Caros, Faltou placa de rede intel gigabit (2 placas): Ethernet controller: Intel Corporation 82541GI Gigabit Ethernet Controller (rev 05) Ethernet controller: Intel Corporation 82541GI Gigabit Ethernet Controller (rev 05)
Att. Leandro Mo 2009/11/19 Leandro Moreira <lean...@leandromoreira.eti.br> > Poweredge da dell com 1 GB de RAM processador xeon 2.4 GH nucleo duplo HD > SCSI de 80 GB. > Dentro de alguns dias devo receber mais 6 GB memoria pra ele. > > Att. > > Leandro Moreira > > 2009/11/19 Egberto Monteiro <servido...@futuro.usp.br> > > Qual a configuração (HW) do servidor que está com o dansguardian e quantos >> clientes vc possui. >> Meus clientes nem notam a diferença aqui. >> >> >> Leandro Moreira wrote: >> >>> Marcelo, >>> Testei a sua sugestão funcionou em partes, funcionou pois nao pegava ip's >>> da >>> minha rede interna nem nos logs do dansguardian nem nos logs do proxy e >>> isso >>> ja passou a acontecer. >>> Mas a internet ficou extremamente lenta. >>> Estou verificando as configurações pra ver se descubro o q pode ser, se >>> por >>> acaso tiver mais alguma sugestão, fico agradecido. >>> >>> Att. >>> >>> Leandro Moreira >>> >>> >>> >>> >>> 2009/11/19 Marcelo <msala...@gmail.com> >>> >>> >>> >>>> Leandro, >>>> >>>> Faz um teste rápido, >>>> >>>> altera: >>>> proxyip = 127.0.0.1 >>>> para >>>> proxyip = sua placa interna por exemplo 192.168.0.1 >>>> >>>> Abraços, >>>> Marcelo >>>> >>>> >>>> Leandro Moreira wrote: >>>> >>>> >>>>> Caros, >>>>> Segue abaixo o meu dansguardian.conf: >>>>> >>>>> # comente esta linha para dizer que já o configuramos >>>>> #UNCONFIGURED - Please remove this line after configuration >>>>> >>>>> # 3 = usar HTML template para acessos negados >>>>> reportinglevel = 3 >>>>> >>>>> # Diretório de Linguagens >>>>> languagedir = '/etc/dansguardian/languages' >>>>> >>>>> # Linguagem usada: >>>>> language = 'portuguese' >>>>> >>>>> #Nível de log 0 = nenhum 1 = somente negado 2 = todos acessados 3 = >>>>> Todos requisições >>>>> loglevel = 3 >>>>> >>>>> # 2 = always log & mark exceptions (default) >>>>> logexceptionhits = 2 >>>>> >>>>> # Formato do log, 1 = Formato default. >>>>> logfileformat = 1 >>>>> >>>>> # Localização do arquivo de log >>>>> loglocation = '/var/log/dansguardian/access.log' >>>>> >>>>> # Ips filtrados individualmente >>>>> filterip = >>>>> >>>>> # Porta de escuta do Dansguardian >>>>> filterport = 8080 >>>>> >>>>> # Ip do proxy, onde está o squid >>>>> proxyip = 127.0.0.1 >>>>> >>>>> # porta do squid >>>>> proxyport = 3128 >>>>> >>>>> # url de acesso negado >>>>> accessdeniedaddress = >>>>> 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' >>>>> >>>>> # Default is enabled, but to go back to the standard mode, disable it. >>>>> nonstandarddelimiter = on >>>>> >>>>> # Usar banner do dansguardian on (default) | off >>>>> usecustombannedimage = on >>>>> custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif' >>>>> >>>>> # Quantidade de grupos existente, pode ser criado até 9 >>>>> filtergroups = 1 >>>>> >>>>> # Onde fica o arquivo onde são atribuídos os grupos aos usuários ou >>>>> ips. >>>>> # agora podemos também atribuir faixas de ips >>>>> filtergroupslist = '/etc/dansguardian/lists/filtergroupslist' >>>>> >>>>> # Ips sem acesso >>>>> bannediplist = '/etc/dansguardian/lists/bannediplist' >>>>> # Ips com acesso total >>>>> exceptioniplist = '/etc/dansguardian/lists/exceptioniplist' >>>>> >>>>> # high enough, reported. on | off >>>>> showweightedfound = on >>>>> >>>>> # 2 = on, singular = each weighted phrase found only counts once on a >>>>> page. >>>>> weightedphrasemode = 2 >>>>> >>>>> urlcachenumber = 1000 >>>>> urlcacheage = 900 >>>>> scancleancache = on >>>>> >>>>> # 2 = both of the above (default) >>>>> phrasefiltermode = 2 >>>>> >>>>> # 0 = force lower case (default) >>>>> preservecase = 0 >>>>> >>>>> # off = disabled (default) >>>>> # on = enabled >>>>> hexdecodecontent = off >>>>> >>>>> # off (default) | on (Big5 compatible) >>>>> forcequicksearch = off >>>>> >>>>> # bannedsitelist file instead. >>>>> reverseaddresslookups = off >>>>> >>>>> # leave it off. >>>>> reverseclientiplookups = off >>>>> >>>>> # is, enabling this option does not incur any additional forward DNS >>>>> requests. >>>>> logclienthostnames = off >>>>> >>>>> # be significant. Fast computers do not need this option. on | off >>>>> createlistcachefiles = on >>>>> >>>>> # use -1 for no blocking >>>>> #maxuploadsize = 512 >>>>> #maxuploadsize = 0 >>>>> maxuploadsize = -1 >>>>> >>>>> # The size is in Kibibytes - eg 2048 = 2Mb >>>>> # use 0 to set it to maxcontentramcachescansize >>>>> maxcontentfiltersize = 256 >>>>> >>>>> # use 0 to set it to maxcontentfilecachescansize >>>>> # This option may be ignored by the configured download manager. >>>>> maxcontentramcachescansize = 2000 >>>>> >>>>> # The size is in Kibibytes - eg 10240 = 10Mb >>>>> maxcontentfilecachescansize = 20000 >>>>> >>>>> # RAM cache. >>>>> filecachedir = '/tmp' >>>>> >>>>> # on|off (defaults to on) >>>>> deletedownloadedtempfiles = on >>>>> >>>>> # This may be ignored by the configured download manager. >>>>> initialtrickledelay = 20 >>>>> >>>>> # This may be ignored by the configured download manager. >>>>> trickledelay = 10 >>>>> >>>>> # Controle dobre gerenciador de Downloads >>>>> downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf' >>>>> downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf' >>>>> >>>>> # The default of 60 seconds is probably reasonable. >>>>> contentscannertimeout = 60 >>>>> >>>>> # (on|off) default = off >>>>> contentscanexceptions = off >>>>> >>>>> # Este plugin deve ser habilitado para aparecer os usuários no log do >>>>> Dansguardian >>>>> authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' >>>>> >>>>> >>>>> # Defaults to off. >>>>> recheckreplacedurls = off >>>>> >>>>> # Importante, deve ser habilitado para repassar os ips clientes ao >>>>> squid. >>>>> forwardedfor = on >>>>> >>>>> # Warning - headers are easily spoofed. on | off >>>>> usexforwardedfor = off >>>>> >>>>> # it on or off >>>>> logconnectionhandlingerrors = on >>>>> >>>>> # useful in production. >>>>> logchildprocesshandling = off >>>>> >>>>> # On large sites you might want to try 180. >>>>> maxchildren = 120 >>>>> >>>>> # On large sites you might want to try 32. >>>>> minchildren = 8 >>>>> >>>>> # sets the minimum number of processes to be kept ready to handle >>>>> connections. >>>>> # On large sites you might want to try 8. >>>>> minsparechildren = 4 >>>>> >>>>> # sets the minimum number of processes to spawn when it runs out >>>>> # On large sites you might want to try 10. >>>>> preforkchildren = 6 >>>>> >>>>> # sets the maximum number of processes to have doing nothing. >>>>> # When this many are spare it will cull some of them. >>>>> # On large sites you might want to try 64. >>>>> maxsparechildren = 32 >>>>> >>>>> # On large sites you might want to try 10000. >>>>> maxagechildren = 500 >>>>> >>>>> # browse the web. Set to 0 for no limit, and to disable the IP cache >>>>> process. >>>>> maxips = 0 >>>>> >>>>> # Defines IPC server directory and filename used to communicate with >>>>> the log process. >>>>> ipcfilename = '/tmp/.dguardianipc' >>>>> >>>>> # Defines URL list IPC server directory and filename used to >>>>> communicate with the URL >>>>> # cache process. >>>>> urlipcfilename = '/tmp/.dguardianurlipc' >>>>> >>>>> # Defines IP list IPC server directory and filename, for communicating >>>>> with the client >>>>> # IP cache process. >>>>> ipipcfilename = '/tmp/.dguardianipipc' >>>>> >>>>> # on|off (defaults to off) >>>>> nodaemon = off >>>>> >>>>> # Disable logging process >>>>> # on|off (defaults to off) >>>>> nologger = off >>>>> >>>>> # Enable logging of "ADs" category blocks >>>>> # on|off (defaults to off) >>>>> logadblocks = off >>>>> >>>>> # Enable logging of client User-Agent >>>>> # Some browsers will cause a *lot* of extra information on each line! >>>>> # on|off (defaults to off) >>>>> loguseragent = off >>>>> >>>>> # on|off (defaults to off) >>>>> softrestart = off >>>>> >>>>> # Mail program >>>>> # Path (sendmail-compatible) email program, with options. >>>>> # Not used if usesmtp is disabled (filtergroup specific). >>>>> mailer = '/usr/sbin/sendmail -t' >>>>> >>>>> Att. >>>>> >>>>> Leandro Moreira. >>>>> >>>>> 2009/11/19 Marcelo <msala...@gmail.com <mailto:msala...@gmail.com>> >>>>> >>>>> Leanddro, >>>>> >>>>> posta o seu dansguardian.conf >>>>> >>>>> >>>>> Abraços, >>>>> Marcelo >>>>> >>>>> Leandro Moreira wrote: >>>>> > Caros, >>>>> > A minha rede tem a seguinte topologia >>>>> > >>>>> > # --------- # # -------------- # # >>>>> -------------------- # >>>>> > # LAN # ----> # FW DMZ # -----> # FW BORDA # >>>>> > # --------- # # --------------- # # >>>>> -------------------- # >>>>> > | >>>>> > | >>>>> > # --------------------------------------- # >>>>> > # PROXY/DANSGUARDIAN # >>>>> > # --------------------------------------- # >>>>> > >>>>> > Instalei e configurei o dansguardian, ao set-lo manualmente no >>>>> > navegador, funciona sem problemas. Entao criei um NAT no firewall >>>>> >>>>> >>>> de >>>> >>>> >>>>> > borda para enviar todas as requisições da porta 80 para o >>>>> servidor com >>>>> > o dansguardian: >>>>> > >>>>> > iptables -t nat -A PREROUTING -i ! eth0 -s ! 172.20.0.30 -p tcp -m >>>>> > multiport --dport 80 -j DNAT --to-destination 172.20.0.30:8080 >>>>> <http://172.20.0.30:8080> >>>>> > <http://172.20.0.30:8080> >>>>> > >>>>> > Ao ativar o nat a internet simplesmente para, entao fiz o mesmo >>>>> nat >>>>> > para o proxy que se encontra na mesma maquina e funcionou >>>>> normalmente. >>>>> > Ainda estou com o dansguardian basicao apenas com as blacklist >>>>> padrões >>>>> > dele, o que mais me intriga é que ao redirecionar o NAT acima pro >>>>> > squid a navegação ficou norma. >>>>> > Alguém ja passou por esse tipo de problemas, agradeço desde ja >>>>> ajuda. >>>>> > >>>>> > PS.: 1- Não é problema de hardware, pois o servidor é um >>>>> poweredge com >>>>> > placa gigabit. >>>>> > 2- Já discuti com o gerente de "projeto" pois queria fazer >>>>> > essa solução usando bridge e ele não aprovou. >>>>> > >>>>> > Att. >>>>> > >>>>> > -- >>>>> > Leandro Moreira >>>>> > Linux Administrator: LPIC-1 >>>>> > e-mail/msn: lean...@leandromoreira.eti.br >>>>> <mailto:lean...@leandromoreira.eti.br> >>>>> > <mailto:lean...@leandromoreira.eti.br >>>>> <mailto:lean...@leandromoreira.eti.br>> >>>>> > Tel.: + 55(32) 9906-5713 >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Leandro Moreira >>>>> Linux Administrator: LPIC-1 >>>>> e-mail/msn: lean...@leandromoreira.eti.br >>>>> <mailto:lean...@leandromoreira.eti.br> >>>>> Tel.: + 55(32) 9906-5713 >>>>> >>>>> >>>> >>> >>> >>> >>> >> >> -- >> gter list https://eng.registro.br/mailman/listinfo/gter >> > > > > -- > Leandro Moreira > Linux Administrator: LPIC-1 > e-mail/msn: lean...@leandromoreira.eti.br > Tel.: + 55(32) 9906-5713 > -- Leandro Moreira Linux Administrator: LPIC-1 e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713