eu vou explicar como esta a minha rede pra eu poder tirar algumas duvidas, ok e como eu fiz todos os procedimentos a maquina esta usando o debian sarge. a eth0 recebe sinal da internet atravez da brasil telecom com um ip fixo a eth1 distribui o sinal pra rede(192.168.1.xxx) o roteamento foi feito da seguinte forma: um script com as seguintes linhas
#!/bin/bash iptables = /usr/sbin/iptables sysctl = /sbin/sysctl echo echo -e "\n\n Exencutando Regras.\n" #regras de roteamento de internet iptables -F iptables -F INPUT iptables -F OUTPUT iptables -F POSTROUTING -t nat iptables -F PREROUTING -t nat iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE sysctl -w net.ipv4.ip_forward=1 #bloqueio do orkut #iptables -A OUTPUT -d orkut.com -j DROP #iptables -A FORWARD -d orkut.com -j DROP #iptables -A FORWARD -d www.orkut.com -p tcp --dport 443 -j DROP #iptables -A INPUT -d www.orkut.com -p tcp --dport 443 -j DROP #iptables -A FORWARD -d orkut.com -p tcp --dport 443 -j DROP #iptables -A INPUT -d orkut.com -p tcp --dport 443 -j DROP #bloqueio portas messenger iptables -A FORWARD -s 192.168.0.0/255.255.255.0 -p tcp --dport 1863 -j REJECT iptables -A FORWARD -s 192.168.0.0/255.255.255.0 -d loginnet.passport.com -j REJECT route add -host 209.85.141.85 reject route add -host 209.85.141.86 reject route add -host 209.85.141.87 reject route add -host 209.85.141.94 reject #redirecionar para a porta 3128 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 #bloquear msn iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 1863 -j REJECT iptables -A FORWARD -s 192.168.1.0 -d loginnet.passport.com -j REJECT iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 5190 -j REJECT iptables -t nat -a PREROUTING -p TCP -i eth0 --dport 80 -d 65.54.0.0/16 -j DROP #bloquear webmessengers iptables -A FORWARD -s LAN -d webmessenger.msn.com -j REJECT e aqui esta o squid.conf ############################################################################### # Copyright (c) 2006 SuSE GmbH Nuernberg, Germany. # # # # Author: # # Marcone Gledson de Almeida # # Modificado: # Sarrafo ############################################################################### # Dados do Squid http_port 3128 visible_hostname Proxy.SQUID # Configuração do cache cache_mem 256 MB maximum_object_size_in_memory 128 KB maximum_object_size 50 MB #minimum_object_size 0 KB cache_swap_low 90 cache_swap_high 95 cache_dir ufs /var/cache/squid 2048 16 256 #Mensagens de erro do Squid em Português error_directory /usr/share/squid/errors/Portuguese # Localização do arquivo de log do Squid cache_access_log /var/log/squid/access.log # Atualização do Cache refresh_pattern ^ftp: 15 20% 2280 refresh_pattern ^gopher: 15 20% 2280 refresh_pattern . 15 20% 22820 #IP's da rede local liberado tudo #acl ip_liberado src "/etc/squid/ip_liberado" #http_access allow ip_liberado # Regras de bloqueio (o IP x somente tem acesso ao site y) #acl site_restrito dstdomain "/etc/squid/site_restrito" #acl ip_restrito src "/etc/squid/ip_restrito" #http_access deny ip_restrito !site_restrito #IP's da rede local bloqueados #acl ip_negado src "/etc/squid/ip_negado #http_access deny ip_negado # Regras de bloqueio de site ***por palavras #acl palavra dstdom_regex "/etc/squid/palavras_negadas" #http_access deny palavra # Regras de bloqueio de site ***por url acl site url_regex -i "/etc/squid/sites_negados" http_access deny site #Bloqueio de downloads por extensão acl download url_regex -i .com$ .pif$ .exe$ .avi$ .mp3$ .mpeg$ .mpg$ .rm$ .wma$ .wmv$ .asx$ .cab$ .src$ # Regras de gerais acl all src 0.0.0.0/0.0.0.0 http_access allow all acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 #http acl Safe_ports port 21 #ftp acl Safe_ports port 443 563 #https, news acl Safe_ports port 70 #gopher acl Safe_ports port 210 #wais acl Safe_ports port 1025-65535 #unregistred ports acl Safe_ports port 280 #http-mgmt acl Safe_ports port 488 #gss-http acl Safe_ports port 591 #filemaker acl Safe_ports port 777 #multiling http acl Safe_ports port 901 #swat acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Controle de uso de banda para a rede local # delay_pools 1 # delay_class 1 2 # delay_parameters 1 114688/114688 16384/16384 #com a conexao de 1024 kbps # delay_access 1 allow localnet # Libera para a rede local acl redelocal src 192.168.1.0/24 http_access allow localhost #http_access allow redelocal #bloqueio orkut e msn acl trava_msn_orkut url_regex -i "/etc/squid/regras/trava_msn_orkut.txt" http_access deny trava_msn_orkut # Proxy transparente httpd_accel_port 80 httpd_accel_host virtual httpd_accel_uses_host_header on httpd_accel_with_proxy on Em 11/07/07, Márcio Pedroso <[EMAIL PROTECTED]> escreveu:
