Squid bloqueando acesso a intranet de uma empresa externa

[andrecharamos]

O squid esta bloqueando o acesso a intranet de um parceiro.
se eu digitar no navegador intranet.empresa.com.br aparece a tela solicitando usuario e senha. isso sem passar pelo proxy. seu passar pelo proxy a tela fica em branco.


não sei oque pode ser e gostaria de ajuda dos colegas.

segue meu script do squid.



# WELCOME TO SQUID 3.0.STABLE10
# ----------------------------

################# Autenticação de Usuários ##########################
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#####################################################################

#acl password proxy_auth REQUIRED//Qdo for usar a autent. descomentar
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl redetoctao src 192.168.0.0/24 # RFC1918 possible internal network

##################### Regras ########################################
acl Safe_ports port 20 # programa oi
acl SSL_ports port 443 563 # https
acl Safe_ports port 553 # Autenticacao do outlook
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 8021
acl Safe_ports port 2121
acl Safe_ports port 89 # juridico 2ccago
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl IPliberados src "/etc/squid/regras/IPliberado.txt"
acl youtube_bloq url_regex -i www.youtube.com
#acl down_bloq url_regex -i \.zip$ \.rar$ \.pdf$ \.xlx$
acl libera-msn src "/etc/squid/regras/libera-msn.txt"
acl libera-youtube src "/etc/squid/regras/libera-youtube.txt"
acl bloqueados url_regex -i "/etc/squid/regras/bloqueados.txt"
acl imo url_regex -i imo.im:443
acl ultrasurf dstdom_regex -i ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}($|:.+|/))
acl msn url_regex -i gateway.dll ADSAdClient31.dll
acl msn_bloq dstdomain "/etc/squid/regras/msn_bloq.txt"
acl msn1 url_regex passport.com confi.messenger.msn.com
acl msn2 req_mime_type -i ^application/x-msn-messenger
acl CONNECT method CONNECT
acl bloq_Talk url_regex -i chatenabled.gmail.com
#acl videos_uol dstdomain tvuol.uol.com.br
#always_direct allow videos_uol
#####################################################################
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

####################### Permisões das Regras ########################
http_access allow IPliberados
#http_access allow videos_uol
http_access deny bloqueados
http_access deny bloq_Talk
#http_access deny down_bloq
http_access deny imo
http_access deny CONNECT ultrasurf
http_access allow libera-msn
http_access deny msn !libera-msn
http_access deny msn_bloq !libera-msn
http_access deny msn1 !libera-msn
http_access deny msn2 !libera-msn
http_access allow libera-youtube
http_access deny youtube_bloq
#####################################################################

http_access allow redetoctao
http_access allow localhost
http_access deny all

icp_access allow redetoctao
icp_access deny all

http_access allow redetoctao
http_access deny all

############### Endereço do Servidor e Porta para Acesso############
http_port 192.168.0.246:3128 transparent
####################################################################

hierarchy_stoplist cgi-bin ?

######################## Tamanhos das Cache ########################
cache_dir ufs /var/cache/squid 2048 16 256
cache_swap_low 90
cache_swap_high 95

########################### Caminhos dos Logs ######################
access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
error_directory /usr/share/squid/errors/Portuguese

#######################Controle de Acessos #########################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#####################################################################

icp_port 3230
coredump_dir /var/cache/squid

[andrecaleiros]

a intranet tem porta?

[andrecharamos]

Consegui resolve com esta regra no firewall

$IPTABLES -t nat -I PREROUTING -s 192.168.0.0/24 -d intranet.opusxxxxxx.com.br -p tcp --dport 80 -j ACCEPT

[robsonsbrasil]

Já solicionou esse problema?

O squid esta bloqueando o acesso a intranet de um parceiro.
se eu digitar no navegador intranet.empresa.com.br aparece a tela solicitando usuario e senha. isso sem passar pelo proxy. seu passar pelo proxy a tela fica em branco.


não sei oque pode ser e gostaria de ajuda dos colegas.

segue meu script do squid.



# WELCOME TO SQUID 3.0.STABLE10
# ----------------------------

################# Autenticação de Usuários ##########################
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#####################################################################

#acl password proxy_auth REQUIRED//Qdo for usar a autent. descomentar
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl redetoctao src 192.168.0.0/24 # RFC1918 possible internal network

##################### Regras ########################################
acl Safe_ports port 20 # programa oi
acl SSL_ports port 443 563 # https
acl Safe_ports port 553 # Autenticacao do outlook
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 8021
acl Safe_ports port 2121
acl Safe_ports port 89 # juridico 2ccago
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl IPliberados src "/etc/squid/regras/IPliberado.txt"
acl youtube_bloq url_regex -i www.youtube.com
#acl down_bloq url_regex -i \.zip$ \.rar$ \.pdf$ \.xlx$
acl libera-msn src "/etc/squid/regras/libera-msn.txt"
acl libera-youtube src "/etc/squid/regras/libera-youtube.txt"
acl bloqueados url_regex -i "/etc/squid/regras/bloqueados.txt"
acl imo url_regex -i imo.im:443
acl ultrasurf dstdom_regex -i ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}($|:.+|/))
acl msn url_regex -i gateway.dll ADSAdClient31.dll
acl msn_bloq dstdomain "/etc/squid/regras/msn_bloq.txt"
acl msn1 url_regex passport.com confi.messenger.msn.com
acl msn2 req_mime_type -i ^application/x-msn-messenger
acl CONNECT method CONNECT
acl bloq_Talk url_regex -i chatenabled.gmail.com
#acl videos_uol dstdomain tvuol.uol.com.br
#always_direct allow videos_uol
#####################################################################
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

####################### Permisões das Regras ########################
http_access allow IPliberados
#http_access allow videos_uol
http_access deny bloqueados
http_access deny bloq_Talk
#http_access deny down_bloq
http_access deny imo
http_access deny CONNECT ultrasurf
http_access allow libera-msn
http_access deny msn !libera-msn
http_access deny msn_bloq !libera-msn
http_access deny msn1 !libera-msn
http_access deny msn2 !libera-msn
http_access allow libera-youtube
http_access deny youtube_bloq
#####################################################################

http_access allow redetoctao
http_access allow localhost
http_access deny all

icp_access allow redetoctao
icp_access deny all

http_access allow redetoctao
http_access deny all

############### Endereço do Servidor e Porta para Acesso############
http_port 192.168.0.246:3128 transparent
####################################################################

hierarchy_stoplist cgi-bin ?

######################## Tamanhos das Cache ########################
cache_dir ufs /var/cache/squid 2048 16 256
cache_swap_low 90
cache_swap_high 95

########################### Caminhos dos Logs ######################
access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
error_directory /usr/share/squid/errors/Portuguese

#######################Controle de Acessos #########################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#####################################################################

icp_port 3230
coredump_dir /var/cache/squid