squid 2.7 TCP_MISS/417

13. Re: squid 2.7 TCP_MISS/417

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 05/05/2010 - 16:29h

Huiahiahua... não, véio. Aquela linha era pra vc digitar no console e não pô-la dentro do arquivo. Deixe o conteúdo do arquivo assim:

#192.168.0.128
#192.168.0.93
192.168.0.186
#192.168.0.49
192.168.0.50
192.168.0.53
192.168.0.80
#192.168.0.198
192.168.0.50
192.168.0.67
#192.168.0.179
#192.168.0.52
#192.168.0.103
#192.168.0.14
#192.168.0.100


  


14. Re: squid 2.7 TCP_MISS/417

renan rosolem chinelatto
pok182

(usa Ubuntu)

Enviado em 05/05/2010 - 16:34h

meu ip ja estava na lista de ip_livre

root@ubuntu2:~# vi /etc/squid/acls/ip_livre
root@ubuntu2:~# vi /etc/squid/acls/ip_livre
#192.168.0.128
#192.168.0.93
192.168.0.186
#192.168.0.49
192.168.0.53
192.168.0.80
#192.168.0.198
192.168.0.50 # aqui eh o meu ip
192.168.0.67
#192.168.0.179
#192.168.0.52
#192.168.0.103
#192.168.0.14
#192.168.0.100



15. Re: squid 2.7 TCP_MISS/417

renan rosolem chinelatto
pok182

(usa Ubuntu)

Enviado em 05/05/2010 - 16:36h

e se tentarmos liberar pelo firewall?


16. Re: squid 2.7 TCP_MISS/417

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 05/05/2010 - 16:43h

Ah, tá. Pelo firewall é mais garantido.


17. Re: squid 2.7 TCP_MISS/417

renan rosolem chinelatto
pok182

(usa Ubuntu)

Enviado em 05/05/2010 - 16:48h

qual seria a regra de firewall?

bom meu firewall é esse:

modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward

# Zerando o Firewall (Flush)
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

#iptables -A INPUT -p tcp --syn .i eth0 .s 192.168.0.50/32 .o eth1 --destination-port 80 -j ACCEPT
#iptables -A INPUT -p tcp --syn .i eth0 .s 192.168.0.50/32 .o eth1 --destination-port 443 -j ACCEPT

#EMAIL
#iptables -A FORWARD -p TCP --dport 25 -i eth0 -j ACCEPT
#i3iptables -A FORWARD -p UDP --dport 53 -i eth0 -j ACCEPT
#iptables -A FORWARD -p TCP --dport 110 -i eth0 -j ACCEPT
#iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.1 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.1 --sport 53 -d 192.168.0.0/24 -j ACCEPT

iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.246.46.173 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.246.46.173 --sport 53 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.246.46.132 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.246.46.132 --sport 53 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.0.0/24 --dport 25 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.0.0/24 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE

#Liberar MSN
iptables -A FORWARD -s 192.168.0.50 -p tcp --dport 1863 -j ACCEPT # Renan
#iptables -A FORWARD -s 192.168.0.50 -d loginnet.passport.com -j ACCEPT #Renan

iptables -A FORWARD -s 192.168.0.178 -p tcp --dport 1863 -j ACCEPT # Matheus
#iptables -A FORWARD -s 192.168.0.178 -d loginnet.passport.com -j ACCEPT #Matheus

iptables -A FORWARD -s 192.168.0.15 -p tcp --dport 1863 -j ACCEPT # Gustavo
#iptables -A FORWARD -s 192.168.0.15 -d loginnet.passport.com -j ACCEPT #Gustavo

iptables -A FORWARD -s 192.168.0.147 -p tcp --dport 1863 -j ACCEPT # Leandro
#iptables -A FORWARD -s 192.168.0.15 -d loginnet.passport.com -j ACCEPT


iptables -A FORWARD -s 192.168.0.146 -p tcp --dport 1863 -j ACCEPT # Elide
#iptables -A FORWARD -s 192.168.0.146 -d loginnet.passport.com -j ACCEPT #Elide

iptables -A FORWARD -s 192.168.0.28 -p tcp --dport 1863 -j ACCEPT # Bruno
#iptables -A FORWARD -s 192.168.0.28 -d loginnet.passport.com -j ACCEPT # Bruno

iptables -A FORWARD -s 192.168.0.25 -p tcp --dport 1863 -j ACCEPT # Daniela
#iptables -A FORWARD -s 192.168.0.25 -d loginnet.passport.com -j ACCEPT #Daniela

iptables -A FORWARD -s 192.168.0.78 -p tcp --dport 1863 -j ACCEPT # Evelise
#iptables -A FORWARD -s 192.168.0.78 -d loginnet.passport.com -j ACCEPT # Evelise
iptables -A FORWARD -s 192.168.0.78 -p tcp --dport 1863 -j ACCEPT # Evelise
#iptables -A FORWARD -s 192.168.0.78 -d loginnet.passport.com -j ACCEPT # Evelise

iptables -A FORWARD -s 192.168.0.53 -p tcp --dport 1863 -j ACCEPT # Cirulli
#iptables -A FORWARD -s 192.168.0.53 -d loginnet.passport.com -j ACCEPT # Cirulli

iptables -A FORWARD -s 192.168.0.26 -p tcp --dport 1863 -j ACCEPT # Lilian
#iptables -A FORWARD -s 192.168.0.26 -d loginnet.passport.com -j ACCEPT #Lilian

iptables -A FORWARD -s 192.168.0.120 -p tcp --dport 1863 -j ACCEPT # Prisciliana
#iptables -A FORWARD -s 192.168.0.120 -d loginnet.passport.com -j ACCEPT # Prisciliana

iptables -A FORWARD -s 192.168.0.69 -p tcp --dport 1863 -j ACCEPT # Rodrigo
#iptables -A FORWARD -s 192.168.0.69 -d loginnet.passport.com -j ACCEPT #Rodrigo

iptables -A FORWARD -s 192.168.0.67 -p tcp --dport 1863 -j ACCEPT # Juliana
#iptables -A FORWARD -s 192.168.0.67 -d loginnet.passport.com -j ACCEPT # Juliana

iptables -A FORWARD -s 192.168.0.68 -p tcp --dport 1863 -j ACCEPT # Andressa
#iptables -A FORWARD -s 192.168.0.68 -d loginnet.passport.com -j ACCEPT # Andressa

iptables -A FORWARD -s 192.168.0.63 -p tcp --dport 1863 -j ACCEPT # Flavia
#iptables -A FORWARD -s 192.168.0.64 -d loginnet.passport.com -j ACCEPT # Flavia

#Bloquiar MSN
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT
#iptables -A FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT



# Habilitando Masquerade e forwarding
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
#iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT

iptables -A FORWARD -s 192.168.126.129 -j ACCEPT
iptables -A FORWARD -s 192.168.0.128 -j ACCEPT
iptables -A FORWARD -s 192.168.0.49 -j ACCEPT
iptables -A FORWARD -s 192.168.0.179 -j ACCEPT
iptables -A FORWARD -s 192.168.0.95 -j ACCEPT
iptables -A FORWARD -s 192.168.0.109 -j ACCEPT
iptables -A FORWARD -s 192.168.0.88 -j ACCEPT
iptables -A FORWARD -s 192.168.0.186 -j ACCEPT
iptables -A FORWARD -s 192.168.0.50 -j ACCEPT
iptables -A FORWARD -s 192.168.0.80 -j ACCEPT
iptables -A FORWARD -s 192.168.0.254 -j ACCEPT
iptables -A FORWARD -s 192.168.0.11 -j ACCEPT
iptables -A FORWARD -s 192.168.0.63 -j ACCEPT
iptables -A FORWARD -s 192.168.0.147 -j ACCEPT
iptables -A FORWARD -s 192.168.0.93 -j ACCEPT
iptables -A FORWARD -s 192.168.0.65 -j ACCEPT
iptables -A FORWARD -s 192.168.0.71 -j ACCEPT
iptables -A FORWARD -s 192.168.0.138 -j ACCEPT
iptables -A FORWARD -s 192.168.0.28 -j ACCEPT
iptables -A FORWARD -s 192.168.0.146 -j ACCEPT
iptables -A FORWARD -s 192.168.0.26 -j ACCEPT
iptables -A FORWARD -s 192.168.0.25 -j ACCEPT
iptables -A FORWARD -s 192.168.0.68 -j ACCEPT
iptables -A FORWARD -s 192.168.0.69 -j ACCEPT
iptables -A FORWARD -s 192.168.0.101 -j ACCEPT
iptables -A FORWARD -s 192.168.0.69 -j ACCEPT
iptables -A FORWARD -s 192.168.0.101 -j ACCEPT
iptables -A FORWARD -s 192.168.0.59 -j ACCEPT
iptables -A FORWARD -s 192.168.0.49 -j ACCEPT
iptables -A FORWARD -s 192.168.0.56 -j ACCEPT
iptables -A FORWARD -s 192.168.0.144 -j ACCEPT
iptables -A FORWARD -s 192.168.0.48 -j ACCEPT
iptables -A FORWARD -s 192.168.0.47 -j ACCEPT
iptables -A FORWARD -s 192.168.0.51 -j ACCEPT
iptables -A FORWARD -s 192.168.0.58 -j ACCEPT
iptables -A FORWARD -s 192.168.0.46 -j ACCEPT
iptables -A FORWARD -s 192.168.0.156 -j ACCEPT
iptables -A FORWARD -s 192.168.0.12 -j ACCEPT
iptables -A FORWARD -s 192.168.0.14 -j ACCEPT
iptables -A FORWARD -s 192.168.0.53 -j ACCEPT
iptables -A FORWARD -s 192.168.0.30 -j ACCEPT
iptables -A FORWARD -s 192.168.0.186 -j ACCEPT
iptables -A FORWARD -s 192.168.0.35 -j ACCEPT
iptables -A FORWARD -s 192.168.0.78 -j ACCEPT
iptables -A FORWARD -s 192.168.0.174 -j ACCEPT





iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# STATE RELATED para Router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Rede interna tem acesso permitido
iptables -A INPUT -p tcp -s 127.0.0.1/255.255.255.255 -j ACCEPT
iptables -A INPUT -p udp -s 127.0.0.1/255.255.255.255 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p tcp -s 10.0.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p udp -s 0.0.0.0/0.0.0.0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 0.0.0.0/0.0.0.0 -j DROP

#Liberar computadores
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 0.0.0.0/0.0.0.0 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/16 -s 0.0.0.0/0.0.0.0 --dport 443 -j ACCEPT

#Liberar Receita
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 0.0.0.0/0.0.0.0 --dport 3456 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/16 -s 0.0.0.0/0.0.0.0 --dport 3456 -j ACCEPT

#Conectividade - CAD Unico
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.201.174.204 --dport 2631 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/16 -s 200.201.174.204 --dport 2631 -j ACCEPT

#Recarga de cartao Passe
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 174.133.30.170 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 174.133.30.194 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 --dport 3306 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/16 --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.171.74.227 --dport 1433 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.171.74.227 --dport 1433 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.171.74.227 --dport 1434 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.171.74.227 --dport 1433 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.171.74.227 --dport 1434 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.171.74.227 --dport 1434 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.171.74.227 --dport 1446 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.171.74.227 --dport 1446 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.144.5.48 --dport 1498 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.144.5.48 --dport 1446 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.144.5.48 --dport 1498 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.144.5.48 --dport 1446 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/16 --dport 1446 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 189.5.194.64 --dport 7486 -j ACCEPT

#iptables -A FORWARD -p tcp -s 192.168.0.52 -d www.claro.com.br -j ACCEPT
#iptables -A FORWARD -p udp -d 192.168.0.52 -s www.claro.com.br -j ACCEPT


iptables -A FORWARD -p tcp -s 192.168.0.0/16 --dport 3356 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/16 --dport 3356 -j ACCEPT

iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 5900 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 5900 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 1863 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 44405 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 44405 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 55901 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 55901 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.50 --dport 27442 -j ACCEPT

#rede interna
#iptables -A FORWARD -p tcp -d 192.168.0.134 -j ACCEPT
#iptables -A FORWARD -p tcp -s 192.168.0.134 -j ACCEPT


# Portas que estao abertas para a internet
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 221 -j ACCEPT
#Porta do Remote Desktop
iptables -A INPUT -p tcp --dport 3389 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 65432 -j ACCEPT
iptables -A INPUT -p tcp --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp --dport 44405 -j ACCEPT
iptables -A INPUT -p tcp --dport 55901 -j ACCEPT
iptables -A INPUT -p tcp --dport 7486 -j ACCEPT
iptables -A INPUT -p tcp --dport 27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 27442 -j ACCEPT

# Permitir ICMP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT

#iptables -t nat -A PREROUTING -d www.ciee.org.br -j ACCEPT
#iptables -t nat -A PREROUTING -d redir.folha.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d f.i.uol.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d www.folha.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d www.farmaciasdelimeira.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.234.200.68 -j ACCEPT
#iptables -t nat -A PREROUTING -d www.pmas.sp.gov.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.144.6.210 -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.144.6.9 -j ACCEPT
#iptables -t nat -A PREROUTING -d www.mds.gov.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 192.168.0.105 -j ACCEPT
#iptables -t nat -A PREROUTING -d 201.65.178.130 -j ACCEPT
#iptables -t nat -A PREROUTING -d www14.bancodobrasil.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 170.66.1.60 -j ACCEPT
#iptables -t nat -A PREROUTING -d office.bancobrasil.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 189.47.163.127 --dport 300 -j ACCEPT
#iptables -t nat -A PREROUTING -d 189.5.194.64 --dport 7486 -j ACCEPT
#iptables -t nat -A PREROUTING -d 189.5.194.64 -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.155.160.200 -j ACCEPT

#iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.50 -d 0/0 -j ACCEPT #--> quem for liberado aqui nãpassa pela regra seguinte
#iptables -t nat -A PREROUTING -i eth0 -p tcp -d 0/0 --dport http -j REDIRECT --to-port 3128
# Direciona todo o trafego da porta 80 para o Squid
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128

#Redireciona porta 3389 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 3389 -j DNAT --to 192.168.0.250:3389
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 3389 -j ACCEPT

#Redireciona porta 3389 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 3390 -j DNAT --to 192.168.0.250:3389
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 3389 -j ACCEPT

#Redireciona porta 5432 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 5432 -j DNAT --to 192.168.0.250:5432
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 5432 -j ACCEPT

#Redireciona porta 5432 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 65432 -j DNAT --to 192.168.0.250:65432
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 65432 -j ACCEPT

#Redireciona porta 5900 para o Windows (MArio)
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 5900 -j DNAT --to 192.168.0.49:5900
iptables -t nat -A POSTROUTING -d 192.168.0.49 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.49 --dport 5900 -j ACCEPT

#redireciona porta 8080 para porta 80 srvconan
iptables -t nat -A PREROUTING -p tcp -d 201.75.229.121 --dport 8080 -j DNAT --to 192.168.0.105:80
iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 80 -j ACCEPT

#iptables -t nat -A PREROUTING -p tcp -d 187.2.29.193 --dport 8080 -j DNAT --to 192.168.0.105:80
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -t nat -A PREROUTING -p tcp -d 187.2.29.193 --dport 8080 -j DNAT --to 192.168.0.105:80
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 80 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 8080 -j DNAT --to 192.168.0.105:80

#iptables -t nat -A PREROUTING -p tcp -d 201.75.229.121 --dport 8080 -j DNAT --to 192.168.0.105:80
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 80 -j ACCEPT

#Redireciona porta 300 para a porta 22 do SRVCONAN
#iptables -t nat -A PREROUTING -p tcp -d 201.75.229.121 --dport 300 -j DNAT --to 192.168.0.105:22
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 22 -j ACCEPT


iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 300 -j DNAT --to 192.168.0.105:22
iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 22 -j ACCEPT



18. Re: squid 2.7 TCP_MISS/417

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 05/05/2010 - 17:02h

Olhe nessa linha:

#iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.50 -d 0/0 -j ACCEPT #--> quem for liberado aqui nãpassa pela regra seguinte

É só retirar o cerquilha (#) do começo da linha, salvar e reiniciar o firewall.


19. Re: squid 2.7 TCP_MISS/417

renan rosolem chinelatto
pok182

(usa Ubuntu)

Enviado em 05/05/2010 - 17:05h

retirei e nao funcionou
:(


20. Re: squid 2.7 TCP_MISS/417

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 05/05/2010 - 17:12h

Modifique essa regra então:

iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.50 -d 0/0 -p tcp --dport 80 -j REDIRECT --to-port 80


21. Re: squid 2.7 TCP_MISS/417

renan rosolem chinelatto
pok182

(usa Ubuntu)

Enviado em 06/05/2010 - 15:14h

Aparentemente resolveu... vou enviar pacotes para o TCE hj mais tarde e volto postar aki o resultado



01 02



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts