Acabei de migrar o servidor para o lenny, mas o squid está recusando conexão.....

[Saul Lima]

Migrei agora para o lenny e copiei meu antigo squid.conf (que funcionava sem
problemas) para a pasta  /etc/squid, o squid do lenny (2.7)  carrega sem
mostrar erros, mas as máquinas da rede não conseguem acessar a internet,
acusando que o squid está recusando conexões. Meu squid.conf é o seguinte:

http_port 3128 transparent
> visible_hostname PMM
> error_directory /usr/share/squid/errors/Portuguese/
>
> cache_mem 1024 MB
> maximum_object_size_in_memory 250 KB
> maximum_object_size 600 MB
> minimum_object_size 0 KB
> cache_swap_low 90
> cache_swap_high 95
> cache_dir ufs /var/spool/squid 20480 64 256
> cache_access_log /var/log/squid/access.log
> refresh_pattern ^ftp: 1440 20% 2280
> refresh_pattern ^gopher: 1440 20% 2280
> refresh_pattern . 60 20% 2280
>
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
> acl purge method PURGE
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
>
> #bloqueio de extensões e sites
> acl proibidos url_regex -i \.exe \.mp3 \.vqf \.tar.gz \.gz \.rpm \.avi
> \.mpeg \.mpe \.mpg \.qt \.ram \.rm \.iso \.raw \.wav \.flv \.bat \.torrent
> \.wma \.scr
> acl proibidos_chefe url_regex -i \.mp3 \.vqf \.tar.gz \.gz \.rpm \.avi
> \.mpeg \.mpe \.mpg \.qt \.ram \.rm \.iso \.raw \.wav \.flv \.bat \.torrent
> \.wmv \.wma \.scr
> acl sites url_regex -i "/etc/squid/sites"
>
> acl manutencao arp 00:15:f2:a5:ed:11
> acl redelocal arp "/etc/squid/usuarios"
> acl chefes arp "/etc/squid/chefes"
>
>
> delay_pools 2
> delay_class 1 2
> delay_parameters 1 57600/57600 7680/7168
> delay_class 2 2
> delay_parameters 2 57600/57600 7680/16384
> delay_access 1 allow redelocal
> delay_access 1 allow manutencao
> delay_access 1 allow localhost
> delay_access 2 allow chefes
>
>
>
> http_access deny sites redelocal
> http_access deny sites chefes
> http_access deny proibidos redelocal
> http_access deny proibidos_chefe chefes
> http_access deny proibidos_chefe manutencao
> http_access allow manutencao
> http_access allow localhost
> http_access allow redelocal
> http_access allow chefes
> http_access deny all
>

Depois de rodar o squid eu executei os comandos:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING  -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward