Boa tarde estimada lista, eu estou tentando fazer rodar o squid de acordo no Fedora 10, mas tem algumas coisas erradas, nao consigo descobrir onde está o erro, veja o que fiz.
instalei o squid, setei algumas regras, ele funciona, faz proxy, as maquinas da rede funcionam certinho, mas quando reinicio o servidor, o proxy para, mesmo estando inserido na inicialização do sistema, eu tenho que entrar no terminal como root e executar service squid restart e restartar tambem o firewall, , daí ele funciona. quero tambem ter um controle melhor das ACL´s, por ex: a maquina com ip final 3 acessar somente um site, e nada mais, as demais da rede, podem acessar o que quizer. veja o arquivo de configuração: # The port on which squid will listen for requests http_port IP_Servidor:Porta # If 'cgi-bin' or '?' is in query, squid should not check with neighbours'/parents' cache # and should go to target web-server. hierarchy_stoplist cgi-bin ? # If url contains 'cgi-bin' or '?', then it must not be cached acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache # Absolute path to squid access log. access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # Access control list to control every IP address acl all src 0.0.0.0/0.0.0.0 # Access control list for source machine in LAN acl lan_src src 192.168.0.0/16 # Access control list for destination machine in LAN acl lan_dst dst 192.168.0.0/16 # Access control list to manage squid cache acl manager proto cache_object # Access control list to define IP address allowed for source localhost acl localhost src 127.0.0.1/255.255.255.255 # Access control list to define IP addresses allowed for localhost as destination acl to_localhost dst 127.0.0.0/8 # Access control list to define Safe ports that should be allowed by default acl SSL_ports port 443 563 1863 5190 5222 5050 6667 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Allow cache management only from localhost http_access allow manager localhost # Deny cache management from remote hosts http_access deny manager # Deny http access via all the ports which are not listed as safe http_access deny !Safe_ports # Deny all connections via all ports which are not listed as safe http_access deny CONNECT !SSL_ports # Allow http access from localhost http_access allow localhost # Allow http access from machines on LAN http_access allow lan_src http_access deny all http_reply_access allow all icp_access allow all # Deny caching for everyone so that there is not caching at all cache deny all coredump_dir /var/spool/squid # Never allow direct connection to machines on the internet prefer_direct off never_direct allow all # Allow direct connetion if the destination machine is on LAN always_direct allow lan_dst # Delete this line if you don't have /etc/hosts file hosts_file /etc/hosts # Allow AIM connections # Allow connections to MSN # Delete the following 6 lines if you don't want people to connect to Google Talk acl MSN_ports port 1863 443 1503 acl MSN_domains dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com .passport.com acl MSN_hosts dstdomain messenger.hotmail.com acl MSN_nets dst 207.46.111.0/255.255.255.0 acl MSN_methods method CONNECT http_access allow MSN_methods MSN_ports MSN_hosts # IP's dos funcionários q tem acesso total acl ip_liberados src "/etc/squid/ip_liberados.txt" # Arquivo c/ IP's dos funcionários restrito acl ip_restrito src "/etc/squid/ip_restrito.txt" # lista de sites do ip_restrito acl ip_restrito_sites dstdomain "/etc/squid/ip_restrito_sites.txt" # Arquivo c/ IP's dos funcionários que acessa bancos acl bancos src "/etc/squid/ip_bancos.txt" # bancos liberados pra bancos.txt acl BANCOS_SITES dstdomain "/etc/squid/ip_bancos_sites.txt" #Default configuration: http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # acl pra sites direto, não passar pelo cache acl NOCACHE url_regex "/etc/squid/direto.txt" \? no_cache deny NOCACHE # acl pra bloquear palavras nos endereços e liberar excessões acl negapalavra url_regex "/etc/squid/negapalavra.txt" acl liberapalavra url_regex "/etc/squid/liberapalavra.txt" http_access allow liberapalavra all http_access deny negapalavra all # Pra liberar a ACL que libera o ip interno 192.168.1.3 #http_access allow ipinterno all http_access allow ip_liberados http_access allow ip_restrito ip_restrito_sites http_access allow bancos BANCOS_SITES http_access deny all com essas regras, depois de reinciado o squid e o firewall com usuario root, todas as maquinas da rede acessam tudo. se alguem ja teve esse problema, agradeço qualquer comentario. grato.. -- É inutil buscar uma solução, enquanto que a solução está em endireitar o caminho. (Deuzenildo) www.supremavision.com.br --------------------------------------------------------------------------- Esta lista é patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br Regras de utilização da lista: http://linux-br.conectiva.com.br FAQ: http://www.zago.eti.br/menu.html