estou instalando o squid em um roteador de internet remotamente, e peguei essa configuraçao de squid que esta na internet. porem ele esta me informando erro na linha 94, onde ele pede o nome da rede. 2007/07/11 10:40:36| ACL name 'localnet' not defined! FATAL: Bungled squid.conf line 94: http_access allow localnet Squid Cache (Version 2.5.STABLE9): Terminated abnormally. como eu vejo o nome da rede remotamente, e se é realmente nessesário colocar o nome da rede no squid.conf segue o squid.conf ############################################################################### # Copyright (c) 2006 SuSE GmbH Nuernberg, Germany. # # # # Author: # # Marcone Gledson de Almeida # # Modificado: # Sarrafo ############################################################################### # Dados do Squid http_port 3128 visible_hostname Proxy.SQUID # Configuração do cache cache_mem 64 MB maximum_object_size_in_memory 128 KB maximum_object_size 300 MB minimum_object_size 0 KB cache_swap_low 90 cache_swap_high 95 cache_dir ufs /var/cache/squid 2048 16 256 #Mensagens de erro do Squid em Português error_directory /usr/share/squid/errors/Portuguese # Localização do arquivo de log do Squid cache_access_log /var/log/squid/access.log # Atualização do Cache refresh_pattern ^ftp: 15 20% 2280 refresh_pattern ^gopher: 15 20% 2280 refresh_pattern . 15 20% 22820 #IP's da rede local liberado tudo #acl ip_liberado src "/etc/squid/ip_liberado" #http_access allow ip_liberado # Regras de bloqueio (o IP x somente tem acesso ao site y) #acl site_restrito dstdomain "/etc/squid/site_restrito" #acl ip_restrito src "/etc/squid/ip_restrito" #http_access deny ip_restrito !site_restrito #IP's da rede local bloqueados #acl ip_negado src "/etc/squid/ip_negado #http_access deny ip_negado # Regras de bloqueio de site ***por palavras #acl palavra dstdom_regex "/etc/squid/palavras_negadas" #http_access deny palavra # Regras de bloqueio de site ***por url acl site url_regex -i "/etc/squid/sites_negados" http_access deny site #Bloqueio de downloads por extensão acl download url_regex -i .com$ .pif$ .exe$ .avi$ .mp3$ .mpeg$ .mpg$ .rm$ .wma$ .wmv$ .asx$ .cab$ .src$ # Regras de gerais acl all src 0.0.0.0/0.0.0.0 http_access allow all acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 #http acl Safe_ports port 21 #ftp acl Safe_ports port 443 563 #https, news acl Safe_ports port 70 #gopher acl Safe_ports port 210 #wais acl Safe_ports port 1025-65535 #unregistred ports acl Safe_ports port 280 #http-mgmt acl Safe_ports port 488 #gss-http acl Safe_ports port 591 #filemaker acl Safe_ports port 777 #multiling http acl Safe_ports port 901 #swat acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Controle de uso de banda para a rede local # delay_pools 1 # delay_class 1 2 # delay_parameters 1 114688/114688 16384/16384 #com a conexao de 1024 kbps # delay_access 1 allow localnet # Libera para a rede local acl redelocal src 192.168.1.0/24 http_access allow localhost http_access allow localnet # Proxy transparente httpd_accel_port 80 httpd_accel_host virtual httpd_accel_uses_host_header on httpd_accel_with_proxy on
o trava_orkut e msn :/etc/squid/regras# ls trava_msn_orkut.txt servlab01:/etc/squid/regras# cat trava_msn_orkut.txt ## LISTA PARA BLOQUEIO DO MSN 200.177.97.157 207.46.111.54 207.46.111.54/gateway 207.46.113.220 207.46.108.51 207.68.178.239 65.212.92.104 65.50.10.6 65.212.92.111 64.58.88.113 ADSAdClient31.dll login.live.com spaces.live.com passport.com msn.com.br msn.com sc.msn.com rad.msn.com tp.msn.com c.msn.com msn.be hp.msn.com hpc.msn.com hm.msn.com # stb.msn.com stj.msn.com mymsn.hotmail.com ads1.msn.com hotmail.msn.com storage.msn.com st.msn.com tp.msn.com stc.msn.com # msn_messenger config.messenger.msn.com media.meegos.com messenger gateway.dll messenger.msn.com.br http.msg.yahoo.com nickname.msn.com.br chat.msn.com chat.msn.com.br msgr.hotmail.com gateway.messenger.hotmail.com http1.msgr.hotmail.com http2.msgr.hotmail.com http3.msgr.hotmail.com http4.msgr.hotmail.com http5.msgr.hotmail.com http6.msgr.hotmail.com http7.msgr.hotmail.com http8.msgr.hotmail.com http9.msgr.hotmail.com http10.msgr.hotmail.com http11.msgr.hotmail.com http12.msgr.hotmail.com http13.msgr.hotmail.com http14.msgr.hotmail.com http15.msgr.hotmail.com http16.msgr.hotmail.com http17.msgr.hotmail.com http18.msgr.hotmail.com http19.msgr.hotmail.com http20.msgr.hotmail.com x-msn # ## OUTROS LINKS PARA WEB-MESSENGER # meebo.com 65.19.140.246 ebuddy.com 193.238.160.62 msn2go.com 69.64.38.128 e-messenger.net 82.98.252.234 phonefox.com 85.184.4.3 193.238.162.21 msnger.com 216.32.66.234 torperkut.com 65.99.232.42 go.icq.com 64.12.164.120 wbmsn.net 212.227.34.3 bhi.com.br messengerfx.com # ## SERVIDORES PROXY # anonymouse.org brianwatch.com aliveproxy.com # ## LISTA PARA BLOQUEIO DO ORKUT # orkut orkut.com www.orkut.com 72.14.209.86 www.orkat.com 72.14.209.85 www.okcut.com 64.69.68.141 72.14.209.87 mesmo com essas regras, o msn ta conectando eu to doido --
linux user nº 432194 Eu sou livre e você?
-- linux user nº 432194 Eu sou livre e você?
