Perguntas & Respostas

Publicada por lpaf em 23/05/2007 - 00:00h:
* lpaf usa OpenSuSE

Como funcionar o proxy transparente squid 2.6. ? com as dicas que encontrei não deu certo.
distribuição slackware
//////////////////////////////////////////////////////////////////////////////
minha configuração do squid esta assim:
# Squid normally listens to port 3128
http_port 3128
#   this option.
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
#
#   Default is to allow all to be cached
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
#
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#Default:
cache_mem 80 MB
#
#Default:
cache_swap_low 90
cache_swap_high 95
#
#Default:
maximum_object_size 16384 KB
# TAG: minimum_object_size   (bytes)
#   Objects smaller than this size will NOT be saved on disk. The
#   value is specified in kilobytes, and the default is 0 KB, which
#   means there is no minimum.
#
#Default:
minimum_object_size 0 KB

#
#Default:
maximum_object_size_in_memory 54 KB

#Default:
ipcache_size 1024
ipcache_low 90
ipcache_high 95

#Default:
fqdncache_size 1024
#
#Default:
cache_replacement_policy lru
#
#Default:
memory_replacement_policy lru
#
#Default:
cache_dir ufs /etc/squid-2.6//var/cache 3000 16 256
# To log the request via syslog specify a filepath of "syslog"
access_log /etc/squid-2.6/var/logs/access.log squid
#
#Default:
cache_log /etc/squid-2.6//var/logs/cache.log

#
#Default:
cache_store_log /etc/squid-2.6//var/logs/store.log

#Default:
emulate_httpd_log off

#
#Default:
log_ip_on_direct on

#
#Default:
pid_filename /etc/squid-2.6//var/logs/squid.pid
#Default:
# log_fqdn off
#Default:
client_netmask 255.255.255.0
#
#Default:
ftp_passive on

#
#Default:
dns_retransmit_interval 5 seconds

#
#Default:
dns_timeout 2 minutes
#
#Default:
dns_nameservers 10.1.1.1 200.215.1.35
#
#Default:
request_header_max_size 10 KB
#
#Default:
request_body_max_size 1024 KB
#
#Suggested default:
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320
#
#Default:
negative_ttl 2 minutes
#
#Default:
positive_dns_ttl 3 hours
#
#Default:
connect_timeout 1 minute
#
#Default:
read_timeout 7 minutes

# TAG: request_timeout
#   How long to wait for an HTTP request after initial
#   connection establishment.
#
#Default:
request_timeout 30 seconds

#
#Default:
client_lifetime 1 day

#
#Default:
half_closed_clients off
# ==============================================
# CONFIGURACAO DAS ACLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443      # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http
acl CONNECT method CONNECT
acl rede src 192.168.1.0/255.255.255.0
acl ip_liberado src "/etc/squid-2.6/ip_liberado"
acl macs_liberados arp "/etc/squid-2.6/macs_liberados"
acl todos_dominios dstdom_regex .
acl dominios_liberados dstdomain "/etc/squid-2.6/dominios_liberados"
acl msn url_regex -i gateway.dll
#==============================================
# CONFIGURACAO DAS HTTP_ACCESS
http_access deny msn rede !ip_liberado !macs_liberados
http_access allow dominios_liberados
http_access deny todos_dominios !macs_liberados
http_access allow rede
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# And finally deny all other access to this proxy
http_access deny all

# and finally allow by default
http_reply_access allow all
# ==============================================
#
#Allow ICP queries from everyone
icp_access allow all

#   MISSES and all other clients can only fetch HITS.
#
#   By default, allow all clients who passed the http_access rules
#   to fetch MISSES from us.
#
#Default setting:
# miss_access allow all

#
#Default:
cache_effective_user nobody
#
#Default:
cache_effective_group nogroup
#
#Default:
visible_hostname tapuia

#Default:
error_directory /etc/squid-2.6//share/errors/Portuguese

# Leave coredumps in the first cache dir
coredump_dir /etc/squid-2.6/var/cache
///////////////////////////////////////////////////////////////////////////////////

Resposta de bilizoi em 23/05/2007 - 08:15h:
* bilizoi usa Slackware
* bilizoi tem conceito: nenhum voto.

Amigo pra fazer proxy transparente acho que você precisa habilitar uma regra no iptables redirecinando as conexões da internet (porta 80 e derivadas) para a porta do seu squid (por padrão 3128).

Espero ter ajudado....

Resposta de lpaf em 27/05/2007 - 23:53h:
* lpaf usa OpenSuSE
* lpaf tem conceito: nenhum voto.

http_port 3128 transparent, ( com esta opçao e....)
somente adicionando no \rc.local #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128.
Não esta funcionando meu proxy transparente, o que posso estar fazendo de errado. ???????????????????

Voltar

ATENÇÃO: Antes de contribuir com uma resposta, leia o artigo Qualidade de respostas e certifique-se de que esteja realmente contribuindo com a comunidade. Muitas vezes o ímpeto de contribuir nos leva a atrapalhar ao invés de ajudar.