fernandoselect
(usa Red Hat)
Enviado em 06/02/2013 - 09:45h
olá,
amigos sou iniciante no linux mas já uso a bastante tempo.
tenho um servidor proxy tranparente na minha rede. nao uso firewall neste servidor e a principio nao pretendo instalar. de um tempo pra cá o outlook de toda rede aparence recebendo 1 de xxxxx emails porem nao recebe. as vezes o total de emails é 200 ou 300 kbytes e fica o dia inteiro mas nao baixa. para o envio de emails está normal. liguei no provedor de emails que é externo e disseram que por lá está tudo normal. e que o meu problema é interno.
a navegaçao está muito rápida para qualquer site e via webmail, tambem está normal. a porta usada para envio e recebimentos é 587 e 110. apesar de ja ser careca, agora estou perdendo os cabelos dos ouvidos. conto com a ajuda de voces. segue abaixo: rc.local, iptables, e squid.
iptable-------------------------------------------------
# Generated by iptables-save v1.3.5 on Fri Apr 27 22:37:41 2012
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Apr 27 22:37:41 2012
# Generated by iptables-save v1.3.5 on Fri Apr 27 22:37:41 2012
*mangle
:PREROUTING ACCEPT [3814:1761342]
:INPUT ACCEPT [3778:1759554]
:FORWARD ACCEPT [35:1748]
:OUTPUT ACCEPT [4251:1950580]
:POSTROUTING ACCEPT [4286:1952328]
COMMIT
# Completed on Fri Apr 27 22:37:41 2012
# Generated by iptables-save v1.3.5 on Fri Apr 27 22:37:41 2012
*filter
:INPUT ACCEPT [3794:1760537]
:FORWARD ACCEPT [35:1748]
:OUTPUT ACCEPT [4270:1954245]
COMMIT
# Completed on Fri Apr 27 22:37:41 2012
rc.local------------------------------------------------------------------
/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
#REGRAS COMPARTILHAMENTO DA INTERNET
iptables -F
iptables -F -t nat
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
echo "Implementando Regras"
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s 192.168.218.0/24 -j MASQUERADE
iptables -nL
iptables -nL -t nat
squid-------------------------------------------------
# WELCOME TO SQUID 2.6.STABLE21
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70 # http
acl Safe_ports port 210 # ftp
acl Safe_ports port 1025-65535 # https
acl Safe_ports port 280 # gopher
acl Safe_ports port 488 # wais
acl Safe_ports port 591 # unregistered ports
acl Safe_ports port 777 # http-mgmt
acl CONNECT method CONNECT # gss-http
acl QUERY urlpath_regex cgi-bin \? # filemaker
acl localhost src 192.168.218.0/255.255.255.0 # multiling http
acl liberados url_regex "/etc/squid/liberados"
acl libera_total arp "/etc/squid/macliberado"
http_access allow libera_total
#REGRAS ACL
acl palavrasproibidas dstdom_regex "/etc/squid/palavrasproibidas"
acl bloqueados url_regex -i "/etc/squid/bloqueados"
acl apache rep_header Server ^Apache
#Allow ICP queries from everyone
icp_access allow all
#
# Squid normally listens to port 3128
http_port 3128 transparent
#Default:
maximum_object_size_in_memory 1 MB
#
# memory_replacement_policy lru
memory_replacement_policy heap LFUDA
#Default:
# cache_replacement_policy lru
cache_replacement_policy heap LFUDA
# cache_dir diskd Directory-Name Mbytes L1 L2 [options] [Q1=n] [Q2=n]
cache_dir ufs /var/spool/squid 500 16 256
#
# max_open_disk_fds 0
#
# minimum_object_size 0 KB
# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
#
# and undocumented format with all uppercase LOG_FACILITY|LOG_PRIORITY
access_log /var/log/squid/access.log
# cache_log /var/log/squid/cache.log
# cache_store_log /var/log/squid/store.log
#
#logfile_rotate 0
# logfile_rotate 0
#Default:
# log_fqdn off
log_fqdn on
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# TAG: quick_abort_min (KB)
# TAG: quick_abort_max (KB)
# TAG: quick_abort_pct (percent)
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
# TAG: read_ahead_gap buffer-size
# read_ahead_gap 16 KB
# TAG: negative_ttl time-units
# negative_ttl 5 minutes
# positive_dns_ttl 6 hours
positive_dns_ttl 1 hour
# negative_dns_ttl 1 minute
negative_dns_ttl 1 hour
# TAG: range_offset_limit (bytes)
# range_offset_limit 0 KB
# TAG: minimum_expiry_time (seconds)
# minimum_expiry_time 60 seconds
# TAG: store_avg_object_size (kbytes)
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# request_header_max_size 20 KB
# TAG: reply_header_max_size (KB)
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
# via on
# cache_vary on
# Apache to signal ETag correctly on such responses
http_access allow liberados
http_access allow libera_total
http_access deny bloqueados
http_access deny palavrasproibidas
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
broken_vary_encoding allow apache
# collapsed_forwarding off
# ident_timeout 10 seconds
ident_timeout 5 day
# ADMINISTRATIVE PARAMETERS
# cache_mgr root
# cache_effective_user squid
cache_effective_user squid
# cache_effective_group squid
cache_effective_group squid
#
#Default:
# announce_period 0
# TAG: delay_pools
#
#Default:
# delay_pools 0
# delay_access 2 deny all
delay_access 1 allow all
#
delay_class 1 2
#
#delay_parameters 1 -1/-1 8000/8000
#
#
#delay_parameters 2 32000/32000 8000/8000 600/8000
delay_parameters 1 55000000/125000 1000000/125000
#
# delay_initial_bucket_level 50
# detect_broken_pconn off
# icp_port 3130
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255
# icp_hit_stale off
# minimum_direct_hops 4
#
# icp_query_timeout 0
# maximum_icp_query_timeout 2000
# minimum_icp_query_timeout 5
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8
# tcp_recv_bufsize 0 bytes
# check_hostnames on
# allow_underscore on
# cache_dns_program /usr/lib/squid/dnsserver
# dns_retransmit_interval 5 seconds
# dns_timeout 2 minutes
# dns_defnames off
# hosts_file /etc/hosts#
# ignore_unknown_nameservers on
# TAG: ipcache_size (number of entries)
# TAG: ipcache_low (percent)
# TAG: ipcache_high (percent)
# The size, low-, and high-water marks for the IP cache.
# ipcache_size 1024
ipcache_size 1024
# ipcache_low 90
ipcache_low 90
# ipcache_high 95
ipcache_high 95
# fqdncache_size 1024
fqdncache_size 1024
# TAG: memory_pools on|off
# memory_pools on
# TAG: memory_pools_limit (bytes)
# Used only with memory_pools on:
# memory_pools_limit 50 MB
# memory_pools_limit 5 MB
# forwarded_for on
# maximum_single_addr_tries 1
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net
# offline_mode off
coredump_dir /var/spool/squid
# balance_on_multiple_ip on
# pipeline_prefetch off
# high_response_time_warning 0
# high_page_fault_warning 0
# high_memory_warning 0 KB
# sleep_after_fork 0
maximum_object_size 256 MB