Amigos,
Instalei o debina, coloquei o squid + iptables, navego numa boa, mas não baixo as mensagens no outlook ( porta 25 e 110 ) não conecta pelo telnet.
Squid.conf
#http_port 3128
http_port 3128 transparent
visible_hostname debian.number.com.br
# Configuração do cache
cache_mem 128 MB
#maximum_object_size_in_memory 1536 KB
maximum_object_size 4096 KB
#minimum_object_size 0 KB
cache_swap_low 95
cache_swap_high 98
cache_dir ufs /var/spool/squid 800 32 32
# Localização do log de acessos do Squid
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
connect_timeout 30 seconds
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Libera acessos na hora que quiser (horaliberada)
#acl almoco time 12:00-14:00
#http_access allow horaliberada
# Regra para bloquear por palavras, arquivo em porn.txt
acl porn dstdom_regex "/etc/squid/porn.txt"
http_access deny porn
# Regra para liberar por palavras, arquivo em noporn.txt
acl noporn dstdom_regex "/etc/squid/noporn.txt"
http_access allow noporn
# Regra para Bloquear por domínio
#acl bloqueados dstdomain orkut.com
www.orkut.com playboy.abril.com.br
#http_access deny bloqueados
# Autenticação dos usuários
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#acl autenticados proxy_auth REQUIRED
#http_access allow autenticados
# Libera para a rede local
acl redelocal src 192.168.0.0/24
http_access allow localhost
http_access allow redelocal
# Bloqueia acessos externos
http_access deny all
# Proxy transparente
#httpd_accel_host virtual
#httpd_accel_port 80
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
cache_mgr
[email protected]
cache_effective_user squid
cache_effective_group squid
iptables.up.rules
# Generated by iptables-save v1.3.6 on Tue Sep 25 11:59:43 2007
*nat
:PREROUTING ACCEPT [4461:1258346]
:POSTROUTING ACCEPT [241:22746]
:OUTPUT ACCEPT [253:23976]
-A PREROUTING -d 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 200.187.64.134
-A PREROUTING -d 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 110 -j DNAT --to-destination 200.187.64.133
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j SNAT --to-source 200.201.158.110
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE
#-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j MASQUERADE
COMMIT
# Completed on Tue Sep 25 11:59:43 2007
# Generated by iptables-save v1.3.6 on Tue Sep 25 11:59:43 2007
*mangle
:PREROUTING ACCEPT [6707:1907215]
:INPUT ACCEPT [2836:733195]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2490:1178774]
:POSTROUTING ACCEPT [2600:1192994]
COMMIT
# Completed on Tue Sep 25 11:59:43 2007
# Generated by iptables-save v1.3.6 on Tue Sep 25 11:59:43 2007
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 53 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/255.255.255.0 --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 3128 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 137:139 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.0.0/255.255.255.0 --dport 137:139 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 1080 -j ACCEPT
-A INPUT -p tcp --dport 1080 -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 1080 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 563 -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 3128 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p udp -s 192.168.0.0/24 -d 200.170.225.11 --dport 53 -j ACCEPT
-A FORWARD -p udp -s 200.170.225.11 --sport 53 -d 192.168.0.0/24 -j ACCEPT
-A FORWARD -p udp -s 192.168.0.0/24 -d 200.195.247.216 --dport 53 -j ACCEPT
-A FORWARD -p udp -s 200.195.247.216 --sport 53 -d 192.168.0.0/24 -j ACCEPT
-A FORWARD -d 192.168.0.0/255.255.255.0 -i eth1 -o eth0 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -o eth1 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -d 192.168.0.10 -j ACCEPT
-A FORWARD -p TCP -s 192.168.0.0/24 --dport 25 -j ACCEPT
-A FORWARD -p TCP -s 192.168.0.0/24 --dport 110 -j ACCEPT
-A FORWARD -p tcp --sport 25 -j ACCEPT
-A FORWARD -p tcp --sport 110 -j ACCEPT
# -A FORWARD -p tcp -d mail.number.com.br -i eth0 --dport 25 -j ACCEPT
-A FORWARD -p tcp -d 200.187.64.134 -i eth0 --dport 25 -j ACCEPT
# -A FORWARD -p tcp -d smtp.ig.com.br -i eth0 --dport 25 -j ACCEPT
-A FORWARD -p tcp -d 200.226.132.230 -i eth0 --dport 25 -j ACCEPT
-A FORWARD -p tcp -i eth0 --dport 53 -j ACCEPT
-A FORWARD -p udp -i eth0 --dport 53 -j ACCEPT
# -A FORWARD -p tcp -d pop.number.com.br -i eth0 --dport 110 -j ACCEPT
-A FORWARD -p tcp -d 200.187.64.133 -i eth0 --dport 110 -j ACCEPT
# -A FORWARD -p tcp -d pop.ig.com.br -i eth0 --dport 110 -j ACCEPT
-A FORWARD -p tcp -d 200.226.132.13 -i eth0 --dport 110 -j ACCEPT
-A FORWARD -p tcp -i eth0 --dport 3128 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 25 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 110 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.0.0/255.255.255.0 --dport 1080 -j ACCEPT
-A FORWARD -p tcp -s 192.168.0.0/24 --dport 443 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
COMMIT
# Completed on Tue Sep 25 11:59:43 2007
Me mostrem o que falta ou o que está errado, não consigo mais achar nada.
obrigado