulta de DNS da LAN
$IPTABLES -A INPUT -p udp -s $local_net -d $ip_local --destination-port 53 -m state --state NEW -j ACCEPT
#Consulta ntp
$IPTABLES -A INPUT -p udp -s $local_net -d $ip_local --destination-port 123 -m state --state NEW -j ACCEPT
#Rule 0(global)
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p icmp -s $interface_ext -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -s $ip_local -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p udp -s $interface_ext --destination-port 33434:33524 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s $ip_local --destination-port 33434:33524 -m state --state NEW -j ACCEPT
# block fragments
$IPTABLES -N RULE_2
$IPTABLES -A FORWARD -p all -f -j RULE_2
$IPTABLES -A RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- DENY "
$IPTABLES -A RULE_2 -j DROP
# Rule 3(global)
$IPTABLES -N RULE_3
$IPTABLES -A FORWARD -j RULE_3
$IPTABLES -A RULE_3 -j LOG --log-level info --log-prefix "RULE 3 -- DENY "
$IPTABLES -A RULE_3 -j DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " inicializado com sucesso."
#Configurações
#Interface da rede local
int_if="eth0"
#Interface do velox ***Recebe ip dinamicamente
ext_if="ppp0"
#IP da placa da rede local
ip_local="192.168.1.1"
#Rede local e mascara de rede
local_net=192.168.1.0/24
#Liberações de portas TCP para a LAN acessar na internet.
# As portas devem ser separadas por ,.
# EX: tcp_ports="80,443,21"
#Acrescentei a porta 5900
tcp_ports="21,25,80,110,443,465,587,995,1863,5190,8345,4500"
#Liberações de portas UDP para a LAN acessar na internet.
# As portas devem ser separadas por ,.
# EX: udp_ports="53,123"
udp_ports="53,123,5060"
#Ip de gerencia ssh
allow_ssh=192.168.1.43
allow_ssh_squid=192.168.1.3
#Ip da maquina que sera acessada via VNC
allow_vnc=192.168.1.4
echo -n "Iniciando firewall ..."
va_num=1
add_addr() {
addr=$1
nm=$2
dev=$3
type=""
aadd=""
L=`$IP -4 link ls $dev | grep "$dev:"`
if test -n "$L"; then
OIFS=$IFS
IFS=" /:,<"
set $L
type=$4
IFS=$OIFS
L=`$IP -4 addr ls $dev to $addr | grep " inet "`
if test -n "$L"; then
OIFS=$IFS
IFS=" /"
set $L
aadd=$2
IFS=$OIFS
fi
fi
if test -z "$aadd"; then
if test "$type" = "POINTOPOINT"; then
$IP -4 addr add $addr dev $dev scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
if test "$type" = "BROADCAST"; then
$IP -4 addr add $addr/$nm dev $dev brd + scope global label $dev:FWB${va_num}
va_num=`expr $va_num + 1`
fi
fi
}
getaddr() {
dev=$1
name=$2
L=`$IP -4 addr show dev $dev | grep inet`
test -z "$L" && {
eval "$name=''"
return
}
OIFS=$IFS
IFS=" /"
set $L
eval "$name=$2"
IFS=$OIFS
}
getinterfaces() {
NAME=$1
$IP link show | grep -E "$NAME[^ ]*: "| while read L; do
OIFS=$IFS
IFS=" :"
set $L
IFS=$OIFS
echo $2
done
}
LSMOD="/sbin/lsmod"
MODPROBE="/sbin/modprobe"
IPTABLES="/usr/sbin/iptables"
IP="/sbin/ip"
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_intvl
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/tcp_ecn
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
#echo 1 > /proc/sys/net/ipv4/ip_forward
#echo 1 > /proc/sys/net/ipv4/ip_dynaddr
getaddr $ext_if interface_ext
$IPTABLES -P OUTPUT DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
cat /proc/net/ip_tables_names | while read table; do
$IPTABLES -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES -t $table -F $chain
fi
done
$IPTABLES -t $table -X
done
