Ajuda a configurar Squid 2.6

Iniciado por wallaceshutt, 17 de Junho de 2008, 13:01

tópico anterior - próximo tópico

wallaceshutt

Olá galera, gostaria de ajuda de vocês, tenho uma conexão via proxy, é fornecido para nós o Proxy e a porta, e atribuido via dhcp, gostaria de montar um servidor linux, Ubuntu 7.10, para filtrar tudo que é acessado na minha rede, to tentando configurar squid.conf 2.6 com as seguintes configurações

___________________________________

################################################
##### Porta, Nome e Cache #####
################################################
#
http_port 5005
visible_hostname uirapuru
#
cache_mem 150 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#
################################################
##### Log #####
################################################
#
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_log /var/squid/logs/cache.log
cache_dir ufs /var/spool/squid 20000 16 256
#
################################################
##### ACLs #####
################################################
#
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
#acl SSL_ports port port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
#
################################################
##### Direitos de Acessos #####
################################################
#
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#
################################################
## USANDO NCSA_AUTH ##
################################################
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic realm Servidor Proxy de Internet João Paulo. Entre com seu usuário e Senha.
#auth_param basic children 5
#
################################################
## AUTENTICAÇÃO ##
################################################
#
acl autenticados proxy_auth REQUIRED
#
################################################
## BLOQUEAR PALAVRAS ##
################################################
#
acl acesso_full proxy_auth "/etc/squid/acessos/acesso_full"
acl bloquear_palavras url_regex -i "/etc/squid/bloqueios/bloquear_palavras"
deny_info http://www.vivaolinux.com.br/~jpaulo_farias bloquear_palavras
#
################################################
## BLOQUEIA O MESSENGER ##
################################################
#
acl bloquear_msn dstdomain "/etc/squid/bloqueios/bloquear_msn"
acl acesso_msn proxy_auth "/etc/squid/acessos/acesso_msn"
http_access allow acesso_msn bloquear_msn
http_access deny bloquear_msn
deny_info http://www.vivaolinux.com.br/~jpaulo_farias bloquear_msn
#
################################################
## BLOQUEIA ORKUT ##
################################################
#
acl bloquear_orkut url_regex -i "/etc/squid/bloqueios/bloquear_orkut"
acl acesso_orkut proxy_auth "/etc/squid/acessos/acesso_orkut"
http_access allow acesso_orkut bloquear_orkut
http_access deny bloquear_orkut
deny_info http://www.vivaolinux.com.br/~jpaulo_farias bloquear_orkut
#
################################################
## BLOQUEIA GOOGLE TALK ##
################################################
#
acl bloquear_googletalk url_regex -i "/etc/squid/bloqueios/bloquear_googletalk"
acl acesso_googletalk proxy_auth "/etc/squid/acessos/acesso_googletalk"
http_access allow acesso_googletalk bloquear_googletalk
http_access deny bloquear_googletalk
deny_info http://www.vivaolinux.com.br/~jpaulo_farias bloquear_googletalk
#
################################################
## CONTROLE DE BANDA ##
################################################
#
acl livre proxy_auth "/etc/squid/acessos/acesso_banda"
acl block src 10.10.0.0/255.255.0.0
delay_pools 2
#
# Classe 1 - Acesso a Internet a 512k
#
delay_class 1 2
delay_parameters 1 -1/-1 69000/69000
#
# Classe 2 - Acesso a Internet a 180k
#
delay_class 2 2
delay_parameters 2 -1/-1 22500/22500
delay_access 1 allow livre
delay_access 2 allow block
#
http_access allow autenticados acesso_full
http_access allow acesso_full bloquear_palavras
http_access deny bloquear_palavras
#
acl redelocal src 10.10.0.0/255.255.0.0
http_access allow localhost
http_access allow redelocal
#
http_access deny all
___________________________________


Estou indo no caminho certo ?
oque está errado, os ips aqui são na faixa de 10.101.6.10 até 10.101.6.100.
Proxy que é nos fornecido para acessar internet 10.103.2.4.
Instalei os pacotes,

Apache2
PHP5
Bind9

rafasnn

Macbook Pro 2,33 4GB 250GB
iPhone 8GB

wallaceshutt

Citação de: rafasnn online 17 de Junho de 2008, 13:50
wallaceshutt,

bem-vindo ao fórum!!!

acho que isso vai te ajudar
http://ubuntuforum-br.org/index.php/topic,36220.0.html

http://www.guiadohardware.net/tutoriais/configurando-servidor-proxy-squid/

http://www.guiadohardware.net/tutoriais/servidor-linux-domestico/pagina3.html

espero ter ajudado!



O primeiro link ajudou bastante era oque eu estava procurando agora, vou da um lida e procurar a entender melhor pra começar a configura.
Voce mexe em squid ?

rafasnn

wallaceshutt,

utilizo o squid sim aqui na empresa com proxy transparente sem problemas...
Macbook Pro 2,33 4GB 250GB
iPhone 8GB

wallaceshutt

Citação de: rafasnn online 18 de Junho de 2008, 23:52
wallaceshutt,

utilizo o squid sim aqui na empresa com proxy transparente sem problemas...


Ok, rafasnn  consegui configurar para passa a internet pelo meu servidor, só que estou tendo alguns problemas na hora de entrar em EMAIL que no caso tenho que loga-se, Você tem alguma sugestão ?
Abração