Squid: alterei apenas uma linha e parou de funcionar

[Ike]

Prezados,

meu Squid funcionava com proxy transparente junto com o Iptables. Ontem, alterei uma regra (na parte em vermelho) que determinava o horário de acesso. Apenas comentei a linha(#) e a partir daí ninguém mais na rede conseguiu navegar na internet. Descomentei a linha, mas o problema persistiu. Consigo, da máquinas clientes (winxp) pingar sites sem problema, mas a navegação não rola.

Peço a gentileza de criticarem meu arquivo squid.conf na busca da solução. Segue:

http_port 3128 transparent

dns_nameservers 10.0.0.1 200.213.4.114

visible_hostname server1

client_netmask 255.255.255.0 # mcara da rede

# Regras de cache

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 240 MB
maximum_object_size_in_memory 500 KB

maximum_object_size 20 MB
minimum_object_size 0 KB

cache_swap_low 90
cache_swap_high 95

cache_dir ufs /var/spool/squid 2048 64  256

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


# Localizao do log de acessos do Squid
cache_access_log /var/log/squid/access.log

refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 10.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 53 # dns
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

deny_info http://www.cobrance.com.br manager
deny_info http://www.cobrance.com.br purge
deny_info http://www.cobrance.com.br !Safe_ports
deny_info http://www.cobrance.com.br CONNECT !SSL_ports

#IP Liberados

acl ADM src "/etc/squid/ips_liberados"

http_access allow ADM

# http_access allow
acl liberados dstdom_regex "/etc/squid/dominios"
http_access allow liberados

# Horarios
acl dominios1 dstdom_regex "/etc/squid/dominios1"
acl h_manha time MTWHF 12:00-13:30
acl h_tarde time MTWHF 18:00-19:00
http_access allow dominios1 h_manha
http_access allow dominios1 h_tarde

# Bloqueia MSN
acl msn_src src 10.0.0.0/255.255.255.0
acl msn_port port 1863
acl msn_port2 port 5223
acl serv_msn dst 65.55.197.0/24
acl serv_msn dst 207.46.0.0/16
acl serv_msn dst 200.46.110.0/24
acl serv_msn dst 64.4.13.0/24
acl app_msn req_mime_type -i ^application/x-msn-messenger$
acl msn_messenger url_regex -i gateway.dll
acl msn_dom dstdomain loginnet.passport.com
acl msn_dom dstdomain messenger.msn.com
acl msn_dom dstdomain messenger.msn.ca
acl msn_dom dstdomain messenger.msn.net
acl msn_dom dstdomain im.sapo.pt
acl msn_dom dstdomain webmessenger.msn.com
acl msn_dom dstdomain c.msn.com
acl msn_dom dstdomain config.messenger.msn.com
acl msn_dom dstdomain login.live.com
acl msn_dom dstdomain amsn-project.net

acl liberados_msn src "/etc/squid/ips_liberados"

http_access deny msn_src !liberados_msn
http_access deny CONNECT msn_port !liberados_msn
http_access deny msn_port !liberados_msn
http_access deny msn_port2 !liberados_msn
http_access deny serv_msn !liberados_msn
http_access deny app_msn !liberados_msn
http_access deny msn_dom !liberados_msn
http_access deny msn_messenger !liberados_msn

dns_nameservers 10.0.0.1
dns_nameservers 208.67.222.220
dns_nameservers 201.10.1.2
dns_nameservers 201.10.120.3
dns_nameservers 200.204.0.138
dns_nameservers 200.204.0.10
dns_nameservers 200.177.96.11
dns_nameservers 200.176.128.153
dns_nameservers 200.176.2.10
dns_nameservers 200.176.2.12

# Bloqueia acessos externos
http_access deny all

# Erro
error_directory /usr/share/squid/errors/Portuguese
#error_map http://www.cobrance.com.br/index.php 403