Bruno, Tente este meu tuto ae:
http://bi0os.blogspot.com/2010/04/openbsd-with-squidnamed.html Fiz exatamente isto a uns dias atras e funcionou sem problemas. ./flw -- [*] CCNA Certified [*] LPIC-1 Certified [*] Security Enthusiast On 05/07/2010 10:45 AM, Bruno Torres Viana wrote: > Senhores, > > Estou tomando uma surra aqui para configurar um proxy transparent com PF e > Squid 2.7, se eu colocar no browser o proxy manual funciona, funciona telnet > também na porta 3128 tanto da máquina quanto do servidor. Alguém pode dar > uma luz? Segue: > > PF.CONF > > # Placas de rede > ext_if="rl0" #External interface firewall > int_if="nfe0" #Internal interface firewall > web = "{ www, 8080, 8000 }" > internal_net = "192.168.24.0/24" > external_net = "192.168.1.0/24" > caixa = "{ 200.201.173.68 200.201.166.240 }" > > set skip on lo > scrub in all > > nat on $ext_if from $internal_net to any -> ($ext_if) > no rdr on $int_if proto tcp from any to $caixa > rdr pass log on $int_if proto tcp from any to any port $web -> 127.0.0.1 > port 3128 > pass in log on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep > state > > block log all > block out quick log on $ext_if proto { tcp, udp } from any to any port 161 > > # Regra de antispoof para interface interna > antispoof log quick for { lo $int_if } inet > > # Aceita saida da loopback > pass out on lo from lo0 to lo0 keep state > pass out from {lo0, $ext_if} to any keep state > > # Aceita trafego na rede interna > pass log on $int_if from $internal_net to $internal_net > > # Aceita trafego de saida na interface externa com regras statefull > pass log proto tcp from { $internal_net, $external_net } to any port < 1024 > modulate state flags S/SA > pass out log on $ext_if proto { udp, icmp } all keep state > pass in log on $int_if proto { udp, icmp } all keep state > > > SQUID.CONF > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 > acl all src all > acl localnet src 192.168.24.0/24 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localnet > icp_access allow localnet > icp_access deny all > http_port 3128 transparent *JÁ COLOQUEI http_port > 127.0.0.1:3128transparent TAMBÉM > * > hierarchy_stoplist cgi-bin ? > access_log /var/log/squid/access.log squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern (cgi-bin|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > icp_port 3130 > coredump_dir /usr/local/squid/cache > > > Obrigado! > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
