Bom Matheus aqui uso: Debian Etch kernel 2.6.18-6-686 Squid Cache: Version 2.6.STABLE5
Aqui tenho 3 placas de rede uma Wan (eth2) duas Lan (eth1,eth0) segue abaixo o meu script do iptables e meu squid.conf com o masquerade funcionando e o msn tb nos ips que estão liberados para usa-lo IPTABLES #!/bin/bash ### BEGIN INIT INFO # Provides: Compartilhar # Required-Start: # Required-Stop: # Default-Start: S # Default-Stop: # Short-Description: Ativa o NAT e regras do IPTABLES. # Description: ### END INIT INFO iniciar(){ #Libera a interface de loopback iptables -A INPUT -i lo -j ACCEPT #Habilita o NAT echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE #Protege contra IP spoofing echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter #Descarta pacotes mal formados protegendo contra ataques diversos iptables -A INPUT -m state --state INVALID -j DROP #Libera a porta do SQUID #iptables -A INPUT -p tcp --dport 3128 -j ACCEPT #Libera a Porta 22 do SSH para todos iptables -A INPUT -p tcp --dport 22 -j ACCEPT #Libera as portas do SAMBA iptables -A INPUT -p tcp --dport 139 -j ACCEPT iptables -A INPUT -p tcp --dport 445 -j ACCEPT iptables -A INPUT -p udp --dport 137:138 -j ACCEPT #Libera as portas do DNS iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT #libera a porta do NTP iptables -A INPUT -p udp --dport 123 -j ACCEPT #libera as portas HTTP e HTTPS iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT #Proxy transparente na interface eth1(Professores) iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT -- to-port 3128 iptables -A INPUT -s 192.168.6.0/24 -p tcp --dport 3128 -j ACCEPT #IPs PROFESSORES com todas as portas liberadas iptables -A INPUT -s 192.168.6.0/24 -p tcp --dport 1:65535 -j ACCEPT iptables -A FORWARD -s 192.168.6.0/24 -p tcp --dport 1:65535 -j ACCEPT #IPs LABORATORIO com todas as portas liberadas iptables -A INPUT -s 192.168.5.250 -p tcp --dport 1025:65535 -j ACCEPT iptables -A FORWARD -s 192.168.5.250 -p tcp --dport 1025:65535 -j ACCEPT #Proxy Transparente na interface eth0 (Laboratorio) iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT -- to-port 3128 iptables -A INPUT -s 192.168.5.0/24 -p tcp --dport 3128 -j ACCEPT #Libera a Porta do Windows Terminal Server iptables -A INPUT -s 192.168.5.0/24 -p tcp --dport 3389 -j ACCEPT iptables -A FORWARD -s 192.168.5.0/24 -p tcp --dport 3389 -j ACCEPT #Bloqueia Portas de 1025 a 65535 iptables -A INPUT -s 192.168.5.0/24 -p tcp --dport 1025:65535 -j DROP iptables -A FORWARD -s 192.168.5.0/24 -p tcp --dport 1025:65535 -j DROP #Garante que o FIREWALL permitira pacotes de conexões, já iniciadas iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Impede a abertura de novas conexões, efetivamente bloqueando o acesso #externo ao seu servidor, com exceção das portas e faixas de endereços #especificados anteriormente iptables -A INPUT -p tcp --syn -j DROP echo "Regras de FIREWALL e compartilhamento ATIVADOS" } parar(){ iptables -F iptables -F -t nat echo "Regras de FIREWALL e compartilhamento DESATIVADOS" } case "$1" in "start") iniciar ;; "stop") parar ;; "restart") parar; iniciar ;; *) echo "Use os parametros start ou stop" esac SQUID http_port 192.168.5.252:3128 transparent http_port 192.168.6.252:3128 transparent cache_mem 256 MB maximum_object_size_in_memory 64 KB maximum_object_size 512 MB minimum_object_size 0 KB cache_swap_low 90 cache_swap_high 95 cache_dir ufs /var/cache/squid 2048 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log #emulate_http_log off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 82 21 443 563 70 210 3050 #1025-65535 acl Safe_ports port 280 #http-mgmt acl Safe_ports port 488 #gss-http acl Safe_ports port 591 #filemaker acl Safe_ports port 777 #multiling http acl CONNECT method CONNECT #Bloqueia o MSN acl msn_livre src "/etc/squid/ips_liberados" acl msn_web url_regex webmessenger.msn.com acl msn url_regex -i /gateway/gateway.dll #Bloqueia o Gtalk acl gtalk url_regex -i mail.google.com/mail/channel/bind http_access deny gtalk ### Block AOL and YAHOO acl aolyahoo dstdomain login.oscar.aol.com acl aolyahoo dstdomain pager.yahoo.com acl aolyahoo dstdomain shttp.msg.yahoo.com acl aolyahoo dstdomain update.messenger.yahoo.com acl aolyahoo dstdomain update.pager.yahoo.com http_access deny aolyahoo !msn_livre http_access deny msn_web http_access deny msn #pode acessar tudo acl ips_liberados src "/etc/squid/ips_liberados" #nao acessa nada acl ips_proibidos src "/etc/squid/ips_proibidos" #hosts totalmente liberados acl hosts_liberados dst "/etc/squid/hosts_liberados" #hosts totalmente proibidos acl hosts_proibidos dst "/etc/squid/hosts_proibidos" #urls laboratório acl liberadas_lab url_regex "/etc/squid/liberadas_lab" acl proibidas_lab url_regex -i "/etc/squid/proibidas_lab" #ips laboratorio acl intranet_lab src 192.168.5.0/255.255.255.0 http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #regra ips liberados lab http_access allow ips_liberados http_access allow hosts_liberados http_access deny ips_proibidos #Intranet Lab http_access deny intranet_lab gtalk http_access allow intranet_lab liberadas_lab http_access deny intranet_lab proibidas_lab http_access deny intranet_lab hosts_proibidos http_access allow intranet_lab #regra ips especiais #regra hosts liberados http_access allow hosts_liberados http_access deny hosts_proibidos icp_access allow all miss_access allow all #logfile_rotate 4 error_directory /usr/share/squid/errors/Portuguese -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]