leozitoalves
(usa Ubuntu)
Enviado em 03/06/2011 - 16:08h
Ola Galera, sou novo no linux e estou no seguinte cenário
Preciso configurar meu servidor Proxy de modo que ele fique abaixo do roteador, não necessite autenticação, e não seja necessário “setar” na maquina o Proxy para acesso e que eu tenha acesso pela web na configuração de bloqueios. Fiz as configurações porém ao inserir na rede as maquinas não pegam dhcp, logo não sei tbm se o Proxy esta a funcionar.
Como preciso que fique a Rede: Internet >> Modem >> Roteador >> Proxy >> Micros
A seguir as configurações dos softwares que instalei – Iptables, Squid3, dhcp3-client, webmin, Placas de rede ( configuração )
Não sei se falta algo para que o Proxy funcione, segue configurações
“Iptables”
#!/bin/bash
echo
echo Firewall
echo
echo POR:
echo
echo
echo
echo
echo "CARREGANDO FIREWALL "
echo ...............
echo ..............
echo .............
echo ............
echo ...........
echo ..........
echo .........
echo ........
echo .......
echo ......
echo .....
echo ....
echo ...
echo ..
echo .
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo Feito!
echo
--------------------------------------------------------------------------------------
“Squid3”
http_port 192.168.1.1:8080 transparent
visible_hostname Internet
acl all src 192.168.1.1/24
acl bloqueados url_regex -i src 192.168.1.1/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
cache com memoria
cache_mem 64 MB
#tamanho maximo do arquivo aberto na memoria
maximum_object_size_in_memory 768 KB
#cache com disco
maximum_object_size 400 MB
minimum_object_size 0 KB
#Armazenagem de dados do cache
cache_dir ufs /etc/squid3 192 20 384
#log do squid
cache_access_log /etc/squid3/access.log
#liberar por ip
acl ip src "/etc/squid3/ip"
http_access allow ip
#Sites bloqueados
acl bloqueados url_regex -i "/etc/squid3/bloqueados"
http_access deny bloqueados
#pagina de erro acesso
error_directory /usr/share/squid3/errors/Portuguese/
http_access allow localhost
http_access allow redelocal
http_access deny all bloqueados!
-----------------------------------------------------------------------------------------
DHCP.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
#Máscara da rede
option subnet-mask 255.255.255.0;
#Broadcast que será utilizado na rede
option broadcast-address 255.255.255.0;
#Roteador da rede que neste caso será o próprio servidor DHCP
option routers 192.168.1.1;
#Servidor de domínio da rede (DNS) que também é o próprio servidor
option domain-name-servers 192.168.1.1;
#Nome do domínio da rede
option domain-name "rede";
#Aqui mostra qual a rede que será utilizada no DHCP Server e o
#range de IPs que será utilizado para enviar para as máquinas da rede
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.16 192.168.1.253;
}
-------------------------------------------------------------------------------------------
Dhclint.conf
# Configuration file for /sbin/dhclient, which is included in Debian's
# dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
# man page for more information about the syntax of this file
# and a more comprehensive list of the parameters understood by
# dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
# not leave anything out (like the domain name, for example), then
# few changes must be made to this file, if any.
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name "<hostname>";
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
#prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
#require subnet-mask, domain-name-servers;
#timeout 60;
#retry 60;
#reboot 10;
#select-timeout 5;
#initial-interval 2;
#script "/etc/dhcp3/dhclient-script";
#media "-link0 -link1 -link2", "link0 link1";
#reject 192.33.137.209;
#alias {
# interface "eth0";
# fixed-address 192.5.5.213;
# option subnet-mask 255.255.255.255;
#}
#lease {
# interface "eth0";
# fixed-address 192.33.137.200;
# medium "link0 link1";
# option host-name "andare.swiftmedia.com";
# option subnet-mask 255.255.255.0;
# option broadcast-address 192.33.137.255;
# option routers 192.33.137.250;
# option domain-name-servers 127.0.0.1;
# renew 2 2000/1/12 00:00:01;
# rebind 2 2000/1/12 00:00:01;
# expire 2 2000/1/12 00:00:01;
#}
--------------------------------------------------------------------------------------
“WEBMIN”
“config”
ld_env=LD_LIBRARY_PATH
passwd_cindex=2
passwd_uindex=0
find_pid_command=ps auwwwx | grep NAME | grep -v grep | awk '{ print $2 }'
path=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
passwd_pindex=1
passwd_mindex=4
passwd_file=/etc/shadow
tempdelete_days=7
by_view=0
os_type=debian-linux
os_version=6.0
real_os_type=Ubuntu Linux
real_os_version=11.04
log=1
referers_none=1
md5pass=1
theme=blue-theme
product=webmin
--------------------------------------------------------------------------------------
Interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.5
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
#dns-nameservers 10.0.0.1 8.8.8.8
# The second network interface
#interface eth1
auto eth1
iface eth1 inet dhcp