- Squid3 + Tproxy
+ Responder ao Tópico
-
Squid3 + Tproxy
Ola sou novo no fórum, estou precisando de uma ajuda. Estou montando um servidor Debian 7 com kernel 3.21 com squid3 e tproxy, estou tendo algum problema que não estou conseguindo resolver e peco a vocês uma ajudinha. Meu iptables esta assim:
iptables -t mangle -F
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1/1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 1/1 --on-port 3128
Meu squid.conf assim:
#Porta default do proxy
http_port 3128 tproxy
#Cache
cache_mem 1024 mb
maximum_object_size_in_memory 20480 kb
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid3 2048 16 256
cache_access_log /var/log/squid3/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#Regras de acesso para rede local
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #swat
acl Safe_ports port 443 563 #https e snews
acl Safe_ports port 1025-65535 #portas altas
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
error_directory /usr/share/squid3/errors/Portuguese
acl redelocal src 172.0.0.0/8
http_access allow redelocal
http_access allow localhost
http_access deny all
## Icones ##
icon_directory /usr/share/squid3/icons
short_icon_urls on
#Cache windowsupdate ( Faz cache do Windows Update ) ##
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern www.download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
refresh_pattern www.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
........
Bom o erro e' o seguinte, chega a requisição mas o iptables não esta redirecionando para a porta 3128, e se eu mandar via proxy a mensagem no squid.log 'e TCP_MISS/000
Bom espero que alguém consiga me ajudar.
Agradeço desde ja.