Página 4 de 4 PrimeiroPrimeiro 1234
+ Responder ao Tópico



  1. AI esta o meu script do firewall ^^



    Código :
    #"/bin/bash
    #ETH1 rede local 192.168.1.0/24
    #ETH3 Net -Speedy
     
    #######Carregando Modulos######
    modprobe iptable_nat
    echo "Carga de Modulos >>>>>>>>>>>>[OK]"
     
    ########Limpando Regras########
     
    iptables -F
    iptables -Z
    iptables -X
     
    iptables -t nat -F
    iptables -t nat -Z
    iptables -t nat -X
     
    iptables -t mangle -F
    iptables -t mangle -Z
    iptables -t mangle -X
     
    echo "Regras Limpas >>>>>>>>>>>>>>>[OK]"
     
     
    ##########Politicas Padroes#######
     
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
     
    echo "Politicas P. >>>>>>>>>>>>>>>>[OK]"
     
    #########Liberar Loopback############
    iptables -A INPUT -i lo -j ACCEPT
     
    #iptables -A INPUT -i lo -o eth3 -j ACCEPT
     
    echo "Loopback >>>>>>>>>>>>>>>>>>> [OK]"
     
    #########SSHD########
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    echo "SSH >>>>>>>>>>>>>>>>>>>>>>>>>[OK]"
     
    #########Firewall Pinga Net###########
    iptables -A INPUT -p icmp -i ppp0 -s 0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    echo "Firewall-Net >>>>>>>>>>>>>>>>[OK]"
     
    ##########Lan Pinga Firewall#########
    iptables -A INPUT -p icmp -i eth1 -s 192.168.1.0/24 -j ACCEPT
    echo "Lan-Firewall >>>>>>>>>>>>>>>>[OK]"
     
    ########Lan Pinga Net#########
    iptables -A FORWARD -i eth1 -s 192.168.1.0/24 -o eth3 -d 0/0 -p icmp -j ACCEPT
    echo "Lan-Net >>>>>>>>>>>>>>>>>>>>>[OK]"
     
    #########DNS###############
    iptables -A FORWARD -o eth3 -d 0/0 -p udp --dport 53 -j ACCEPT
    echo "Dns >>>>>>>>>>>>>>>>>>>>>>>>>[OK]"
     
    #########Lan Acessa Net#########
    iptables -A FORWARD -i eth1 -s 192.168.1.0/24 -o ppp0 -d 0/0 -p tcp -m multiport --dport 25,80,110,443 -j ACCEPT
    iptables -A FORWARD -i ppp0 -s 0/0 -o eth1 -d 192.168.1.0/24 -m state --state RELATED,ESTABLISHED -j ACCEPT
    echo "Lan Acessa a Net >>>>>>>>>>>>[OK]"
     
    #########Liberando Resposta######
    iptables -A INPUT -i ppp0 -s 0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    echo "Liberando Resposta >>>>>>>>>>[OK]"
     
    ##########Squid##################
     
    #iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128
    #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
    #iptables -t nat -A PREROUTING -d 192.168.1.0/24 -p tcp -m multiport --dport 80,443 -j REDIRECT --to-port 3128
    #iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:3128
    #iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 3128
     
    iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:3128
     
    echo "Squid +++++++++++++++++++++++[OK] 
     
     
    ###########Compartilha Net###########
    echo "1" > /proc/sys/net/ipv4/ip_forward
    #iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth3 -j MASQUERADE
    #echo "Compartilha Net >>>>>>>>>>>>[OK]"
     
    iptables -P FORWARD ACCEPT
    #iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o ppp0 -j MASQUERADE 
    iptables -A POSTROUTING -t nat -s 192.168.1.0/24  -o ppp0 -j MASQUERADE
    echo "Compartilha Net PPPOE >>>>>>>[OK]"

  2. Vamos por partes da uma olhada nas tuas regras abaixo:

    Linhas desnecessarias:
    client_netmask 255.255.255.0
    dns_nameservers 200.204.0.10 200.204.0.138

    Linhas a serem corrigidas:

    acl site_bloq url_regex "/etc/squid/regras/bloqueado.txt"
    acl termobloq dstdom_regex "/etc/squid/regras/palavrabloq.txt"
    acl site_lib url_regex "/etc/squid/regras/liberado.txt"


    Bloqueio de sites:

    acl site_bloq dstdomain "/etc/squid/bloqueado.txt"

    Bloqueio de Palavras:

    acl termobloq url_regex -i "/etc/squid/plavrabloq.txt"


    Sites Liberados :

    acl site_lib dstdomain "/etc/squid/liberado.txt"

    Linhas a serem acrescentadas:

    Sera que não ta faltando alguma coisa ???
    http_access allow acesso_proxy
    httpd_accel_port 80
    httpd_accel_host virtual
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on

    Iptables:
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    Abração



  3. "
    Sera que não ta faltando alguma coisa ???
    http_access allow acesso_proxy
    httpd_accel_port 80
    httpd_accel_host virtual
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    "

    Cara vou utilizar o que tu disse, mas esteas regras foram subistituidas na 2.6 por http_port 3128 transparent, ^^.

    assim que chega no trampo alterarei o squid.conf para o que postou.

    obrigado

  4. Pessoal agradeço a ajuda de todos, mas o problema estava no script de firewall, fiz um simples, que somenet compartilhava a internet e redirecionava pro squid, resultado, funfou belezinha, então queme estiver com um problema parecido com o meu, é so revisar o firewall, usando so o básico depois incrementando e arrumando possíveis problemas

    Novamente Obrigado a Todos.






Visite: BR-Linux ·  VivaOLinux ·  Dicas-L