estou configurando um roteador de internet em um pentium mmx 200MHz com 128 de memoria e hd de 10gb. usando o debian etch, o roteamento da internet fiz da seguinte maneira: a eth0 recebe o sinal da ineternet, a eth1(192.168.0.1) distribui o sinal pra rede. segue o script
#!/bin/bash echo '1' > /proc/sys/net/ipv4/ip_forward #limpando as regras de iptables iptables -F iptables -t nat -F iptables -t mangle -F #mascarando conexoes de rede iptables -t nat -A POSTROUTING -j MASQUERADE #firewall #liberar para um ip #Liberar Ip do chefe: #iptables -A FORWARD -s ip-do-chefe -m layer 7 --l7proto bittorrent -j ACCEPT #iptables -A FORWARD -d ip-do-chefe -m layer 7 --l7proto bittorrent -j ACCEPT #bloquear msn messenger #modprobe ipt_layer7 iptables -A FORWARD -m layer7 --l7proto msnmessenger -j drop iptables -A FORWARD -m layer7 --l7proto msnlivemessenger -j drop #squid #redirecionamento de fluxo para a porta 3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 ok, agora o squid.conf http_port 3128 transparent access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_log /var/log/squid/store.log cache_swap_log /var/log/squid/swap.log hierarchy_stoplist cgi-bin ? cache_mem 16 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 10000 KB minimum_object_size 0 KB maximum_object_size_in_memory 4000 KB #check_hostnames off visible_hostname router error_directory /usr/share/squid/errors/Portuguese access_log none cache_store_log none refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 always_direct allow all acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl purge method PURGE acl proibir_orkut url_regex orkut http_access deny proibir_orkut acl rede src 192.168.1.0/24 acl proibidos url_regex "/etc/squid/proibidos" http_access deny proibidos rede criei um arquivo com nome de proibidos em /et -- linux user nº 432194 Eu sou livre e você?