# allow everything on loopback
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
#Liberando Radio uol
$IPTABLES -t nat -I PREROUTING -i $int_if -m tcp -p tcp -d 200.221.0.0/16 --dport 80 -j ACCEPT
# Rule 0(NAT)
# Saida para internet da rede Local
$IPTABLES -t nat -A PREROUTING -p tcp -s $local_net --destination-port 80 -j DNAT --to-destination $ip_local:3128
# Rule 1(NAT)
# Saida para internet da rede Local
$IPTABLES -t nat -A POSTROUTING -o $ext_if -s $local_net -j MASQUERADE
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# dropping TCP sessions opened prior firewall restart
#
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPTABLES -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
$IPTABLES -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
# Rule 0(ext_if)
# Saida do proxy
test -n "$interface_ext" && $IPTABLES -A OUTPUT -o $ext_if -p tcp -s $interface_ext -m multiport --destination-port $tcp_ports -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A OUTPUT -o $ext_if -p udp -m multiport -s $interface_ext --destination-ports $udp_ports -m state --state NEW -j ACCEPT
#Libera bate papo uol
$IPTABLES -A FORWARD -i $int_if -o $ext_if -p tcp --dport 8010:8020 -j ACCEPT
# Anti-spoofing rule
$IPTABLES -N ppp0_In_RULE_1
test -n "$interface_ppp0" && $IPTABLES -A FORWARD -i $ext_if -s $interface_ext -j ppp0_In_RULE_1
$IPTABLES -A FORWARD -i $ext_if -s $ip_local -j ppp0_In_RULE_1
$IPTABLES -A FORWARD -i $ext_if -s $local_net -j ppp0_In_RULE_1
$IPTABLES -A ppp0_In_RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- DENY "
$IPTABLES -A ppp0_In_RULE_1 -j DROP
# Rule 2(ppp0)
# Anti-spoofing rule
$IPTABLES -N Cid44B50ABB.0
$IPTABLES -A FORWARD -o $ext_if -j Cid44B50ABB.0
test -n "$interface_ext" && $IPTABLES -A Cid44B50ABB.0 -o $ext_if -s $interface_ext -j RETURN
$IPTABLES -A Cid44B50ABB.0 -o $ext_if -s $ip_local -j RETURN
$IPTABLES -A Cid44B50ABB.0 -o $ext_if -s $local_net -j RETURN
$IPTABLES -N ppp0_Out_RULE_2_3
$IPTABLES -A Cid44B50ABB.0 -o $ext_if -j ppp0_Out_RULE_2_3
$IPTABLES -A ppp0_Out_RULE_2_3 -j LOG --log-level info --log-prefix "RULE 2 -- DENY "
$IPTABLES -A ppp0_Out_RULE_2_3 -j DROP
# Rule 0(int_if)
# Ping e trace route
$IPTABLES -A FORWARD -i $int_if -p icmp -s $local_net -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $int_if -p udp -s $local_net --destination-port 33434:33524 -m state --state NEW -j ACCEPT
# Rule 1($int_if)
# Liberacoes TCP
$IPTABLES -A FORWARD -i $int_if -p tcp -m multiport -s $local_net --destination-ports $tcp_ports -m state --state NEW -j ACCEPT
# Rule 2($int_if)
# Liberacoes UDP
$IPTABLES -A FORWARD -i $int_if -p udp -m multiport -s $local_net --destination-ports $udp_ports -m state --state NEW -j ACCEPT
# Permite ping e trace route da LAN para o Firewall
test -n "$interface_ext" && $IPTABLES -A INPUT -p icmp -s $local_net -d $interface_ext -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -s $local_net -d $ip_local -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A INPUT -p udp -s $local_net -d $interface_ext --destination-port 33434:33524 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p udp -s $local_net -d $ip_local --destination-port 33434:33524 -m state --state NEW -j ACCEPT
# Permite ping e trace route do firewall
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p icmp -s $interface_ext -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -s $ip_local -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p udp -s $interface_ext --destination-port 33434:33524 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s $ip_local --destination-port 33434:33524 -m state --state NEW -j ACCEPT
#Conexao ao squid
$IPTABLES -A INPUT -p tcp -s $local_net -d $ip_local --destination-port 3128 -m state --state NEW -j ACCEPT
#acesso ssh
$IPTABLES -A INPUT -p tcp -s $allow_ssh -d $ip_local --destination-port 22 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -s $allow_ssh_squid -d $ip_local --destination-port 22 -m state --state NEW -j ACCEPT
#VNC
$IPTABLES -t nat -A PREROUTING -p tcp -d $interface_ext --destination-port 5900 -j DNAT --to-destination $allow_vnc
$IPTABLES -N VNC_IN
$IPTABLES -A FORWARD -i ppp0 -p tcp -d $allow_vnc --destination-port 5900 -m state --state NEW -j VNC_IN
$IPTABLES -A VNC_IN -j LOG --log-level info --log-prefix "ACESSO_VNC: "
$IPTABLES -A VNC_IN -j ACCEPT
#Consulta de DNS da LAN
$IPTABLES -A INPUT -p udp -s $local_net -d $ip_local --destination-port 53 -m state --state NEW -j ACCEPT
#Consulta ntp
$IPTABLES -A INPUT -p udp -s $local_net -d $ip_local --destination-port 123 -m state --state NEW -j ACCEPT
#Rule 0(global)
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p icmp -s $interface_ext -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -s $ip_local -m state --state NEW -j ACCEPT
test -n "$interface_ext" && $IPTABLES -A OUTPUT -p udp -s $interface_ext --destination-port 33434:33524 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s $ip_local --destination-port 33434:33524 -m state --state NEW -j ACCEPT
# block fragments
$IPTABLES -N RULE_2
$IPTABLES -A FORWARD -p all -f -j RULE_2
$IPTABLES -A RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- DENY "
$IPTABLES -A RULE_2 -j DROP
# Rule 3(global)
$IPTABLES -N RULE_3
$IPTABLES -A FORWARD -j RULE_3
$IPTABLES -A RULE_3 -j LOG --log-level info --log-prefix "RULE 3 -- DENY "
$IPTABLES -A RULE_3 -j DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " inicializado com sucesso."
Iniciar firewall no boot
Para iniciar o squid no boot coloque o comando /usr/sbin/squid dentro do rc.local, localizado em /etc/rc.d/rc.local.Segue a mesma lógica do squid (figura 6), lembrando que o caminho deve ser apontado para onde está o arquivo firewall, nada impede de mudar este nome ou sua localização.
O rc.d completo
#!/bin/sh
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Put any local startup commands in here. Also, if you have
# anything that needs to be run at shutdown time you can
# make an /etc/rc.d/rc.local_shutdown script and put those
# commands in there.
echo -n "Iniciando conexao ADSL "
pppoe-start
echo "Iniciando firewall"
/etc/firewall/firewall
echo "Iniciando proxy"
/usr/sbin/squid
#
# /etc/rc.d/rc.local: Local system initialization script.
#
# Put any local startup commands in here. Also, if you have
# anything that needs to be run at shutdown time you can
# make an /etc/rc.d/rc.local_shutdown script and put those
# commands in there.
echo -n "Iniciando conexao ADSL "
pppoe-start
echo "Iniciando firewall"
/etc/firewall/firewall
echo "Iniciando proxy"
/usr/sbin/squid
A conexão utilizada é ADSL - Velox.
estou trabalhando para fazer um pacote completo onde ele instala tudo e jah joga os script no lugar devido e seu artigo me deu algumas ideias.
mais uma vez parabens pelo artigo.