Bom dia pessoal,
alguém poderia me dar uma ajuda com o squid e o iptables.
Fiz minhas configurações do squid e setei na maquina que estou o o ip do proxy como gateway patrao, porei ele nao faz nem um bloquei. Ele so bloqueia se eu colocar o proxy manualmente no IE. So que assim ele bloqueia a porta 443 (https), ai nem o msn funciona.
Segue arquivo do squid.
http_port 3128 transparent
visible_hostname ubuntu
cache_mem 100 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 75
cache_swap_high 95
cache_dir ufs /var/spool/squid/cache 2048 16 256
#cache_dir ufs /var/spool/squid/cache2 2048 16 256
#cache_dir ufs /var/spool/squid/cache3 2048 16 256
#cache_dir ufs /var/spool/squid/cache4 2048 16 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl all src 0.0.0.0/0.0.0.0
acl manager proto chache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 7171
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535 7171
acl purge method PURGE
acl CONNECT method CONNECT
#
#Bloqueia sites proibidos
acl bloqueados url_regex -i "/etc/squid/bloqueados"
http_access deny bloqueados
#
#Bloqueia palabras proibidas
acl palavrasproibidas dstdom_regex "/etc/squid/palavrasproibidas"
http_access deny palavrasproibidas
#
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
acl redelocal src 192.168.100.0/24
http_access allow localhost
http_access allow redelocal
http_access allow all
http_access deny all
Iptables (coloquei ele no rc.local para inicializar com sistema).
#!/bin/sh -e
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --drop 3128 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# By default this script does nothing.
#exit 0
exit 0
uso ubuntu server 10.4.
