controlar o acesso da rede pelo webmin

fabianopmth
(usa CentOS)

Enviado em 02/09/2013 - 12:51h

segue abaixo amigo

######## Porta de proxy #########
http_port 10.1.1.3:3128

######## Host visível ##########
visible_hostname server1

##### Log de acesso à páginas ######
access_log /var/log/squid/access.log


httpd_suppress_version_string on

## Páginas de bloqueios exibidos em Português

error_directory /usr/share/squid/errors/pt-br

cache_effective_user proxy
cache_effective_group proxy

## Tamanho máximo do arquivo no cache em RAM e disco, respectivamente

maximum_object_size_in_memory 64 KB

maximum_object_size 5000 MB
minimum_object_size 0 KB

## Porcentagem de uso do cache de disco mínimo e máximo,respectivamente

cache_swap_low 90
cache_swap_high 95

## Log de uso do cache em disco

cache_access_log /var/log/squid/cache.log

## Espaço de 5GB em disco para o cache de páginas

cache_dir ufs /var/spool/squid 5200 128 256

###### Regra que ir-a bloquer todos os sites que estaja na lista ####
acl sites_proibidos url_regex -i "/etc/squid/sites_proibidos/bloqueados"
http_access deny sites_proibidos

### Tamanho de armazenamento de cahe ####
cache_mem 512 MB

############################################################################
################# Especificação de portas seguras ##########################
############################################################################
acl manager proto cache_object
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 11194 # vpn
acl Safe_ports port 8069 # aplicacao h2a
acl Safe_ports port 1521 # oracle
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 243 563 443 2200 4343 8008 8009 10001 10002 1723 47 # https, snews
acl Safe_ports port 70 # goper
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl purge method PURGE
acl CONNECT method CONNECT

######## Rede interna ########
acl all src 0.0.0.0/0.0.0.0
acl rede_local src0 10.1.1.1/24
acl localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
http_access allow localhost
http_access allow rede_local
http_access deny all
79,1 Fim


e olha o erro que continua, parece simples.. mas ja me ganhou de 100 a 0


root@server1 squid]# service squid restart
Parando o squid: [FALHOU]
Iniciando o squid: [FALHOU]
2013/09/02 09:49:31| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2013/09/02 09:49:31| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'.
2013/09/02 09:49:31| SECURITY NOTICE: Overriding config setting. Using 'all' instead.
2013/09/02 09:49:31| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/09/02 09:49:31| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2013/09/02 09:49:31| WARNING: You should probably remove '::/0' from the ACL named 'all'
2013/09/02 09:49:31| aclParseAclLine: Invalid ACL type 'src0'
FATAL: Bungled squid.conf line 75: acl rede_local src0 10.1.1.1/24
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.003 user + 0.001 sys
Maximum Resident Size: 22528 KB
Page faults with physical i/o: 0

joaoaraujo
(usa openSUSE)

Enviado em 02/09/2013 - 12:55h

qual a versão do seu squid? posta ai a sua configuração de rede e ip da maquina onde o squid está instalado, verifica se é /etc/squid ou /etc/squid3

fabianopmth
(usa CentOS)

Enviado em 02/09/2013 - 13:04h

cara tenho o squid 3

e a pasta vai para /etc/squid

tenho duas interfaces de rede, onde recebo na eth0 10.1.1.3, 255.255.255.0 10.1.1.1 e gateway 172.21.0.2

na eth1 tenho minha rede interna
endereço 192.168.1.254 255.255.255.0 gateway 0.0.0.0

os terminais recebem na rede 192.168.1.30 com gateway 192.168.1.254

até no webmin ele da o seguinte erro

Seu diretório de cache do Squid /var/spool/squid não foi inicializado.Isto será realizado assim que o Squid for executado.


Índice do Módulo
Erro

Iniciando o squid: [FALHOU]
2013/09/02 09:54:34| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2013/09/02 09:54:34| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'.
2013/09/02 09:54:34| SECURITY NOTICE: Overriding config setting. Using 'all' instead.
2013/09/02 09:54:34| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/09/02 09:54:34| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2013/09/02 09:54:34| WARNING: You should probably remove '::/0' from the ACL named 'all'
2013/09/02 09:54:34| aclParseAclLine: Invalid ACL type 'src0'
FATAL: Bungled squid.conf line 75: acl rede_local src0 10.1.1.1/24
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.005 seconds = 0.004 user + 0.001 sys
Maximum Resident Size: 22576 KB
Page faults with physical i/o: 0


como eu tenho horas em curso e pouca experiencia em serviço dificulta um monte.

o jeito é nao desistir!

te agradeço

joaoaraujo
(usa openSUSE)

Enviado em 02/09/2013 - 13:57h

######## Porta de proxy #########
http_port ip_da_eth1 :3128

######## Host visível ##########
visible_hostname server1

##### Log de acesso à páginas ######
access_log /var/log/squid/access.log


httpd_suppress_version_string on

## Páginas de bloqueios exibidos em Português

error_directory /usr/share/squid/errors/pt-br

cache_effective_user proxy
cache_effective_group proxy

## Tamanho máximo do arquivo no cache em RAM e disco, respectivamente

maximum_object_size_in_memory 64 KB

maximum_object_size 5000 MB
minimum_object_size 0 KB

## Porcentagem de uso do cache de disco mínimo e máximo,respectivamente

cache_swap_low 90
cache_swap_high 95

## Log de uso do cache em disco

cache_access_log /var/log/squid/cache.log

## Espaço de 5GB em disco para o cache de páginas

cache_dir ufs /var/spool/squid 5200 128 256

###### Regra que ir-a bloquer todos os sites que estaja na lista ####
acl sites_proibidos url_regex -i "/etc/squid/sites_proibidos/bloqueados"
http_access deny sites_proibidos

### Tamanho de armazenamento de cahe ####
cache_mem 512 MB

############################################################################
################# Especificação de portas seguras ##########################
############################################################################
acl manager proto cache_object
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 11194 # vpn
acl Safe_ports port 8069 # aplicacao h2a
acl Safe_ports port 1521 # oracle
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 243 563 443 2200 4343 8008 8009 10001 10002 1723 47 # https, snews
acl Safe_ports port 70 # goper
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl purge method PURGE
acl CONNECT method CONNECT

######## Rede interna ########
acl all src 0.0.0.0/0.0.0.0
acl rede_local src0 192.168.1.0/24
acl localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
http_access allow localhost
http_access allow rede_local
http_access deny all

joaoaraujo
(usa openSUSE)

Enviado em 02/09/2013 - 13:59h

10.1.1.30 é o ip que sai do roteador e entra pela eth0 né? vc tem que configurar o squid para sua rede interna que sai pela eth1 que é 192.168.1.0/24

joaoaraujo
(usa openSUSE)

Enviado em 02/09/2013 - 14:05h

testa agora vê funciona

######## Porta de proxy #########
http_port 3128

######## Host visível ##########
visible_hostname server1

##### Log de acesso à páginas ######
access_log /var/log/squid/access.log


httpd_suppress_version_string on

## Páginas de bloqueios exibidos em Português

error_directory /usr/share/squid/errors/pt-br

cache_effective_user proxy
cache_effective_group proxy

## Tamanho máximo do arquivo no cache em RAM e disco, respectivamente

maximum_object_size_in_memory 64 KB

maximum_object_size 5000 MB
minimum_object_size 0 KB

## Porcentagem de uso do cache de disco mínimo e máximo,respectivamente

cache_swap_low 90
cache_swap_high 95

## Log de uso do cache em disco

cache_access_log /var/log/squid/cache.log

## Espaço de 5GB em disco para o cache de páginas

cache_dir ufs /var/spool/squid 5200 128 256

###### Regra que ir-a bloquer todos os sites que estaja na lista ####
acl sites_proibidos url_regex -i "/etc/squid/sites_proibidos/bloqueados"
http_access deny sites_proibidos

### Tamanho de armazenamento de cahe ####
cache_mem 512 MB

############################################################################
################# Especificação de portas seguras ##########################
############################################################################
acl manager proto cache_object
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 11194 # vpn
acl Safe_ports port 8069 # aplicacao h2a
acl Safe_ports port 1521 # oracle
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 243 563 443 2200 4343 8008 8009 10001 10002 1723 47 # https, snews
acl Safe_ports port 70 # goper
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl purge method PURGE
acl CONNECT method CONNECT

######## Rede interna ########
acl all src 0.0.0.0/0.0.0.0
acl rede_local src0 192.168.1.0/24
acl localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
http_access allow localhost
http_access allow rede_local
http_access deny all

fabianopmth
(usa CentOS)

Enviado em 03/09/2013 - 07:36h

amigo joao

segue o erro abaixo

[root@server1 ~]# service squid restart
Parando o squid: [FALHOU]
Iniciando o squid: [FALHOU]
2013/09/03 04:33:55| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2013/09/03 04:33:55| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'.
2013/09/03 04:33:55| SECURITY NOTICE: Overriding config setting. Using 'all' instead.
2013/09/03 04:33:55| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/09/03 04:33:55| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2013/09/03 04:33:55| WARNING: You should probably remove '::/0' from the ACL named 'all'
2013/09/03 04:33:55| aclParseAclLine: Invalid ACL type 'src0'
FATAL: Bungled squid.conf line 74: acl rede_local src0 192.168.1.0/24
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.005 seconds = 0.003 user + 0.002 sys
Maximum Resident Size: 22544 KB
Page faults with physical i/o: 0

joaoaraujo
(usa openSUSE)

Enviado em 03/09/2013 - 12:50h

remove este 0 da linha acl rede_local src0 192.168.1.0/24
deixa assim acl rede_local src 192.168.1.0/24

fabianopmth
(usa CentOS)

Enviado em 04/09/2013 - 08:16h

[root@server1 squid]# service squid start
Iniciando o squid: [ OK ]

só que nao esta bloqueando

a acls de bloqueio:

acl sites_proibidos url_regex -i /etc/squid/sites_proibidos/bloqueados

para bloquear vou no browser dos terminais, conexões, configurações de proxy/ configuraçoes de lan

ai marco a opção: usar um servidor proxi para rede local

endereço: 192.168.1.254 e porta 3128

é isso?

obrigado

Buckminster
(usa Debian)

Enviado em 04/09/2013 - 08:29h

fabianopmth escreveu:

segue abaixo amigo

######## Porta de proxy #########
http_port 10.1.1.3:3128

######## Host visível ##########
visible_hostname server1

##### Log de acesso à páginas ######
access_log /var/log/squid/access.log


httpd_suppress_version_string on

## Páginas de bloqueios exibidos em Português

error_directory /usr/share/squid/errors/pt-br

cache_effective_user proxy
cache_effective_group proxy

## Tamanho máximo do arquivo no cache em RAM e disco, respectivamente

maximum_object_size_in_memory 64 KB

maximum_object_size 5000 MB
minimum_object_size 0 KB

## Porcentagem de uso do cache de disco mínimo e máximo,respectivamente

cache_swap_low 90
cache_swap_high 95

## Log de uso do cache em disco

cache_access_log /var/log/squid/cache.log

## Espaço de 5GB em disco para o cache de páginas

cache_dir ufs /var/spool/squid 5200 128 256

###### Regra que ir-a bloquer todos os sites que estaja na lista ####
acl sites_proibidos url_regex -i "/etc/squid/sites_proibidos/bloqueados"
http_access deny sites_proibidos

### Tamanho de armazenamento de cahe ####
cache_mem 512 MB

############################################################################
################# Especificação de portas seguras ##########################
############################################################################
acl manager proto cache_object
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 11194 # vpn
acl Safe_ports port 8069 # aplicacao h2a
acl Safe_ports port 1521 # oracle
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 243 563 443 2200 4343 8008 8009 10001 10002 1723 47 # https, snews << AQUI PROCURE NÃO COLOCAR MAIS DO QUE 5 PORTAS EM CADA ACL SAFE_PORTS, CRIE UMA NOVA.
acl Safe_ports port 70 # goper
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl purge method PURGE
acl CONNECT method CONNECT

######## Rede interna ########
acl all src 0.0.0.0/0.0.0.0 << AQUI PODE COMENTAR, O SQUID 3 CRIA SOZINHO POR PADRÃO ESSA ACL OU ENTÃO COLOCA 'ALL', FICANDO ASSIM: acl all src all
acl rede_local src0 10.1.1.1/24 << AQUI TIRE O '0' DEPOIS DE SRC;
acl localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
http_access allow localhost
http_access allow rede_local
http_access deny all
79,1 Fim


e olha o erro que continua, parece simples.. mas ja me ganhou de 100 a 0


root@server1 squid]# service squid restart
Parando o squid: [FALHOU]
Iniciando o squid: [FALHOU]
2013/09/02 09:49:31| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2013/09/02 09:49:31| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'.
2013/09/02 09:49:31| SECURITY NOTICE: Overriding config setting. Using 'all' instead.
2013/09/02 09:49:31| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/09/02 09:49:31| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2013/09/02 09:49:31| WARNING: You should probably remove '::/0' from the ACL named 'all'
2013/09/02 09:49:31| aclParseAclLine: Invalid ACL type 'src0'
FATAL: Bungled squid.conf line 75: acl rede_local src0 10.1.1.1/24
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.004 seconds = 0.003 user + 0.001 sys
Maximum Resident Size: 22528 KB
Page faults with physical i/o: 0


Execute squid -v e poste aqui o resultado desse comando.

fabianopmth
(usa CentOS)

Enviado em 04/09/2013 - 08:42h

amigo ok

o squid ta funcionando, os terminais ja se conectam no servidor
só que quando eu abro o browser dos servidor e digito o endereço ele aparece em baixo

resolvendo proxi e nao abre nenhuma pagina.

preciso fazer uma acl dos sites que libero?

joaoaraujo
(usa openSUSE)

Enviado em 04/09/2013 - 08:53h

cara não é src0 e sim src não pode ter este 0 colado com src, v&#7869; se este funciona agora.


######## Porta de proxy #########
http_port 3128

######## Host visível ##########
visible_hostname server1

##### Log de acesso à páginas ######
access_log /var/log/squid/access.log


httpd_suppress_version_string on

## Páginas de bloqueios exibidos em Português

error_directory /usr/share/squid/errors/pt-br

cache_effective_user proxy
cache_effective_group proxy

## Tamanho máximo do arquivo no cache em RAM e disco, respectivamente

maximum_object_size_in_memory 64 KB

maximum_object_size 5000 MB
minimum_object_size 0 KB

## Porcentagem de uso do cache de disco mínimo e máximo,respectivamente

cache_swap_low 90
cache_swap_high 95

## Log de uso do cache em disco

cache_access_log /var/log/squid/cache.log

## Espaço de 5GB em disco para o cache de páginas

cache_dir ufs /var/spool/squid 5200 128 256

###### Regra que ir-a bloquer todos os sites que estaja na lista ####
acl sites_proibidos url_regex -i "/etc/squid/sites_proibidos/bloqueados"
http_access deny sites_proibidos

### Tamanho de armazenamento de cahe ####
cache_mem 512 MB

############################################################################
################# Especificação de portas seguras ##########################
############################################################################
acl manager proto cache_object
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 11194 # vpn
acl Safe_ports port 8069 # aplicacao h2a
acl Safe_ports port 1521 # oracle
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 243 563 443 2200 4343 8008 8009 10001 10002 1723 47 # https, snews
acl Safe_ports port 70 # goper
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl purge method PURGE
acl CONNECT method CONNECT

######## Rede interna ########
acl rede_local src 192.168.1.0/24
acl localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
http_access allow localhost
http_access allow rede_local

depois faz assim sudo /etc/init.d/squid restart