+ Responder ao Tópico



  1. Lembrando que meu Pc de teste tem ip: 192.168.254.92


    # Meu squid


    http_port 3128
    visible_hostname willy
    error_directory /usr/share/squid/errors/Portuguese/
    cache_mem 64 MB
    maximum_object_size_in_memory 64 KB
    maximum_object_size 512 MB
    minimum_object_size 0 KB
    cache_swap_low 90
    cache_swap_high 95
    cache_dir ufs /var/spool/squid 2048 16 256
    cache_access_log /var/log/squid/access.log
    refresh_pattern ^ftp: 15 20% 2280
    refresh_pattern ^gopher: 15 0% 2280
    refresh_pattern . 15 20% 2280
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
    acl purge method PURGE
    acl CONNECT method CONNECT


    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports


    # LIBERA O ACESSO NA HORA DO ALMOÇO
    acl almoco time 12:00-13:00
    http_access allow almoco


    # DEFINE O CAMINHO DO ARQUIVO DE IPS LIBERADOS
    acl ip_liberados src "/etc/squid/acls/ips_liberados"
    http_access allow ip_liberados
    #usuarios_liberados


    # DEFINE O CAMINHO DO ARQUIVO DE SITES BLOQUEADOS
    acl sites_bloqueados url_regex -i "/etc/squid/acls/sites_bloqueadas"
    http_access deny sites_bloqueados


    # DEFINE O CAMINHO DO ARQUIVO DE PALAVRAS BLOQUEADAS
    acl palavras_bloqueadas dstdom_regex "/etc/squid/acls/palavras_bloqueadas"
    http_access deny palavras_bloqueadas




    acl redelocal src 192.168.1.0/24
    http_access allow localhost
    http_access allow redelocal
    http_access deny all

