Pessoal,
Não sei o que esta acontecendo com PF + squid. O
problema consiste quando eu uso o proxy transparente
nao acesso a internet, aparece na pagina isso:
no firefox e no internet explorer
Agora quando eu configuro o navegador para utilizar o
proxy ele navega, veja minhas configurações
pf.conf
# macros
int_if = xl1
ext_if = xl0
webserv = 192.168.0.3
tcp_services = { 22, 113 }
icmp_types = echoreq
priv_nets = { 127.0.0.0/8, 192.168.0.0/28,
10.10.10.0/8, 10.10.50.0/8 }
# nat/rdr
nat on $ext_if from $int_if:network to any -
($ext_if)
rdr on $int_if inet proto tcp from any to any port 80
- 127.0.0.1 port 3128
pass in quick on $ext_if proto tcp from any to $int_if
port 443 flags S/SAFR keep state (max 256)
pass in on $int_if inet proto tcp from any to
127.0.0.1 port 3128 keep state
# regras de filtragem
pass quick on lo0 all
pass in on $ext_if inet proto tcp from any to
($ext_if) \
port $tcp_services flags S/SA keep state
pass in on $ext_if proto tcp from any to $webserv port
80 \
flags S/SA synproxy state
pass in inet proto icmp all icmp-type $icmp_types keep
state
pass in on $int_if from $int_if:network to any keep
state
pass out on $int_if from any to $int_if:network keep
state
pass out on $ext_if proto tcp all modulate state flags
S/SA
pass out on $ext_if proto { udp, icmp } all keep state
meu squid.conf
##
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 20 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 5120 KB
cache_dir ufs /squid/cache 5000 16 256
# Log de requisicoes.
cache_access_log /squid/logs/access.log
# Log do cache.
cache_log /squid/logs/cache.log
cache_store_log /squid/logs/store.log
pid_filename /squid/logs/squid.pid
visible_hostname squid.exemplo.org
refresh_pattern ^ftp: 144020% 10080
refresh_pattern ^gopher:14400% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
# ACLs para paginas proibidas. Os arquivos
especificados conterao
# as ACLs, para facilitar a edicao.
acl proibido-url url_regex -i
/squid/bloqueados/proibido-url
acl spyware url_regex
/squid/bloqueados/blacklistspy.txt
# ACL que define os clientes permitidos. Especificar
as redes que
# irao utilizar o cache
acl clientes src 172.168.0.0/24
acl CONNECT method CONNECT
# Permitir ou negar o acesso baseado nas acls.
http_access deny spyware
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny proibido-url
http_access allow clientes
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /squid/cache
Obrigado pela ajuda
thiago gomes
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd