Migrei agora para o lenny e copiei meu antigo squid.conf (que funcionava sem problemas) para a pasta /etc/squid, o squid do lenny (2.7) carrega sem mostrar erros, mas as máquinas da rede não conseguem acessar a internet, acusando que o squid está recusando conexões. Meu squid.conf é o seguinte:
http_port 3128 transparent > visible_hostname PMM > error_directory /usr/share/squid/errors/Portuguese/ > > cache_mem 1024 MB > maximum_object_size_in_memory 250 KB > maximum_object_size 600 MB > minimum_object_size 0 KB > cache_swap_low 90 > cache_swap_high 95 > cache_dir ufs /var/spool/squid 20480 64 256 > cache_access_log /var/log/squid/access.log > refresh_pattern ^ftp: 1440 20% 2280 > refresh_pattern ^gopher: 1440 20% 2280 > refresh_pattern . 60 20% 2280 > > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl SSL_ports port 443 563 > acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535 > acl purge method PURGE > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > > #bloqueio de extensões e sites > acl proibidos url_regex -i \.exe \.mp3 \.vqf \.tar.gz \.gz \.rpm \.avi > \.mpeg \.mpe \.mpg \.qt \.ram \.rm \.iso \.raw \.wav \.flv \.bat \.torrent > \.wma \.scr > acl proibidos_chefe url_regex -i \.mp3 \.vqf \.tar.gz \.gz \.rpm \.avi > \.mpeg \.mpe \.mpg \.qt \.ram \.rm \.iso \.raw \.wav \.flv \.bat \.torrent > \.wmv \.wma \.scr > acl sites url_regex -i "/etc/squid/sites" > > acl manutencao arp 00:15:f2:a5:ed:11 > acl redelocal arp "/etc/squid/usuarios" > acl chefes arp "/etc/squid/chefes" > > > delay_pools 2 > delay_class 1 2 > delay_parameters 1 57600/57600 7680/7168 > delay_class 2 2 > delay_parameters 2 57600/57600 7680/16384 > delay_access 1 allow redelocal > delay_access 1 allow manutencao > delay_access 1 allow localhost > delay_access 2 allow chefes > > > > http_access deny sites redelocal > http_access deny sites chefes > http_access deny proibidos redelocal > http_access deny proibidos_chefe chefes > http_access deny proibidos_chefe manutencao > http_access allow manutencao > http_access allow localhost > http_access allow redelocal > http_access allow chefes > http_access deny all > Depois de rodar o squid eu executei os comandos: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 echo 1 > /proc/sys/net/ipv4/ip_forward