N�o vale rir. Estou implantando um Squid na empresa onde trabalho e as mudan�as devem ser gradativas para os usu�rios. Tudo funciona legal, os filtros para sites e palavras, por�m o MSN n�o funciona, nem via programa e nem pelo site msn.com.br, messenger.com.br, etc etc "Ainda" n�o posso cortar o MSN dos usuarios, o que pode estar errado ? Uso Red Hat 8.0 e Squid/2.4.STABLE7, na etho 192.168.0.? e na eth1 o ip 10.0.0.??? que sai para a ADSL com um alias pro 200.200.200.200 Abaixo, meu rc.local e squid.conf.
Obrigado a todos. MAURICIO LANDUCCI Analista de Suporte Joinville, SC --- touch /var/lock/subsys/local echo 1 > /proc/sys/net/ipv4/ip_forward modprobe ip_conntrack_ftp modprobe ip_nat_ftp modprobe iptable_nat ifconfig -a eth1:1 200.200.200.200 netmask 255.255.255.0 iptables -F iptables -A INPUT -i eth0 -p tcp --destination-port 80:6000 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --destination-port 80:6000 -j ACCEPT # MSN iptables -A FORWARD -i eth0 -p tcp --dport 1863 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp -d 65.54.179.0/24 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp -d 0/0 --dport 4200:6000 -j ACCEPT # IRC iptables -A FORWARD -d 0/0 -p tcp --dport 6667:6700 -j REJECT iptables -A FORWARD -d 0/0 -p udp --dport 1050:1060 -j REJECT # Terra Chat - porta 9781 iptables -A FORWARD -d 0/0 -p tcp --dport 9781 -j REJECT # Masquerade + Squid iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.255.0 -d 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -s 10.0.0.0/255.0.0.0 -d 0/0 -j ACCEPT iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -m multiport -s 192.168.0.0/255.255.255.0 --dport 80,443 -i eth0 -j REDIRECT --to-ports 3128 --- acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_Ports port 25 # pop acl Safe_Ports port 110 # smtp acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 1863 # MSN acl CONNECT method CONNECT acl usuarios proxy_auth REQUIRED acl bad_sites dstdom_regex "/etc/squid/bad_sites" acl porn url_regex -i "/etc/squid/porn" acl noporn url_regex -i "/etc/squid/noporn" acl messenger url_regex -i gateway.dll acl passport url_regex -i login.passport.com http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow usuarios noporn http_access allow usuarios !porn !bad_sites http_access deny porn http_access deny bad_sites http_access allow messenger all http_access allow passport all http_access allow all icp_access allow all cache_mgr [EMAIL PROTECTED] visible_hostname [EMAIL PROTECTED] --------------------------------------------------------------------------- Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br Regras de utiliza��o da lista: http://linux-br.conectiva.com.br FAQ: http://www.zago.eti.br/menu.html
