IP FIXO GVT

1. IP FIXO GVT

marcelocb
(usa Ubuntu)

Enviado em 12/04/2011 - 15:48h

Olá pessoal,
Recentemente contratei o serviço de IP-FIXO da operadora GVT.
Antes de adquirir este serviço eu usava o PPPOECONF para discar para internet
Usava o usuário normal para discar (turbonet@turbonet e senha gvt25).

Agora quando disco com o usuário para pegar o ip-fixo ex: (3125115555@turbonetpro)
A internet funciona normalmente, só que depois que eu redireciono a porta 80 para a porta do squid 3128 que esta na ETH1, as estações simplesmente para de navegar, mas quando retiro o redirecionamento volta a navegar normalmente.

Alguém pode me ajudar? Preciso fazer alguma configuração para ip-fixo?

Obrigado.

0 0

Quote

2. Re: IP FIXO GVT

renato_pacheco
(usa Debian)

Enviado em 12/04/2011 - 15:55h

Vejo q o problema está no seu squid. Não tem nada a v ser IP fixo ou IP dinâmico. Qual é a msg d erro? Se tiver, poste aki. Tb é bom postar suas regras do squid aki.

0 0

Quote

3. ip-fixo

marcelocb
(usa Ubuntu)

Enviado em 12/04/2011 - 16:29h

Não aparece menssagem de erro, só não navega... segue meu squid.conf

#####################################################
# sqid TRD
# Copyright © 2011 - Marcelo C. Barbosa
# Todos os direitos reservados.
# Ao utilizar este aquivo manter os
# direitos autorais

#####################################################

http_port 3128 transparent
visible_hostname ubuntu

icp_port 0
htcp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 128 MB
cache_swap_low 80
cache_swap_high 85
maximum_object_size 64 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 128 KB
ipcache_size 3072
ipcache_low 90
ipcache_high 93

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir ufs /var/spool/squid/cache1 2048 16 64
cache_dir ufs /var/spool/squid/cache2 2048 16 64
cache_dir ufs /var/spool/squid/cache3 2048 16 64
cache_dir ufs /var/spool/squid/cache4 2048 16 64
cache_dir ufs /var/spool/squid/cache5 2048 16 64
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

#Servidores DNS
dns_nameservers 192.168.0.1

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

#Tempo de vida dos objetos no cache

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
error_directory /usr/share/squid/errors/Portuguese
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
negative_ttl 3 minute
positive_dns_ttl 5 minute
half_closed_clients off

###########################ACLS#######################

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 873
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 280
acl Safe_ports port 465
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl Safe_ports port 995
acl Safe_ports port 3130
acl purge method PURGE
acl CONNECT method CONNECT

################### REGRAS ###########################

acl msn url_regex -i /gateway/gateway.dll
acl x-msn1 req_mime_type application/x-msn-messenger
acl x-msn2 rep_mime_type application/x-msn-messenger

acl palavras url_regex -i "/etc/squid/regras/palavras"
acl proibidos url_regex -i "/etc/squid/regras/proibidos"
acl liberados url_regex -i "/etc/squid/regras/liberados"

#IP
acl iplib src "/etc/squid/regras/iplib"
acl ipblok src "/etc/squid/regras/ipblok"

acl redelocal src 192.168.0.0/24
http_access allow iplib
http_access deny ipblok
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_reply_access deny x-msn2
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny x-msn1
http_access deny msn
http_access deny palavras !liberados
http_access deny proibidos
http_access allow all
http_access allow liberados
http_access deny manager !localhost
http_access deny all

########################***###########################

cache_effective_user proxy
cache_effective_group proxy
memory_pools off
forwarded_for off
strip_query_terms off
coredump_dir none
detect_broken_pconn on
pipeline_prefetch on

#FIM

#############################################################
#iptables

# Generated by iptables-save v1.3.8 on Tue Apr 12 09:21:03 2011
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/255.255.0.0 -o ppp0 -j MASQUERADE
# Forward HTTP connections to Squid proxy
-A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j REDIRECT --to-ports 3128
COMMIT
# Completed on Tue Apr 12 09:21:03 2011
# Generated by iptables-save v1.3.8 on Tue Apr 12 09:21:03 2011
*mangle
:PREROUTING ACCEPT [24:6876]
:INPUT ACCEPT [12:790]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10:6480]
:POSTROUTING ACCEPT [10:6480]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Tue Apr 12 09:21:03 2011
# Generated by iptables-save v1.3.8 on Tue Apr 12 09:21:03 2011
*filter
:INPUT ACCEPT [12653:15244912]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7640:1228256]
# msn lib
-A FORWARD -p tcp -m tcp -s 192.168.0.4 --dport 1863 -j ACCEPT
-A FORWARD -s 192.168.0.4 -d loginnet.passport.com -j ACCEPT
# msn
-A FORWARD -p tcp -m tcp --dport 1863 -j DROP
-A FORWARD -p tcp -s 192.168.0.0/24 --dport 1863 -j REJECT
-A FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT
COMMIT
# Completed on Tue Apr 12 09:21:03 2011

#end

0 0

Quote