  2. # Log do squid

    1317917730.534 0 192.168.254.91 TCP_DENIED/400 2169 GET NONE:// - NONE/- text/html
    1317917735.867 0 192.168.254.91 TCP_DENIED/400 2169 GET NONE:// - NONE/- text/html
    1317917742.209 0 192.168.254.91 TCP_DENIED/400 2059 GET NONE:// - NONE/- text/html
    1317918119.678 0 192.168.254.92 TCP_DENIED/400 2177 GET NONE:// - NONE/- text/html
    1317918133.486 1004 192.168.254.92 TCP_MISS/200 16204 GET Google - DIRECT/74.125.234.116 text/html
    1317918134.090 641 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/images/icon.../chrome-48.png - DIRECT/74.125.234.115 -
    1317918134.109 661 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/images/close_sm.gif - DIRECT/74.125.234.113 -
    1317918134.126 676 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/images/modu...bo-basic-1.gif - DIRECT/74.125.234.112 -
    1317918134.138 648 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/images/modu...bo-basic-2.gif - DIRECT/74.125.234.114 -
    1317918134.432 284 192.168.254.92 TCP_CLIENT_REFRESH_MISS/304 321 GET http://www.google.com.br/extern_js/f...3qKwwEoaSRk.js - DIRECT/74.125.234.114 -
    1317918134.494 10 192.168.254.92 TCP_MISS/000 0 GET http://clients1.google.com.br/generate_204 - DIRECT/clients1.google.com.br -
    1317918134.500 402 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/textinputassistant/tia.png - DIRECT/74.125.234.115 -
    1317918134.519 406 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/intl/en_com...rpr/logo1w.png - DIRECT/74.125.234.113 -
    1317918134.539 405 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/images/srpr/nav_logo80.png - DIRECT/74.125.234.112 -
    1317918134.964 412 192.168.254.92 TCP_MISS/304 332 GET http://www.google.com.br/images/srpr/nav_logo80.png - DIRECT/74.125.234.112 -
    1317918134.982 427 192.168.254.92 TCP_MISS/204 401 GET http://www.google.com.br/csi? - DIRECT/74.125.234.113 image/gif
    1317918144.196 0 192.168.254.95 TCP_DENIED/400 1933 GET NONE:// - NONE/- text/html
    1317918147.209 0 192.168.254.95 TCP_DENIED/400 1936 GET NONE:// - NONE/- text/html
    1317918150.223 0 192.168.254.95 TCP_DENIED/400 1917 GET NONE:// - NONE/- text/html
    1317918258.396 702 192.168.254.92 TCP_MISS/200 929 GET http://clients1.google.com.br/complete/search? - DIRECT/74.125.234.96 text/javascript
    1317918258.591 753 192.168.254.92 TCP_MISS/200 960 GET http://clients1.google.com.br/complete/search? - DIRECT/74.125.234.103 text/javascript
    1317918258.760 774 192.168.254.92 TCP_MISS/200 946 GET http://clients1.google.com.br/complete/search? - DIRECT/74.125.234.107 text/javascript
    1317918258.854 716 192.168.254.92 TCP_MISS/200 1007 GET http://clients1.google.com.br/complete/search? - DIRECT/74.125.234.104 text/javascript
    1317918260.059 884 192.168.254.92 TCP_MISS/200 5855 GET Google - DIRECT/74.125.234.116 text/html
    1317918260.068 1 192.168.254.92 TCP_MISS/000 0 GET Google - DIRECT/www.google.com.br -
    1317918261.395 1318 192.168.254.92 TCP_MISS/200 34027 GET Google - DIRECT/74.125.234.115 text/html
    1317918261.996 551 192.168.254.92 TCP_MISS/204 310 GET http://clients1.google.com.br/generate_204 - DIRECT/74.125.234.109 text/html
    1317919351.617 0 192.168.254.95 TCP_DENIED/400 1933 GET NONE:// - NONE/- text/html
    1317919354.631 0 192.168.254.95 TCP_DENIED/400 1936 GET NONE:// - NONE/- text/html
    1317919357.650 5 192.168.254.95 TCP_DENIED/400 1917 GET NONE:// - NONE/- text/html
    1317919938.010 1097 192.168.254.92 TCP_MISS/200 16512 GET Google - DIRECT/74.125.234.114 text/html
    1317919938.117 0 192.168.254.92 TCP_MISS/000 0 GET http://clients1.google.com.br/generate_204 - DIRECT/clients1.google.com.br -
    1317919938.813 706 192.168.254.92 TCP_MISS/200 931 GET http://www.google.com.br/compressiontest/gzip.html - DIRECT/74.125.234.116 text/html
    1317919938.842 691 192.168.254.92 TCP_MISS/204 401 GET http://www.google.com.br/csi? - DIRECT/74.125.234.113 image/gif
    1317921295.852 1219 192.168.254.92 TCP_MISS/200 16512 GET Google - DIRECT/74.125.234.115 text/html
    1317921296.958 1013 192.168.254.92 TCP_MISS/200 929 GET http://www.google.com.br/compressiontest/gzip.html - DIRECT/74.125.234.114 text/html
    1317921297.001 1018 192.168.254.92 TCP_MISS/204 401 GET http://www.google.com.br/csi? - DIRECT/74.125.234.116 image/gif
    1317921558.311 2029 192.168.254.92 TCP_MISS/200 16512 GET Google - DIRECT/74.125.234.116 text/html
    1317921558.992 504 192.168.254.92 TCP_MISS/000 0 GET http://www.google.com.br/csi? - DIRECT/74.125.234.115 -
    1317921558.992 526 192.168.254.92 TCP_MISS/000 0 GET http://clients1.google.com.br/generate_204 - DIRECT/74.125.234.102 -
    1317921558.995 544 192.168.254.92 TCP_MISS/000 0 GET http://www.google.com.br/compressiontest/gzip.html - DIRECT/74.125.234.113 -
    1317922082.526 1517 192.168.254.92 TCP_MISS/200 16512 GET Google - DIRECT/74.125.234.114 text/html
    1317922083.734 1127 192.168.254.92 TCP_MISS/200 934 GET http://www.google.com.br/compressiontest/gzip.html - DIRECT/74.125.234.115 text/html
    1317922083.739 1094 192.168.254.92 TCP_MISS/204 401 GET http://www.google.com.br/csi? - DIRECT/74.125.234.112 image/gif
    1317922089.549 172 192.168.254.92 TCP_MISS/000 0 GET http://clients1.google.com.br/complete/search? - DIRECT/clients1.google.com.br -
    1317922089.550 474 192.168.254.92 TCP_MISS/000 0 GET http://clients1.google.com.br/complete/search? - DIRECT/74.125.234.99 -
    1317922089.846 171 192.168.254.92 TCP_MISS/000 0 GET http://clients1.google.com.br/complete/search? - DIRECT/clients1.google.com.br -
    1317922090.298 774 192.168.254.92 TCP_MISS/200 952 GET http://clients1.google.com.br/complete/search? - DIRECT/74.125.234.101 text/javascript
    1317922091.719 1866 192.168.254.92 TCP_MISS/200 38875 GET Google - DIRECT/74.125.234.112 text/html
    1317922091.764 860 192.168.254.92 TCP_MISS/200 1900 GET http://news.google.com.br/news/tbn/nJtT0IWHnE0J - DIRECT/74.125.234.108 image/jpeg
    1317922092.174 1027 192.168.254.92 TCP_MISS/200 3143 GET http://img.youtube.com/vi/1Iuy0nbFlPg/default.jpg? - DIRECT/74.125.234.107 image/jpeg
    1317922092.511 735 192.168.254.92 TCP_MISS/204 310 GET http://clients1.google.com.br/generate_204 - DIRECT/74.125.234.103 text/html
    1317922972.910 0 192.168.254.95 TCP_DENIED/400 1933 GET NONE:// - NONE/- text/html
    1317922975.923 0 192.168.254.95 TCP_DENIED/400 1936 GET NONE:// - NONE/- text/html
    1317922978.935 0 192.168.254.95 TCP_DENIED/400 1917 GET NONE:// - NONE/- text/html



