Squid + Firewall (squid.conf )
Firewall + Proxy Transparente
Categoria: Samba
Software: Squid + Firewall
[ Hits: 22.542 ]
Por: STARCK
Sou iniciante em Linux , mas estou postando aqui um squid.conf e firewall que funciona perfeitamente no meu Ubuntu 8.10 e 9.10, ele é completo e cada string foi comentada.
Espero ter ajudado com a comunidade pela qual tenho muito orgulho em participar...
Um abraço a todos e VIVA O LINUX!
#!/bin/bash
# Firewall,configurado e montado por: Alexandre Starck de Oliveira
# Para esse arquivo ser iniciado no boot deve ser colocado de acordo com as regras abaixo:
### 1º)-Dar permissão de arquivo executável Ex: chmod +x /etc/init.d/firewall
### 2º)-Primeira opção,para ser iniciado no boot.Colocar o diretório completo no arquivo rc.local Ex:
# vim /etc/rc.local
# /etc/init.d/firewall # esse diretório deve ser colocado na última linha do arquivo rc.local
### 3º)-Outra opção é criar um link simbólico. Ex: ln -s /etc/init.d/firewall /etc/rc5.d/S99Firewall
# O link apontará para o arquivo /etc/init.d/firewall, que é o nosso script, o S99 do arquivo de link significa:
# o "S" de Start (iniciar) e o 99 é a ordem que ele será executado juntamente com o sistema.
# Compartilhando a Internet
echo 1 > /proc/sys/net/ipv4/ip_forward
# Variáveris #
LanExt=eth1 # placa de internet
LanInt=192.168.10.1/24
Rede=192.168.10.0/24 # minha rede local
# Módulos #
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
####################
### Função START ###
####################
firewall_start() {
echo "Iniciando o Firewall.......................[ OK ]"
# Limpa as regras #
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle
# Politicas padrao #
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
# Manter conexoes jah estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
#######################
### LOG DO FIREWALL ###
#######################
#iptables -A INPUT -d $LanExt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 22"
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"
###############################
# Proteções #
###############################
# Protege contra os "Ping of Death"
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 20/m -j ACCEPT
# Protege contra port scanners avançados (Ex.: nmap)
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 20/m -j ACCEPT
# Bloqueando tracertroute
iptables -A INPUT -p udp -s 0/0 -i eth1 --dport 33435:33525 -j REJECT
# Protecoes contra ataques
iptables -A INPUT -m state --state INVALID -j REJECT
###############################
# TABELA Input #
###############################
### Destino Externo ###
# Liberando Porta 22 (SSH)
#iptables -A INPUT -d $LanExt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH EXT 2222"
iptables -A INPUT -d $LanExt -p tcp --dport 22 -j ACCEPT
# Liberando Porta 21 (ftp)
#iptables -A INPUT -d $LanExt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP EXT 21"
iptables -A INPUT -d $LanExt -p tcp --dport 21 -j ACCEPT
### Destino Interno ###
# Liberando Porta 22 (SSH)
#iptables -A INPUT -d $LanInt -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: SSH INT 22"
iptables -A INPUT -d $LanInt -p tcp --dport 22 -j ACCEPT
# Liberando porta 3128 (Squid)
iptables -A INPUT -d $LanInt -p tcp --dport 3128 -j ACCEPT
# Liberando Porta 80 (http)
#iptables -A INPUT -d $LanInt -p tcp --dport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: HTTP INT 80"
iptables -A INPUT -d $LanInt -p tcp --dport 80 -j ACCEPT
# Liberando Porta 21 (ftp)
#iptables -A INPUT -d $LanInt -p tcp --dport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: FTP INT 21"
iptables -A INPUT -d $LanInt -p tcp --dport 21 -j ACCEPT
# Liberando porta 3000 (NTOP)
iptables -A INPUT -d $LanInt -p tcp --dport 3000 -j ACCEPT
###############################
# TABELA Forward #
###############################
# Libera computador das regras do firewall
iptables -A FORWARD -s 192.168.4.13 -p tcp -j ACCEPT
iptables -A FORWARD -s 192.168.4.13 -p udp -j ACCEPT
### MSN ###
# Libera msn para o IP #
# nome
iptables -A FORWARD -s 192.168.4.11 -p tcp --dport 1863 -j ACCEPT
# Bloqueio de MSN #
#iptables -A FORWARD -s 192.168.4.0 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 192.168.4.0 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -d webmessenger.msn.com -j DROP
#iptables -A FORWARD -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -s 198.164.4.0/24 -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -d 64.4.13.0/24 -j DROP
# Liberando Porta 2222 (SSH)
iptables -A FORWARD -s $Rede -p tcp --dport 2222 -j ACCEPT
# Liberando Porta 22 (SSH)
iptables -A FORWARD -s $Rede -p tcp --dport 22 -j ACCEPT
# Liberando Porta 110 (pop-3)
iptables -A FORWARD -s $Rede -p tcp --dport 110 -j ACCEPT
# Liberando Porta 995 (spop-3)
iptables -A FORWARD -s $Rede -p tcp --dport 995 -j ACCEPT
# Liberando Porta 25 (smtp)
iptables -A FORWARD -s $Rede -p tcp --dport 25 -j ACCEPT
# Liberando Porta 465 (smtp-s)
iptables -A FORWARD -s $Rede -p tcp --dport 465 -j ACCEPT
# Liberando Porta 2121 (ftp)
iptables -A FORWARD -s $Rede -p tcp --dport 2121 -j ACCEPT
# Liberando Porta 21 (ftp)
iptables -A FORWARD -s $Rede -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -s $Rede -p udp --dport 20 -j ACCEPT
# Liberando porta 53 (DNS)
iptables -A FORWARD -s $Rede -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s $Rede -p udp --dport 53 -j ACCEPT
# Regras forward para o funcionamento de redirecionamento de portas (NAT)
# Redirecionando porta 5900 (VNC)
#iptables -A FORWARD -p tcp --dport 5900 -j ACCEPT
#ptables -A FORWARD -p tcp --dport 5800 -j ACCEPT
###############################
######### TABELA NAT ## #######
###############################
# Redireconamento de portas
# VNC Para algum micro (192.168.1.31 = nome da pessoa)
#iptables -t nat -A PREROUTING -d $LanExt -p tcp --dport 5900 -j DNAT --to 192.168.0.77:5900
# Mascaramento de rede para acesso externo #
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#Bloqueia todo o resto
#iptables -A INPUT -p tcp -j LOG --log-level 6 --log-prefix "FIREWALL: GERAL "
iptables -A INPUT -p tcp --syn -j DROP
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -p udp -j DROP
}
##################
### Função STOP ##
##################
firewall_stop() {
echo "Parando firewall e funcionando apenas com mascaramento ........................[ OK ]"
# Limpa as regras #
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle
# Politicas padrao #
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
# Manter conexoes jah estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
###############################
# TABELA Forward #
###############################
### MSN ###
# Libera msn para o IP #
# nome
#iptables -A FORWARD -s 192.168.0.34 -p tcp --dport 1863 -j ACCEPT
# nome
#iptables -A FORWARD -s 192.168.0.5 -p tcp --dport 1863 -j ACCEPT
# Bloqueio de MSN #
#iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 192.168.1.0 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d loginnet.passport.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -d webmessenger.msn.com -j DROP
#iptables -A FORWARD -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1080 -j DROP
#iptables -A FORWARD -p tcp --dport 1863 -j DROP
#iptables -A FORWARD -d 64.4.13.0/24 -j DROP
###############################
######### TABELA NAT ## #######
###############################
# Mascaramento de rede para acesso externo #
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Efetivando o PROXY TRANPARENTE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 # (Redireciona para o squid) - eth1 -> Placa de rede local
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
echo "Regras Limpas e Firewall desabilitado ...........................................[ << ATENÇÂO >> FIREWALL DESATIVADO ]"
firewall_restart() {
echo "Reiniciando Firewall.............................................................................[ OK ]"
firewall_stop
sleep 3
firewall_start
echo "Firewall Reiniciado..............................................................................[ OK ]"
}
case "$1" in
'start')
firewall_start
echo "Firewall Iniciado................................................................................[ OK ]"
;;
'stop')
firewall_stop
;;
'restart')
firewall_restart
;;
*)
echo "Opções possíveis:"
echo "firewall start"
echo "firewall stop"
echo "firewall restart"
esac
### <<<FIM>>> ###
### Meu Proxy ######
###############################################################
# squid.conf (configuração)
# Por Alexandre Starck de Oliveira
# e-mail starck2007@hotmail.com
# Nessa versão é bem diferente as configurações de proxy transparente, não é necessário mais acrescentar essas linhas no arquivo squid.conf:
# httpd_accel_port 80
# httpd_accel_host virtual
# httpd_accel_with_proxy on
# httpd_accel_uses_host_header on
# >> Agora só precisa colocar:
# http_port 3128 transparent vhost vport
# always_direct allow all
# >> O restante da configuração é o padrão do Squid.
http_port 3128 transparent 192.168.10.1:3128
error_directory /usr/share/squid3/errors/pt-br
visible_hostname Servidor # como root digite hostname
dns_nameservers 200.149.55.140 200.165.132.147 # padrão "TELEMAR".Em caso de dúvida ligar para velox para fornecer seu número de DNS....
always_direct allow all A
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 22 80 139 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Aqui entram todas as ACL's
# *** Define a lista de palavras impróprias
acl palavras dstdomain -i "/etc/squid/list/palavras"
http_access deny palavras
# *** Define a lista de sites impróprios
acl sites url_regex -i "/etc/squid/list/sites"
http_access deny sites
acl Rede src 192.168.10.0/24
http_access allow localhost
http_access allow Rede
http_access deny all
# OBS: Não esquecendo de inserir os DNS's,IP's e GATEWAY nas "Máquinas Virtuais".
# IMPORTANTE: Usar cabo "crossouver" para as máquinas locais <<SEMPRE>>.
###<<<< FIM >>>>###
Comentários
[1] Comentário enviado por nokyboney em 05/05/2010 - 19:28h
Tenho o squid abaixo, tudo funciona, menos a internet... sou novato no linux, me deem um help, please.
"Onde foi que eu errei?"
Segue o script:
asprofw-sp:/etc/squid# vi squid.conf
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
"squid.conf" [converted] 102L, 3346C 1,1 Top
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
90,1 Bot
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
Aguardo retorno.
Alcenir
alcenir_5@hotmail.com
Tenho o squid abaixo, tudo funciona, menos a internet... sou novato no linux, me deem um help, please.
"Onde foi que eu errei?"
Segue o script:
asprofw-sp:/etc/squid# vi squid.conf
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
"squid.conf" [converted] 102L, 3346C 1,1 Top
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
90,1 Bot
### PROXY SQUID ####
# Configuração do SQUID para TupiServer
# ATENCÃO!! NÃO ALTERE AS LINHAS DO FILTRO E DO
# PROXY TRANSPARENTE SEM USAR O SCRIPT DE CONFIGURACAO
# QUE SE ENCONTRA NO PAINEL DE CONTROLE
#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid-cache 8900 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
ftp_passive on
hosts_file /etc/hosts
### TupiUsers #######################
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#TA auth_param basic program /usr/lib/squid/ncsa_auth /etc/tupiserver/users.pwd
#TA auth_param basic realm TupiServer Acesso ao Proxy
############################################################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#TA acl tupiusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
### Controle de Sites - TupiAdmin #######################
acl msn url_regex -i "/etc/squid/msn.txt"
acl acesso url_regex -i "/etc/squid/regras_acesso"
acl tupiacesso url_regex -i "/etc/squid/tupiacesso"
acl sites dstdomain "/etc/squid/regras_url"
acl tupisites dstdomain "/etc/squid/tupiurl"
acl palavra url_regex -i "/etc/squid/regras_palavras"
acl tupipalavra url_regex -i "/etc/squid/tupipalavras"
acl broken dstdomain support.microsoft.com mail.aspro.com.br
############################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 8181 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
## TupiFiltro #############
http_access allow tupiacesso
http_access allow acesso
http_access allow msn
http_access deny palavra
http_access deny tupipalavra
http_access deny sites
http_access deny tupisites
#############################
http_access allow all
http_reply_access allow all
icp_access allow all
header_access Accept-Encoding deny broken
# miss_access allow all
cache_effective_user proxy
cache_effective_group proxy
#### Configuracao Proxy Transparente #####################################
#PT httpd_accel_port 80
#PT httpd_accel_host virtual
#PT httpd_accel_with_proxy on
#PT httpd_accel_uses_host_header on
##########################################################################
error_directory /usr/share/squid/errors/Portuguese
deny_info ERR_ACCESS_DENIED sites
deny_info ERR_ACCESS_DENIED tupisites
#deny_info ERR_ACCESS_FILE palavra
#deny_info ERR_ACCESS_FILE tupipalavra
coredump_dir /var/spool/squid
visible_hostname AsproFw
Aguardo retorno.
Alcenir
alcenir_5@hotmail.com
[2] Comentário enviado por marcianofliegner em 22/02/2012 - 21:43h
Alcenir não funciona a internet na sua maquina ou na rede???
Alcenir não funciona a internet na sua maquina ou na rede???
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Como extrair chaves TOTP 2FA a partir de QRCODE (Google Authenticator)
Linux em 2025: Segurança prática para o usuário
Desktop Linux em alta: novos apps, distros e privacidade marcam o sábado
IA chega ao desktop e impulsiona produtividade no mundo Linux
Novos apps de produtividade, avanços em IA e distros em ebulição agitam o universo Linux
Dicas
Digitando underscore com "shift" + "barra de espaços"
Como ativar a lixeira e recuperar aquivos deletados em um servidor Linux
Como mudar o nome de dispositivos Bluetooth via linha de comando
Tópicos
É normal não gostar de KDE? (6)
Impressora epson l6270 não funciona em Linux mint (0)
esqueci a senha do boot do notebook dell vostro 3300 (3)
Top 10 do mês
-
Xerxes
1° lugar - 95.683 pts -
Fábio Berbert de Paula
2° lugar - 72.798 pts -
Alberto Federman Neto.
3° lugar - 23.375 pts -
edps
4° lugar - 21.596 pts -
Mauricio Ferrari
5° lugar - 20.959 pts -
Buckminster
6° lugar - 20.845 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
7° lugar - 20.452 pts -
Andre (pinduvoz)
8° lugar - 18.002 pts -
Daniel Lara Souza
9° lugar - 17.512 pts -
Juliao Junior
10° lugar - 14.685 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
