Amigos...
seguinte...tenho um squid , com proxy transparente...funciona na boa...http...
porém quando caio em https...danou-se...dei uma boa procurada na internet...e nao encontrei nada q resolvesse....na verdade sou iniciante em linux/iptables, talvez até passei por alguma solução...e nem vi....
vamos lá...coloquei meu script da seguinte forma:
Código :#!/bin/bash IPT='/sbin/iptables' echo 1 > /proc/sys/net/ipv4/ip_forward modprobe iptable_nat # Limpando as tabelas $IPT -F $IPT -t nat -F $IPT -t mangle -F $IPT -t filter -P INPUT ACCEPT $IPT -t filter -P OUTPUT ACCEPT $IPT -t filter -P FORWARD ACCEPT $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t mangle -P PREROUTING ACCEPT $IPT -t mangle -P OUTPUT ACCEPT $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A INPUT -m state -i lo --state NEW -j ACCEPT $IPT -A INPUT -m state -i eth0 --state NEW -j ACCEPT $IPT -A INPUT -m state -i eth1 --state NEW -j ACCEPT $IPT -A FORWARD -m state -i eth0 --state NEW -j ACCEPT $IPT -A FORWARD -m state -i eth1 --state NEW -j ACCEPT $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A INPUT -i lo -j ACCEPT $IPT -t nat -A POSTROUTING -o eth1 -j MASQUERADE $IPT -A FORWARD -s 192.168.0.0/24 -p tcp --dport 443 -j ACCEPT $IPT -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j REDIRECT --to-port 3128 $IPT -t nat -A PREROUTING -p tcp -i eth1 --dport 443 -j REDIRECT --to-port 3128 $IPT -t nat -A PREROUTING -p udp -i eth1 --dport 443 -j REDIRECT --to-port 3128
o meu squid ja esta configurado para o proxy transparente...
mas de qualquer forma vou posta-lo aqui...posso achar q esta correto e talvez nao esteja:
squid:
Código :visible_hostname frlinux http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 8 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB minimum_object_size 0 KB maximum_object_size_in_memory 8 KB ipcache_size 1024 ipcache_low 90 ipcache_high 95 cache_dir ufs /var/spool/squid 100 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log pid_filename /var/run/squid.pid hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl REDE src "/slave/squid/rede_liberada.txt" acl NEGADOS url_regex -i "/negados.txt" http_access deny NEGADOS REDE http_access allow REDE http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all coredump_dir /var/spool/squid httpd_accel_port 80 httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on
a minha placa de rede..interna é a eth1 e a da internet a eth0...
se alguem puder me ajudar...
abraços