
		Riroxi
		
		(usa CentOS)
		
		Enviado em 19/05/2008 - 09:26h 
		Bom dia Pessoal, tudo jóia?
bom, sou iniciante com linux (bem iniciante)
Estou montando um server com Dans + squid + bigbllacklist...
ta tudo ok... execo pq o Dansqguardian repassa os pacotes para o squid com o ip do loopback... ele não deveria filtrar e passar com o ip do cliente que o acessou?
Se ele passa pelo ip do loopback meu filtro do squid mesmo não funciona...
Se alguem puder me ajudaar... agradeço... tenho certa urgência...
se preferirem, podem entrar em contato através de meu e-mail: riroxi@gmail.com
Vou postar aki em baixo minhas confs:
Linhas de redirecionamento de pacotes para o Dans:
    modprobe iptable_nat
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>squid.conf
    #SQUID.CONF FAEX
    #Porta
    http_port 3128
    #Nome do servidor
    visible_hostname faex.edu.br
    #Memória utilizada para objetos em trânsito – Não mexer
    cache_mem 64 MB
    #Não altetar as linhas abaixo
    maximum_object_size_in_memory 4096 KB
    maximum_object_size 100 MB
    minimum_object_size 0 KB
    cache_swap_low 90
    cache_swap_high 95
    #Local onde sera armazenado o cache do squid
    #O valor 2000 indica a quantidade em Mb que o cache do squid vai utilizar
    #6 partições de cache com 2Gb cada uma.
    cache_dir ufs /var/spool/squid/cache1 2000 16 256
    cache_dir ufs /var/spool/squid/cache2 2000 16 256
    cache_dir ufs /var/spool/squid/cache3 2000 16 256
    cache_dir ufs /var/spool/squid/cache4 2000 16 256
    cache_dir ufs /var/spool/squid/cache5 2000 16 256
    cache_dir ufs /var/spool/squid/cache6 2000 16 256
    #Local onde sera guardado os logs do squid
    cache_access_log /var/log/squid/access.log
    #Converte as mensagens geradas pelo squid par o Português
    error_directory /usr/share/squid/errors/Portuguese
    refresh_pattern ^ftp: 15 20% 2280
    refresh_pattern ^gopher: 15 0% 2280
    refresh_pattern . 15 20% 2280
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    #BLOQUEIO SQUID
    acl hora_semana time MTWHF 17:00-23:59
    #acl hora_sabado time MTWHF 08:00-17:00
    acl ip_liberado src "/etc/squid/ip_liberado"
    acl ip_restrito src "/etc/squid/ip_restrito"
    acl download url_regex -i "/etc/squid/download"
    acl bloqueado url_regex -i "/etc/squid/bloqueado"
    http_access allow localhost
    http_access allow acesso_total
    http_access deny download
    http_access deny bloqueado
    http_access alow aceso_restrito !hora_semana
    http_access deny all
    deny_info 
http://www.faex.edu.br/bloqueado.htm all
    # Proxy Transparente
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>dansguardian.conf
    # DansGuardian config file for version 2.6.1
    # Web Access Denied Reporting (does not affect logging)
    #
    # -1 = log, but do not block - Stealth mode
    #  0 = just say 'Access Denied'
    #  1 = report why but not what denied phrase
    #  2 = report fully
    #  3 = use HTML template file (accessdeniedaddress ignored)
    #
    reportinglevel = 3
    # HTML Template file path.
    # Only used when reportinglevel is set to 3.
    # When used, DansGuardian will display the HTML file instead of
    # using the perl cgi script.  This option is faster, cleaner
    # and easier to customise the access denied page.
    #
    htmltemplate = '/etc/dansguardian/template.html'
    # Logging Settings
    #
    # 0 = none  1 = just denied  2 = all text based  3 = all requests
    loglevel = 2
    # Log Exception Hits
    # Log if an exception (user, ip, URL, phrase) is matched and so
    # the page gets let through.  Can be useful for diagnosing
    # why a site gets through the filter.  on | off
    logexceptionhits = on
    # Log File Format
    # 1 = DansGuardian format        2 = CSV-style format
    # 3 = Squid Log File Format      4 = Tab delimited
    logfileformat = 1
    # Network Settings
    #
    # the IP that DansGuardian listens on.  If left blank DansGuardian will
    # listen on all IPs.  That would include all NICs, loopback, modem, etc.
    # Normally you would have your firewall protecting this, but if you want
    # you can limit it to only 1 IP.  Yes only one.
    filterip =
    # the port that DansGuardian listens to
    # It needs to be greater than 1024
    filterport = 8080
    # the ip of the proxy (default is the loopback - i.e. this server)
    proxyip = 127.0.0.1
    # the port DansGuardian connects to proxy on
    proxyport = 3128
    # accessdeniedaddress is the address of your web server to which the cgi
    # dansguardian reporting script was copied
    #
    accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
    # Content filtering files location
    bannedphraselist = '/etc/dansguardian/bannedphraselist'
    exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
    weightedphraselist = '/etc/dansguardian/weightedphraselist'
    bannedsitelist = '/etc/dansguardian/bannedsitelist'
    exceptionsitelist = '/etc/dansguardian/exceptionsitelist'
    exceptionurllist = '/etc/dansguardian/exceptionurllist'
    bannedurllist = '/etc/dansguardian/bannedurllist'
    bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist'
    bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
    bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
    bannediplist = '/etc/dansguardian/bannediplist'
    exceptioniplist = '/etc/dansguardian/exceptioniplist'
    banneduserlist = '/etc/dansguardian/banneduserlist'
    exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
    picsfile = '/etc/dansguardian/pics'
    contentregexplist = '/etc/dansguardian/contentregexplist'
    # messages file for internationalisation.
    languagefile = '/etc/dansguardian/messages'
    # Weighted phrase mode
    # There are 3 possible modes of operation:
    # 0 = off = do not use the weighted phrase feature.
    # 1 = on, normal = normal weighted phrase operation.
    # 2 = on, singular = each weighted phrase found only counts once on a page.
    #
    weightedphrasemode = 0
    # Naughtyness limit
    # This the limit over which the page will be blocked.  Each weighted phrase is given
    # a value either positive or negative and the values added up.  Phrases to do with
    # good subjects will have negative values, and bad subjects will have positive
    # values.  See the weightedphraselist file for examples.
    # As a guide:
    # 50 is for young children,  100 for old children,  160 for young adults.
    naughtynesslimit = 160
    # Show weighted phrases found
    # If enabled then the phrases found that made up the total which excedes
    # the naughtyness limit will be logged and, if the reporting level is
    # high enough, reported. on | off
    showweightedfound = on
    # Positive result caching for text URLs
    # Caches good pages so they don't need to be scanned again
    # 0 = off (recommended for ISPs with users with disimilar browsing)
    # 1000 = recommended for most users
    # 5000 = suggested max upper limit
    urlcachenumber = 1000
    #
    # Age before they are stale and should be ignored in seconds
    # 0 = never
    # 900 = recommended
    urlcacheage = 900
    # Reverse lookups for banned site and URLs.
    # If set to on, DansGuardian will look up the forward DNS for an IP URL
    # address and search for both in the banned site and URL lists.  This would
    # prevent a user from simply entering the IP for a banned address.
    # It will reduce searching speed somewhat so unless you have a local caching
    # DNS server, leave it off and use the Blanket IP Block option in the
    # bannedsitelist file instead.
    reverseaddresslookups = off
    # Build bannedsitelist and bannedurllist cache files.
    # This will compare the date stamp of the list file with the date stamp of
    # the cache file and will recreate as needed.
    # If a bsl or bul .processed file exists, then that will be used instead.
    # It will increase process start speed by 300%.  On slow computers this will
    # be significant.  Fast computers do not need this option. on | off
    createlistcachefiles = on
    # POST protection (web upload and forms)
    # does not block forms without any file upload, i.e. this is just for
    # blocking or limiting uploads
    # measured in kilobytes after MIME encoding and header bumph
    # use 0 for a complete block
    # use higher (e.g. 512 = 512Kbytes) for limiting
    # use -1 for no blocking
    #maxuploadsize = 512
    #maxuploadsize = 0
    maxuploadsize = -1
    # Max content filter page size
    # Sometimes web servers label binary files as text which can be very
    # large which causes a huge drain on memory and cpu resources.
    # To counter this, you can limit the size of the document to be
    # filtered and get it to just pass it straight through.
    # This setting also applies to content regular expression modification.
    # The size is in Megabytes - eg 2 = 2048Kb
    # use 0 for no limit
    maxcontentfiltersize = 2
    # Username identification methods (used in logging)
    # You can have as many methods as you want and not just one.  The first one
    # will be used then if no username is found, the next will be used.
    # * proxyauth is for when basic proxy authentication is used (no good for
    #   transparent proxying).
    # * ntlm is for when the proxy supports the MS NTLM authentication
    #   protocol.  (Only works with IE5.5 sp1 and later).  **NOT IMPLEMENTED**
    # * ident is for when the others don't work.  It will contact the computer
    #   that the connection came from and try to connect to an identd server
    #   and query it for the user owner of the connection.
    usernameidmethodproxyauth = on
    usernameidmethodntlm = off # **NOT IMPLEMENTED**
    usernameidmethodident = off
    # Misc settings
    # if on it adds an X-Forwarded-For: <clientip> to the HTTP request
    # header.  This may help solve some problem sites that need to know the
    # source ip. on | off
    forwardedfor = off
    # if on it uses the X-Forwarded-For: <clientip> to determine the client
    # IP. This is for when you have squid between the clients and DansGuardian.
    # Warning - headers are easily spoofed. on | off
    usexforwardedfor = off
    # sets the maximum number of processes to sporn to handle the incomming
    # connections.  This will prevent DoS attacks killing the server with
    # too many spawned processes.
    # On large sites you might want to double or triple this number.
    maxchildren = 120
    # if on it logs some debug info regarding fork()ing and accept()ing which
    # can usually be ignored.  These are logged by syslog.  It is safe to leave
    # it on or off
    logconnectionhandlingerrors = on
ABRAÇOS!