Página 2 de 4 PrimeiroPrimeiro 1234 ÚltimoÚltimo
+ Responder ao Tópico



  1. véi...manda aew....se eu puder ajudar...eu ajudo...se eu naun puder,vou conversar um o meu consultor...

  2. iptables;

    #Mude de acordo com sua rede os ips..
    #Start Serv
    #Escript de Firewall e Roteamento de portas
    #==========================================================================================================================
    #Apaga Regras pre Definidas
    iptables -F
    iptables -t nat -F
    #==========================================================================================================================
    #APAGANDO REGRAS
    iptables -F INPUT
    iptables -F FORWARD
    iptables -F OUTPUT
    iptables -X
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A FORWARD -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    #==========================================================================================================================
    #adicionando modulos
    modprobe ip_conntrack
    modprobe ipt_MASQUERADE
    modprobe ipt_LOG
    modprobe iptable_nat
    modprobe ip_nat_ftp
    modprobe iptable_filter
    #==========================================================================================================================
    #Abilita o Roteamento de Kernel
    echo 1 > /proc/sys/net/ipv4/ip_forward
    #==========================================================================================================================
    #Abilita (NAT) Para converter ip 192.168.0.0 para 200.201.158.110
    iptables -t nat -A POSTROUTING -s 192.168.0.10/24 -o eth0 -j SNAT --to 200.201.158.110
    #==========================================================================================================================
    #Redireciona Todas as portas para a 8080 (http) (Squid) / OUTLOOK
    #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to 8080
    iptables -t nat -A PREROUTING -d 192.168.0.10/24 -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 200.187.64.134
    iptables -t nat -A PREROUTING -d 192.168.0.10/24 -i eth0 -p tcp -m tcp --dport 110 -j DNAT --to-destination 200.187.64.133
    iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
    iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
    #==========================================================================================================================
    #-------------------- CONTROLA TODAS AS INPUT NO SERVIDOR ---------------------
    #Libera as portas para entrada no servidor
    iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT
    iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 3128 -j ACCEPT
    iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 25 -j ACCEPT
    iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 110 -j ACCEPT
    iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 137:139 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 137:139 -j ACCEPT
    iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 1080 -j ACCEPT
    iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 9875 -j ACCEPT
    #iptables -A INPUT -p tcp -s 200.218.208.91 --dport 5024 -j ACCEPT
    #iptables -A INPUT -p tcp -s 200.218.209.91 --dport 5024 -j ACCEPT
    #iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT
    #==========================================================================================================================
    #Mantem a conexao das portas liberada acima
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    #==========================================================================================================================
    #--------------------- CONTROLA TODOS OS FORWARD NO SERVIDOR ------------------
    #libera as portas para passar pelo servidor e ter acesso externo
    iptables -A FORWARD -s 192.168.0.0/24 -i eth0 -j ACCEPT
    iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 53 -j ACCEPT
    iptables -A FORWARD -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT
    iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 25 -j ACCEPT
    iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 110 -j ACCEPT
    iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 1080 -j ACCEPT
    iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 9875 -j ACCEPT
    #iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 5024 -j ACCEPT
    #iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT
    #==========================================================================================================================
    #Mantem a conexao das portas acima liberada
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    #
    #
    iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --dport 53 -j ACCEPT
    iptables -A OUTPUT -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT
    iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --dport 25 -j ACCEPT
    iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --dport 110 -j ACCEPT
    iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --dport 9875 -j ACCEPT
    iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --dport 5024 -j ACCEPT
    #iptables -A OUTPUT -p tcp -s 200.218.208.91 --dport 5024 -j ACCEPT
    #iptables -A OUTPUT -p tcp -s 200.218.209.91 --dport 5024 -j ACCEPT
    #
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


    ================================================================
    squid

    http_port 3128
    icp_port 0
    cache_mem 128 MB
    cache_swap_low 95
    cache_swap_high 98
    maximum_object_size 4096 KB
    cache_dir ufs /var/spool/squid 800 32 32
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    #emulate_httpd_log off
    connect_timeout 2 minutes
    acl all src 192.168.0.0/255.255.255.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 1080 # Socks
    acl Safe_ports port 86 # Speedy
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 #wais
    acl Safe_ports port 1025-65535 #unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multilink http
    acl CONNECT method CONNECT
    #acl porn url_regex "/etc/squid/porn"
    #acl noporn url_regex "/etc/squid/noporn"
    #http_access allow noporn all
    #http_access deny porn all
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    icp_access allow all
    miss_access allow all
    cache_mgr informatica@number.com.br
    cache_effective_user squid
    cache_effective_group squid
    visible_hostname proxy.number.com.br
    #store_avg_object_size 4 KB
    httpd_accel_host virtual
    httpd_accel_port 3128
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on






    ==============================================================
    Cache.log

    2006/05/25 13:54:35 ipcacheparse: no address records in response to 'www.buscape.com.br'


    VAleu cara



  3. Dá uma olhadinha no seu arquivo /etc/resolv.conf e veja se os endereços dos seus servidores DNS estão lá. Senão, baixe as suas regras de firewall e habilite apenas o NAT para ver se o problema é no Squid.

  4. Estão lá sim, os dois.

    Eu ja fiz tudo que me falaram, quero mais ideias.

    Obrigado galera pela ajuda, e que continuem me ajudando. hehehehe....



  5. Antelo, esse Squid já funcionou algum dia?
    Quando parou?

    Tente comentar essa linha:
    #httpd_accel_port 3128

    ou tente mudar para a porta 80


    Tag Name
    httpd_accel_port

    Usage
    httpd_accel_port port

    Description

    Accelerated requests can only be forwarded to one port: there is no table that associates accelerated hosts and a destination port. Squid will connect to the port that you set the httpd_accel_port value to. When acting as a front-end for a web server on the local machine, you will set up the web server to listen for connections on a different port (8000, for example), and set this squid.conf option to match the same value. If, on the other hand, you are forwarding requests to a set of slow backend servers, they will almost certainly be listening to port 80 (the default web-server port), and this option will need to be set to 80. If you want virtual port support then specify the port as "0"

    Default
    none

    Example
    httpd_accel_port 80
    httpd_accel_port 8000

    Caution
    -



    De uma olhada nessa tag tambem....


    Tag Name
    httpd_accel_with_proxy

    Usage
    httpd_accel_with_proxy on|off

    Description

    If you use the httpd_accel_host option, Squid will stop recognizing cache requests. So that your cache can function both as an accelerator and as a web cache, you will need to set the httpd_accel_with_proxy option to on.

    Default
    See Description.

    Example
    -

    Caution
    -


    Post seu squid-error.log , squid-access.log


    Podem ajudar.






Tópicos Similares

  1. Respostas: 12
    Último Post: 13-03-2017, 07:39
  2. uma Luz no fim do tunel - shaper - Debia 6.0
    Por accseixas no fórum Sistemas Operacionais
    Respostas: 4
    Último Post: 16-04-2012, 20:50
  3. Ajuda para um iniciante !(uma luz no fim do tunel)
    Por NetMikrotik no fórum Redes
    Respostas: 9
    Último Post: 22-12-2009, 22:28
  4. Respostas: 12
    Último Post: 19-08-2009, 19:56
  5. Barra no fim do endereço do site
    Por no fórum Servidores de Rede
    Respostas: 3
    Último Post: 02-05-2003, 21:57

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L