  3. Tente desta forma:

    http_port 3128
    visible_hostname willy
    error_directory /usr/share/squid/errors/Portuguese/
    cache_mem 64 MB
    maximum_object_size_in_memory 64 KB
    maximum_object_size 512 MB
    minimum_object_size 0 KB
    cache_swap_low 90
    cache_swap_high 95
    cache_dir ufs /var/spool/squid 2048 16 256
    cache_access_log /var/log/squid/access.log
    refresh_pattern ^ftp: 15 20% 2280
    refresh_pattern ^gopher: 15 0% 2280
    refresh_pattern . 15 20% 2280
    acl all src 0.0.0.0/0.0.0.0
    acl redelocal src 192.168.1.0/24
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 21 25 80 110 443 563 587 70 210 280 488 59 777 901 1025-65535
    acl purge method PURGE
    acl CONNECT method CONNECT


    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports

    # DEFINE O CAMINHO DO LIBERA_EMAIL
    acl libera_email url_regex -i "/etc/squid/acls/libera_email"
    http_access allow libera_email


    # LIBERA O ACESSO NA HORA DO ALMOÇO
    acl almoco time 12:00-13:00
    http_access allow almoco


    # DEFINE O CAMINHO DO ARQUIVO DE IPS LIBERADOS
    acl ip_liberados src "/etc/squid/acls/ips_liberados"
    http_access allow ip_liberados
    #usuarios_liberados


    # DEFINE O CAMINHO DO ARQUIVO DE SITES BLOQUEADOS
    acl sites_bloqueados url_regex -i "/etc/squid/acls/sites_bloqueadas"
    http_access deny sites_bloqueados


    # DEFINE O CAMINHO DO ARQUIVO DE PALAVRAS BLOQUEADAS
    acl palavras_bloqueadas dstdom_regex "/etc/squid/acls/palavras_bloqueadas"
    http_access deny palavras_bloqueadas


    http_access allow localhost
    http_access allow redelocal
    http_access deny all


    Dentro do arquivo libera email informe a o seu dominio de e-mail... reinicie o squid de o comando para analisar o log do squid... clique enviar e receber no outlook e post o log do squid aqui..

