portsnap fetch
portsnap upgrade
portupgrade -ai
:)
Versão Imprimível
portsnap fetch
portsnap upgrade
portupgrade -ai
:)
Não consigo fazer o Proxy rodar como transparente!!!
oque eu posso ter feito de errado?
##Configurações Aplicadas:##
#cd /usr/local/etc/squid/squid.conf #
cache_effective_user squid
cache_effective_group squid
cache_dir diskd /squid/cache/01 4843 16 64 Q1=16 Q2=8
cache_dir diskd /squid/cache/02 4843 16 64 Q1=16 Q2=8
cache_dir diskd /squid/cache/03 4843 16 64 Q1=16 Q2=8
cache_dir diskd /squid/cache/04 4843 16 64 Q1=16 Q2=8
cache_dir diskd /squid/cache/05 4843 16 64 Q1=16 Q2=8
cache_dir diskd /squid/cache/06 4843 16 64 Q1=16 Q2=8
cache_dir diskd /squid/cache/07 4843 16 64 Q1=16 Q2=8
cache_access_log /squid/logs/access.log
cache_log /squid/logs/cache.log
cache_store_log none
pid_filename /usr/local/squid/var/logs/squid.pid
http_port 192.168.x.x 3128 transparent
emulate_httpd_log on
icp_port 3130
cache_peer exemplo-exemplo.exemplo.com.br sibling 3128 3130 round-robin
dns_nameservers 201.10.128.3 201.10.1.2
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl java browser Java
acl java browser java
acl CONNECT method CONNECT
http_access allow all
miss_access allow XXX
miss_access deny all
icp_access allow XXX
icp_access deny all
visible_hostname exemplo.exemplo.com.br
logfile_rotate 4
coredump_dir none
shutdown_lifetime 20 seconds
cache_mem 256 MB
maximum_object_size 1024 MB
cache_replacement_policy heap LFUDA
refresh_pattern . 0 20% 10080
refresh_pattern -i exe$ 0 50% 999999
refresh_pattern -i zip$ 0 50% 999999
refresh_pattern -i rar$ 0 50% 999999
refresh_pattern -i tgz$ 0 50% 999999
refresh_pattern -i iso$ 0 50% 999999
refresh_pattern -i msi$ 0 50% 999999
refresh_pattern -i gif$ 0 50% 999999
refresh_pattern -i png$ 0 50% 999999
refresh_pattern -i jpg$ 0 50% 999999
refresh_pattern -i jpeg$ 0 50% 999999
refresh_pattern -i asp$ 0 50% 999999
refresh_pattern -i aspx$ 0 50% 999999
refresh_pattern -i php$ 0 50% 999999
refresh_pattern -i jsp$ 0 50% 999999
refresh_pattern -i bmp$ 0 50% 999999
refresh_pattern -i swf$ 0 50% 999999
refresh_pattern -i flv$ 0 50% 999999
refresh_pattern -i mp3$ 0 50% 999999
refresh_pattern -i wav$ 0 50% 999999
refresh_pattern -i wmv$ 0 50% 999999
refresh_pattern -i wma$ 0 50% 999999
refresh_pattern -i asf$ 0 50% 999999
refresh_pattern -i avi$ 0 50% 999999
refresh_pattern -i mov$ 0 50% 999999
refresh_pattern -i htm$ 0 50% 999999
refresh_pattern -i html$ 0 50% 999999
refresh_pattern -i ico$ 0 50% 999999
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
error_directory /usr/local/etc/squid/errors/Portuguese
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
#cd /usr/src/sys/amd64/conf/GENERIC#
options SYSVSHM
options SHMSEG=16
options SHMMNI=32
options SHMMAX=2097152
options SHMALL=4096
options SYSVMSG
options MSGMNB=16384
options MSGMNI=41
options MSGSEG=2049
options MSGSSZ=64
options MSGTQL=2049
options IPFIREWALL
options IPFW2
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_FORWARD
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT
#cd /etc/rc.conf#
firewall_enable=YES
firewall_type=OPEN
firewall_quiet=YES
firewall_script=/etc/ipfw.conf
firewall_logging=NO
natd_enable=YES
natd_flags=-f /etc/natd.conf
#cd /etc/rc.firewall #
ipfw add 800 fwd 127.0.0.1,3128 dst-port { 80 or 21 } src-ip 192.168.0.0/24
ipfw add 810 allow dst-port 3128 dst-port 192.168.0.X src-ip 192.168.0.0/24
ipfw add 900 deny dst-port 3128
${fwcmd} add 60 fwd 127.0.0.1,3128 tcp from 192.168.X.X/24 to any 80 via x10
case ${firewall_type} in
[Oo] [Pp] [Ee] [Nn] )
0100 allow ip from any to any via x10
0200 deny ip from any to 192.168.0.0/24
0300 deny ip from 192.168.0.0/24 to any
65000 allow ip from any to any
65535 deny ip from any to any
iptables t nat A PREROUTING I x10 s 192.168.0.0/24 p tcp dport 80 j REDIRECT to-port 3128
*Criei essesarquivosabaixo, não sei se esta certo, existem tantos tutoriais na Internet q pode ser q eu tenha lido o confundido algo.
#cd /etc/ipfw.conf#
ipfw f flush
ipfw add divert natd via x10
ipfw add pass all from any to any
#cd /etc/natd.conf#
use_sockets yes
interface x10
#Quandouso essas linhas de commando o squid diz q é unrecognized:#
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Amigo, essas alteracoes de kernel que voce citou agora, semaforos, systemv, coisas do genero, voce nao precisa mais colocar estaticamente dentro do kernel, voce pode colocar dinamicamente carregando no loader ou sysctl (acho que é no loader).
Realmente as novas versoes do squid mataram esses HTTP_ACCEL.
Tire essas diretrizes http_accel e coloque do lado do seu http_port "transparent"
Exemplo:
Código :
http_port 127.0.0.1:3128 transparent
ou
Código :
http_port 3128 transparent
Teste e veja...
Saudações,
Fiz as modificações citadas acima mas não funciona como transparente!
Ae fui ver os logs do cache e aparece essas mensagens:
"/usr/local/squid/var/logs/squid.pid (1) Operation not permitted"
"WARNING: could not write pid file"
"DETECTED DEAD SIBLING: xxx.com.br"
"WARNING: transparent proxying not supported"
Aqueles arquivo q criei ipfw, natd estao certos?
Ow eles tem um local especifico q q eles ja sejam criados na instalação?