Em 10/2/2011 14:06, Departamento de TI escreveu: > PREZADOS AMIGOS, BOA TARDE > > ESTOU COM DIFICULDADES PARA BLOQUEAR O MARVADO MSN NA EMPRESA. EU TINHA > FEITO ALGUMAS CONFIGURAÇÕES QUE POR CERTO TEMPO RESOLVEU, MAS AGORA O > MSN CONSEGUIU SE CONECTAR NOVAMENTE. > > JÁ FIZ TODOS OS PROCEDIMENTOS QUE ENCONTREI NA INTERNET, MAS MESMO ASSIM > O PROGRAMA WINDOWS LIVE MESSENGER CONSEGUE CONECTAR. > > SE ALGUEM PUDER ME AJUDAR FICARIA IMENSAMENTE GRATO. > > SEGUE CONFIGURAÇÃO DO MEU SQUID.CONF E LOGO DEPOIS A DO IPFW: >
Meus olhos agradece a educação, por favor ler a netiqueta. > ***************** SQUID.CONF ***************************** > > cache_dir diskd /usr/local/squid/cache 10000 32 512 Q1=72 Q2=64 > http_port 3128 transparent > visible_hostname Shiva > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 901 # swat > acl Safe_ports port 1025-65535 # portas altas > acl purge method PURGE > acl CONNECT method CONNECT > acl bloqueados dstdomain "/usr/local/etc/squid/bloqueados" > acl palavras url_regex -i "/usr/local/etc/squid/palavras" > acl redelocal src 192.168.0.0/24 > acl diretoria src 192.168.0.40 > acl msn_port port 1863 > acl msn_port2 port 5223 > acl serv_msn dst 200.46.110.0/24 > acl serv_msn dst 64.4.13.0/24 > acl app_msn req_mime_type -i ^application/x-msn-messenger$ > acl msn_messenger url_regex -i /gateway/gateway.dll > acl msn_dom dstdomain loginnet.passport.com > acl msn_dom dstdomain messenger.msn.com > acl msn_dom dstdomain messenger.msn.ca > acl msn_dom dstdomain messenger.msn.net > acl msn_dom dstdomain im.sapo.pt > acl msn_dom dstdomain webmessenger.msn.com > acl msn_dom dstdomain c.msn.com > acl msn_dom dstdomain config.messenger.msn.com > acl msn_dom dstdomain login.live.com > acl msn_dom dstdomain amsn-project.net > acl msn_dom dstdomain passport.com > acl msn_dom dstdomain passport.net > > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow diretoria > http_access deny bloqueados > http_access deny palavras > http_access deny CONNECT msn_port > http_access deny msn_port > http_access deny msn_port2 > http_access deny serv_msn > http_access deny app_msn > http_access deny msn_dom > http_access deny msn_messenger > http_access allow localhost > http_access allow redelocal > http_access deny all > > error_directory /usr/local/etc/squid/errors/Portuguese > > > ****************** IPFW *********************** > > 00050 divert 8668 ip4 from any to any via rl0 > 00055 reset tcp from 192.168.0.0/24 to 207.46.0.0/16 dst-port 1863,80 > keep-state > 00057 deny tcp from 192.168.0.0/24 to 65.54.239.142 keep-state > 00060 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port 80 via > ste0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 01000 deny ip from 10.0.0.0/24 to 192.168.0.0/24 > 65000 allow ip from any to any > 65535 deny ip from any to any > > > Agradeço desde já a cooperação... > > Obrigado > > Descomplique com PFSense... a menos que possua algum software especifico no qual não é suportado no mesmo !! Att. ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
