Tive problemas com o squid 2.6.x em um cliente fazendo a mesma coisa que voce, a solução foi baixar pra versão 2.5.x, outro detale utilizei ipfw, segue o squid.conf e a regra.
squid.conf --------------------------------------------------- http_port 8181 icp_port 0 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB cache_swap_low 90 cache_swap_high 95 cache_effective_user squid cache_effective_group squid maximum_object_size 512 MB minimum_object_size 0 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_dir diskd /usr/local/squid/cache 2048 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log none cache_swap_log /usr/local/squid/logs/swap.log logfile_rotate 2 redirect_rewrites_host_header off cache_replacement_policy GDSF emulate_httpd_log off pid_filename /usr/local/squid/logs/squid.pid debug_options ALL,1 log_fqdn on refresh_pattern ^ftp: 15 20% 2280 refresh_pattern ^gopher: 15 0% 2280 refresh_pattern . 15 20% 2280 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localnet src 192.168.17.0/255.255.255.0 http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access deny all httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_mgr [EMAIL PROTECTED] visible_hostname http://www.freebsdconsult.com.br memory_pools on forwarded_for on log_icp_queries off buffered_logs on icon_directory /usr/local/etc/squid/icons error_directory /usr/local/etc/squid/errors/Portuguese mime_table /usr/local/etc/squid/mime.conf -------------------------------------------------------- Regra ipfw /sbin/ipfw add 500 allow tcp from me to any dst-port 80 /sbin/ipfw add 600 fwd 127.0.0.1,8181 tcp from 192.168.17.0/24 to any dst-port 80 OBS : http_access allow all > Voce pretende liberar sua proxy da rede interna pra qualquer pessoa fora da rede utilizar ? O correto é Deny pra não terem acesso externo. Abraço. 2008/1/27, multnick <[EMAIL PROTECTED]>: > > Ola galera, > > Estou com pequeno problema para deixar o proxy transparent. > Compilei kernel com suporte a pf. > Compilei o squid via ports versao 2.6.18 com suporte a pf. > No squid.conf setei: > > http_port 3128 transparent > > Criei acl para a rede interna: > > acl redeinterna src 10.0.0.1 > > E liberei: > > http_access allow all > > No arquivo pf.conf setei. > rdr pass on xl1 proto tcp from any to any port 80 -> 127.0.0.1 port 3128 > > Sendo que: > xl0 = 192.168.1.1 -> saida modem DLS. > xl1 = 10.0.0.1 -> rede interna. > > Maq. da rede interna com IP 10.0.0.2 Mask 255.0.0.0 Gateway 10.0.0.1. > > Essa config, nao esta navegando por transparent, porem se eu coloco o IP > 10.0.0.1 no Navegador abre pagina normal. > > Desde ja' agradeco. > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd