squid range de ips

1. squid range de ips

bruno cunha
brunocunha

(usa Fedora)

Enviado em 08/04/2009 - 17:43h

meu squid 'e assim

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.4.0/255.255.255.0 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl sitios url_regex -i "/etc/squid/sitios"
acl palavras url_regex -i "/etc/squid/palavras"
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow sitios
http_access deny all
http_access deny palavras
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 8888 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icp_port 3130
coredump_dir /var/spool/squid


xxxxxxxxxxxxxxxxxxxxxxxxxx
entao gostaria de adicionar uma faixa de ips estaticos de 192.168.4.2 ate192.168.4.39 para terem acesso liberado a tudo. sem mecher muito nessa configuracao :-)
obrigado.


  


2. A exemplo...

Davi Ribeiro
dastyler

(usa Fedora)

Enviado em 08/04/2009 - 17:51h

da sua conf:

acl localnet src 192.168.4.0/255.255.255.0

Coloque uma outra acl assim:
acl range src 192.168.4.2/192.168.4.39

http_access allow (ou) deny range

ou:

acl range src "/caminho/do/arquivo/com/os/ips"


[]´s



3. Re: squid range de ips

bruno cunha
brunocunha

(usa Fedora)

Enviado em 08/04/2009 - 18:06h

eu ja tentei algo do tipo mas olha o que aparece:

[root@localhost ~]# service squid restart
Stopping squid: 2009/04/08 18:04:36| WARNING: '192.168.4.2/192.168.4.39' is a subnetwork of '192.168.4.2'
2009/04/08 18:04:36| WARNING: because of this '192.168.4.2' is ignored to keep splay tree searching predictable
2009/04/08 18:04:36| WARNING: You should probably remove '192.168.4.2/192.168.4.39' from the ACL named 'range'
2009/04/08 18:04:36| cache_cf.cc(346) squid.conf:26 unrecognized: 'http_acces'
................ [ OK ]
2009/04/08 18:05:08| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2009/04/08 18:05:08| WARNING: '192.168.4.2/192.168.4.39' is a subnetwork of '192.168.4.2'
2009/04/08 18:05:08| WARNING: because of this '192.168.4.2' is ignored to keep splay tree searching predictable
2009/04/08 18:05:08| WARNING: You should probably remove '192.168.4.2/192.168.4.39' from the ACL named 'range'
2009/04/08 18:05:08| cache_cf.cc(346) squid.conf:26 unrecognized: 'http_acces'
2009/04/08 18:05:08| Initializing https proxy context
Starting squid: [FAILED]



4. Tente então...

Davi Ribeiro
dastyler

(usa Fedora)

Enviado em 09/04/2009 - 14:24h

este exemplo:

acl ippermitidos src "/usr/local/squid/etc/squid/ip_permitidos"

e relacione os ips dentro deste arquivo e complete a regra com allow ou deny (dependeno do caso) com:

http_access allow ippermitidos

E remova a regra que passei antes do 192.168.4.2/192.168.4.39.

Tem outro erro de digitação na regra que é http_acces ao invés de http_access.

[]´s








Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts