weltonpba
(usa Debian)
Enviado em 20/08/2009 - 11:40h
Bom pessoal ja vasculhei na internet ja olhei meus scripts e nao acho a solução favor me ajudem
to tentando fazer proxy transparent no meu servidor ubuntu 8.4.03 modo texto versão do meu suqudi e 2.6 stable8, ta tudo funcionando normal mas tenho que configurar no internet explorer o enderço 192.168..1.1 3128, quando eu tiro ele nao entra na internet nem com base a cacetada tbm quando eu altero a porta para 80 nas configurações de proxy no internet explorer funciona normal mas se eu tirar, não roda minha net, sera que tem algo errado??
deixo minhas configuraçoes abaixo
Squid
http_port 3128 transparent
visible_hostname ubuntu
cache_mem 128 MB
maximum_object_size_in_memory 128 MB
maximum_object_size 1204 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/squid/access.log
refresh_pattern ^ftp:15 20% 2280
refresh_pattern ^gopher:15 0% 2280
refresh_pattern . 15 20% 2280
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl site dstdomain cmt.caixa.gov.br
always_direct allow site
acl bloqueados url_regex -i "/etc/squid/bloqueados"
http_access deny bloqueados
acl extensao dstdom_regex "/etc/squid/extensao"
http_access deny extensao
acl redelocal src 192.168.1.0/24
http_access allow localhost
http_access allow redelocal
http_access deny all
-------------------------------------------------------------------------------------------
ARQUIVO: /etc/rc.local
-------------------------------------------------------------------------------------------
modprobe iptables_nat
echo 1> /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE-
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Qual sera o problema ???