    Aguardando

  4. Citação Postado originalmente por luandotto Ver Post
    Tente desta forma:

    http_port 3128
    visible_hostname willy
    error_directory /usr/share/squid/errors/Portuguese/
    cache_mem 64 MB
    maximum_object_size_in_memory 64 KB
    maximum_object_size 512 MB
    minimum_object_size 0 KB
    cache_swap_low 90
    cache_swap_high 95
    cache_dir ufs /var/spool/squid 2048 16 256
    cache_access_log /var/log/squid/access.log
    refresh_pattern ^ftp: 15 20% 2280
    refresh_pattern ^gopher: 15 0% 2280
    refresh_pattern . 15 20% 2280
    acl all src 0.0.0.0/0.0.0.0
    acl redelocal src 192.168.1.0/24
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 21 25 80 110 443 563 587 70 210 280 488 59 777 901 1025-65535
    acl purge method PURGE
    acl CONNECT method CONNECT


    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports

    # DEFINE O CAMINHO DO LIBERA_EMAIL
    acl libera_email url_regex -i "/etc/squid/acls/libera_email"
    http_access allow libera_email


    # LIBERA O ACESSO NA HORA DO ALMOÇO
    acl almoco time 12:00-13:00
    http_access allow almoco


    # DEFINE O CAMINHO DO ARQUIVO DE IPS LIBERADOS
    acl ip_liberados src "/etc/squid/acls/ips_liberados"
    http_access allow ip_liberados
    #usuarios_liberados


    # DEFINE O CAMINHO DO ARQUIVO DE SITES BLOQUEADOS
    acl sites_bloqueados url_regex -i "/etc/squid/acls/sites_bloqueadas"
    http_access deny sites_bloqueados


    # DEFINE O CAMINHO DO ARQUIVO DE PALAVRAS BLOQUEADAS
    acl palavras_bloqueadas dstdom_regex "/etc/squid/acls/palavras_bloqueadas"
    http_access deny palavras_bloqueadas


    http_access allow localhost
    http_access allow redelocal
    http_access deny all


    Dentro do arquivo libera email informe a o seu dominio de e-mail... reinicie o squid de o comando para analisar o log do squid... clique enviar e receber no outlook e post o log do squid aqui..

    Aguardando
    Mais uma coisa...
    Coloca estas regras no seu iptables antes do seu proxy transparente (antes de direcionar a 80 para 3128)


    # libera POP
    iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
    # libera SMTP
    iptables -A FORWARD -p tcp --dport 25 -j ACCEPT



  5. eu ja fiz essa acl....


    # DEFINE O CAMINHO DO LIBERA_EMAIL
    acl libera_email url_regex -i "/etc/squid/acls/libera_email"
    http_access allow libera_email

    so colei aqui o file errado.

    Quando eu acompanho o log do Squid (tail -f /var/log/squid/access.log), no momento de enviar/ receber nao acontece nenhuma entrada no log.

    Nao teria que fazer uma NAT pro iptables receber as requisicoes da rede e envia-las novamente pra Internet?

    agradeço a atenção dos colegas.
    Elias






Tópicos Similares

  1. email Bol, squid....
    Por danielpicolli no fórum Servidores de Rede
    Respostas: 2
    Último Post: 11-03-2007, 23:46
  2. Bloquerar upload em anexos de email pelo squid
    Por morronix no fórum Servidores de Rede
    Respostas: 1
    Último Post: 04-08-2006, 07:51
  3. Como receber emails do Outlook Expressno Squid
    Por ercbh no fórum Servidores de Rede
    Respostas: 1
    Último Post: 19-07-2005, 12:27
  4. Squid barrando o ftp e email
    Por rcar no fórum Servidores de Rede
    Respostas: 5
    Último Post: 08-06-2005, 08:33
  5. Squid + Sarg + Email
    Por jiraya no fórum Servidores de Rede
    Respostas: 1
    Último Post: 28-05-2005, 18:23

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L