-
Proxy transparente
Olá instalei o squid e esta funcioando perfeitamente.
Agora estou tentando fazer o proxy transparente mais nao estou conseguindo.
Alguel poderia me ajudar.
vou passar meus arquivos de configurações.
regras_ipfw
add 00050 divert 8668 ip from any to any via fxp0
add 00100 allow ip from any to any via vr1
add 00101 allow tcp from any to any
add 00102 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port 80
add 65000 allow ip from any to any
add 65535 allow ip from any to any
rc.conf
kern_securelevel_enable="YES"
kern_securelevel="-1"
firewall_enable="YES"
firewall_type="/etc/regras_ipfw"
natd_enable="YES"
natd_interface="fxp0"
natd_flags=""
gateway_enable="YES"
hostname="chipmaster.fln.virtua.com.br"
ifconfig_fxp0="DHCP"
sshd_enable="YES"
usbd_enable="YES"
squid.conf
http_port 192.168.0.1:3128
visible_hostname chipmaster.fln.virtua.com.br
cache_mem 85 MB
acl intranet src 192.168.0.0/24
http_access allow intranet
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
-
Re: Proxy transparente
Seu servidor precisa de 2 interfaces de rede. uma pra entrada da internet e outra pra mandar pros clientes.
tenta mudar a regra do firewall pra essa:
add 00102 fwd 192.168.0.1,3128 tcp from 192.168.0.0/24 to any dst-port 80 via sua_2ª_interface_de_rede
-
Re: Proxy transparente
valeu pela dica vou testar.
-
Re: Proxy transparente
Nào funcionou.
Sera que nao pode ser a ordem que coloqueis os comandos de proxy transparente no arquivo squid.conf ???
-
Re: Proxy transparente
tente mudar isso
add 00102 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port 80
para isso
ipfw add 10 fwd localhost,3128 tcp from any to not me 80