triangulo amarelo na placa de rede.

1. triangulo amarelo na placa de rede.

Renan Casini
renancasini

(usa Outra)

Enviado em 06/06/2014 - 09:04h

Bom dia Pessoal!

Minha duvida é a seguinte:

Montei um proxy autenticando no AD, com regras tudo bunitinho. Porem nas estações a internet funciona normal só que fica com o sinal do triangulo amarelo como se não tivesse internet na maquina. segue meu squid.conf:


# Autenticacao no Windows 2008
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED

# Configuracoes gerais
http_port 3128
hierarchy_stoplist cgi-bin?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_replacement_policy lru
memory_replacement_policy lru
cache_mem 2 GB
maximum_object_size_in_memory 2048 KB
maximum_object_size 600 MB
minimum_object_size 1 KB
ipcache_size 2048
ipcache_low 80
ipcache_high 95
cache_dir aufs /var/spool/squid/1/ 23552 128 512
cache_dir aufs /var/spool/squid/2/ 23552 128 512
cache_dir aufs /var/spool/squid/3/ 23552 128 512
cache_dir aufs /var/spool/squid/4/ 23552 128 512
cache_replacement_policy lru
memory_replacement_policy lru
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log squid
cache_access_log /var/log/squid/access.log
cache_swap_log /var/spool/squid/swap.log
cache_mgr renan@redesedados.com.br
error_directory /usr/share/squid/errors/Portuguese
coredump_dir /var/spool/squid
refresh_pattern \^ftp: 1440 20% 10080
refresh_pattern \^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# Definicao das ACLs
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 407 # msn
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop
acl purge method PURGE
acl CONNECT method CONNECT


################################ CACHE ####################################


#### Microsoft Update####
range_offset_limit 200 MB windowsupdate
maximum_object_size 200 MB
quick_abort_min -1

#Cache de Fotos
refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.exe$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.php$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims

# Cache De videos
refresh_pattern -i \.(mp3|mp4|m4a|ogg|mov|avi|wmv|flv)$ 43200 100% 43200 ignore-no-cache override-expire ignore-private

# Cache do Windows Update
refresh_pattern -i au.download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i download.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i msgruser.dlservice.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i ctldl.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i crl.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i sqm.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i watson.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i go.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i msftncsi.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 100% 43200 reload-into-ims
refresh_pattern -i stats1.update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i windowsupdate.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i redir.metaservices.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i images.metaservices.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i c.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i www.download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf)">www.download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i wustat.windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i sls.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i productactivation.one.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims
refresh_pattern -i ntservicepack.microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 100% 43200 reload-into-ims

#Cache Java ( Faz cache do Java ) ##
refresh_pattern -i sdlc-esd.sun.com/.*\.(cab|exe|dll|msi) 999999 100% 43200 reload-into-ims
refresh_pattern -i javadl-esd.sun.com/.*\.(cab|exe|dll|msi) 999999 100% 43200 reload-into-ims
refresh_pattern -i javadl.oracle.com/.*\.(cab|exe|dll|msi) 999999 100% 43200 reload-into-ims
refresh_pattern -i rps-svcs.sun.com/.*\.(cab|exe|dll|msi) 999999 100% 43200 reload-into-ims

#Cache atulizacao avira ( Faz cache do Avira ) ##
refresh_pattern -i personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 999999 100% 43200 reload-into-ims

#Cache atualizacao symantec
refresh_pattern -i liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 999999 100% 43200 reload-into-ims
refresh_pattern -i symantecliveupdate.com/.*\.(cab|exe|dll|msi) 999999 100% 43200 reload-into-ims

#Cache avast
refresh_pattern -i avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i x2486472.ivps9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i h3565960.ivps9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i r2493514.ivps9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i x8761469.iavs9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i j7434223.iavs9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i y7292228.ivps9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i z0183749.ivps9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i c0307764.ivps9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i x9942723.iavs9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i t0964766.iavs9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i w2416805.ivps9x.u.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i ai.ff.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i eu.ff.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i su.ff.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i program.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i vl.ff.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i an.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i v7.stats.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i static.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i emupdate.avast.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims
refresh_pattern -i software-files-a.cnet.com/.*\.(vpu|cab|stamp|exe) 999999 100% 43200 reload-into-ims



###### Microsoft #####
acl windowsupdate dstdomain stats1.update.microsoft.com
acl windowsupdate dstdomain msftncsi.com
acl windowsupdate dstdomain microsoft.com
acl windowsupdate dstdomain go.microsoft.com
acl windowsupdate dstdomain watson.microsoft.com
acl windowsupdate dstdomain sqm.microsoft.com
acl windowsupdate dstdomain ctldl.windowsupdate.com
acl windowsupdate dstdomain windowsupdate.com
acl windowsupdate dstdomain msgruser.dlservice.microsoft.com
acl windowsupdate dstdomain download.microsoft.com
acl windowsupdate dstdomain au.download.windowsupdate.com
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com

#### AVAST #####
acl avast dstdomain avast.com
acl avast dstdomain software-files-a.cnet.com


######################################## CONTROLE DE BANDA #####################################################

#Crie uma acl com as extensoes serao aplicadas o filtro
acl download url_regex -i ftp .mov .mpeg .wav .tar .mp3 .exe .zip .rar .mpg. avi .rmvb .pps .wmv .msi .iso
acl navegacao urlpath_regex -i \.htm$ \.html$ \.php \.cgi \.pl \.asp \.cf$ \.jpeg$ \.jpg$ \.png$ \.gif$

# Crie outra acl com os IPs que serao aplicados a regra
acl master src "/etc/squid/master"
acl users src "/etc/squid/users"

delay_pools 2
# Significa que teremos dois controles de banda

# Primeiro controle
delay_class 1 2

#-1/-1 significa que nao teremos limites para a delay pool 1
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow master

# Segundo controle
delay_class 2 2

# Limita a sua banda para +- 700Kbits por pessoa
delay_parameters 2 80216/80216 80216/80216
delay_access 2 allow users
delay_access 2 allow navegacao

#usuarios com acesso a tudo
acl master src "/etc/squid/master"

#usuarios controlados
acl users src "/etc/squid/users"


################################################# CONTROLE DE INTERNET #################################################

external_acl_type grupo_ad %LOGIN /usr/lib/squid/wbinfo_group.pl

acl grp-diretoria external grupo_ad diretoria
acl grp-modelo external grupo_ad modelo
#acl grp-estagiarios external grupo_ad estagiarios
acl negados dstdomain -i "/etc/squid/negados"
acl negados1 dstdomain -i "/etc/squid/negados1"
#acl negados2 dstdomain -i "/etc/squid/negados2"
acl liberados dstdomain -i "/etc/squid/liberados"


acl almoco time 18:22-18:25


# Ativando as ACLs Padrao
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny to_localhost

http_access allow almoco
http_access deny negados
http_access allow grp-diretoria
http_access deny negados1
http_access allow grp-modelo
#http_access deny negados2
#http_access deny grp-estagiarios !liberados
http_access allow liberados
http_access deny all

Alguem tem ideia?



  


2. Re: triangulo amarelo na placa de rede.

Perfil removido
removido

(usa Nenhuma)

Enviado em 06/06/2014 - 09:50h

Será que é conflito de IP? Duas máquinas na rede com o mesmo IP?

Informe sua placa de rede

# lspci |fgrep -i ether

e

# lsusb


3. Re: triangulo amarelo na placa de rede.

Renan Casini
renancasini

(usa Outra)

Enviado em 06/06/2014 - 10:38h

Acredito que não pois acontece isso com todas as maquinas depois do proxy, mas todas elas navegam.

porem segue:

00:03.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
00:08.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)

e a autenticação esta funcionando pois quando logo com um usuario que não seja do dominio em qq maquina ele não nageva. pede senha do proxy.



4. Re: triangulo amarelo na placa de rede.

Renan Casini
renancasini

(usa Outra)

Enviado em 06/06/2014 - 12:08h

Estou tendo um problema com o windows update tbm..

quando peço para procurar atualizações ele me pede usuario e senha do proxy.. .porem no navegador já esta configurado e funcionando....



5. Re: triangulo amarelo na placa de rede.

Renato Carneiro Pacheco
renato_pacheco

(usa Debian)

Enviado em 06/06/2014 - 12:59h

Cara, é assim msm. O Windows é burro quando se tem um proxy configurado na máquina. Quando vc inicializa a máquina, o triângulo aparece, mas assim q vc passa a navegar na Internet (q é o momento q vc autentica no proxy), o triângulo some. Com relação ao seu Windows Update, vc deve liberar no seu squid pra não autenticar nos sites q o Windows busca pra atualizar. A melhor forma (eu acho) é colocar as estações d trabalho no domínio e instalar o WSUS pra atualizar a máquina internamente, sem q as estações atualizem d fora.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts