Re: [FUG-BR] WARNING: transparent proxying not supported
Ciro, Hoje uso assim: #!/bin/sh #Variaveis _ipfw=$(which ipfw) _net=192.168.0.0/24 _indev=xl0 #Deleta todas as regras $_ipfw -f flush ## Lista de IP's que n??o passam pelo Squid $_ipfw table 15 flush # Inicializa o natd $_ipfw -q add 50 divert natd all from any to any via $_indev $_ipfw -q add 51 skipto 6 ip from table\(15\) to any #Liberacao de regras para o Conectividade Social. $_ipfw -q add 60 skipto 6 ip from $_net to 200.201.160.0/20 $_ipfw -q add 61 skipto 6 ip from $_net to 200.201.166.0/24 $_ipfw -q add 62 skipto 6 ip from $_net to 200.201.173.0/24 $_ipfw -q add 63 skipto 6 ip from $_net to 200.201.174.0/24 $_ipfw -q add 64 divert 8668 ip from any to any via $_indev #As regras neste bloco sao oaplicadas ao SQUID (Proxy Transparente). $_ipfw -q add 100 allow tcp from me to any 80 $_ipfw -q add 101 fwd 127.0.0.1,3128 tcp from any to any 80 Em 03/12/2011, às 00:54, Ciro Cardoso de Meneses escreveu: tenta usar seu firewall assim: #=== if_in=xl1 if_out=xl0 minharede=192.168.0.0/24 00060 skipto 6 ip from http://192.168.0.0/24 $minharede to 200.201.160.0/20 00061 skipto 6 ip from http://192.168.0.0/24$minharede to 200.201.166.0/24 00062 skipto 6 ip from $minharede to 200.201.173.0/24 00063 skipto 6 ip from $minharede to 200.201.174.0/24 00100 allow tcp from me to any dst-port 80 via $if_out 00101 fwd 127.0.0.1,3128 tcp from $minharede to any dst-port 80 in via $if_in 6 divert 8668 ip from $minharede to any out via $if_out 60001 divert 8668 ip from any to me in via $if_out 65535 allow ip from any to any #= Em 2 de dezembro de 2011 17:16, Rodrigo Calado rodrigocal...@rodrigocalado.com.br escreveu: Olá, Já li diversos fóruns, fiz os ajustes coerentes e a mensagem continua. Vejam os arquivos de configuração: rc.conf defaultrouter=186.215.69.177 gateway_enable=YES hostname=fw.gransig.grancursos.com.br ifconfig_xl0=inet 186.215.69.182 netmask 255.255.255.248 ifconfig_xl1=inet 192.168.0.254 netmask 255.255.255.0 natd.conf interface xl0 dynamic yes use_sockets yes same_ports yes ipfw 00050 divert 8668 ip from any to any via xl0 00051 skipto 6 ip from table(15) to any 00060 skipto 6 ip from 192.168.0.0/24 to 200.201.160.0/20 00061 skipto 6 ip from 192.168.0.0/24 to 200.201.166.0/24 00062 skipto 6 ip from 192.168.0.0/24 to 200.201.173.0/24 00063 skipto 6 ip from 192.168.0.0/24 to 200.201.174.0/24 00064 divert 8668 ip from any to any via xl0 00100 allow tcp from me to any dst-port 80 00101 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 65535 allow ip from any to any squid.conf http_port 127.0.0.1:3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl SWF urlpath_regex swf no_cache deny SWF cache_mem 100 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 512 KB logfile_rotate 3 cache_dir ufs /usr/local/squid/cache 2000 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log /usr/local/squid/logs/store.log dns_nameservers 8.8.8.8 8.8.4.4 hosts_file /etc/hosts auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 cache_mgr webmas...@grancursos.com.br cache_effective_user squid cache_effective_group squid visible_hostname fw.gransig.grancursos.com.br error_directory /usr/local/etc/squid/errors/Portuguese coredump_dir /usr/local/squid/cache #ACLS Gerais acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #ACLS de Controle acl rede src 192.168.0.0/24 #Rede acl liberados url_regex -i /usr/local/squid/web/liberados.sites acl administrativo src /usr/local/squid/web/administrativo acl diretoria src /usr/local/squid/web/diretoria.txt acl term_consulta src /usr/local/squid/web/term_consulta.txt acl consulta_portal url_regex -i /usr/local/squid/web/consulta_portal.txt # Novas regras acl adicionadas by ROD_NOKEY. acl spyware url_regex -i /usr/local/squid/web/spyware.txt # Lista com dom?nios de
Re: [FUG-BR] WARNING: transparent proxying not supported
Rodrigo, Eu colocaria o squid-2.7.STABLE, tiraria as regras do ipfw, implementaria o NAT no PF e redir do squid tbm no pf. Nunca me dei bem com squid3 Em 2 de dezembro de 2011 17:16, Rodrigo Calado rodrigocal...@rodrigocalado.com.br escreveu: - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
[FUG-BR] WARNING: transparent proxying not supported
Olá, Já li diversos fóruns, fiz os ajustes coerentes e a mensagem continua. Vejam os arquivos de configuração: rc.conf defaultrouter=186.215.69.177 gateway_enable=YES hostname=fw.gransig.grancursos.com.br ifconfig_xl0=inet 186.215.69.182 netmask 255.255.255.248 ifconfig_xl1=inet 192.168.0.254 netmask 255.255.255.0 natd.conf interface xl0 dynamic yes use_sockets yes same_ports yes ipfw 00050 divert 8668 ip from any to any via xl0 00051 skipto 6 ip from table(15) to any 00060 skipto 6 ip from 192.168.0.0/24 to 200.201.160.0/20 00061 skipto 6 ip from 192.168.0.0/24 to 200.201.166.0/24 00062 skipto 6 ip from 192.168.0.0/24 to 200.201.173.0/24 00063 skipto 6 ip from 192.168.0.0/24 to 200.201.174.0/24 00064 divert 8668 ip from any to any via xl0 00100 allow tcp from me to any dst-port 80 00101 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 65535 allow ip from any to any squid.conf http_port 127.0.0.1:3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl SWF urlpath_regex swf no_cache deny SWF cache_mem 100 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 512 KB logfile_rotate 3 cache_dir ufs /usr/local/squid/cache 2000 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log /usr/local/squid/logs/store.log dns_nameservers 8.8.8.8 8.8.4.4 hosts_file /etc/hosts auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 cache_mgr webmas...@grancursos.com.br cache_effective_user squid cache_effective_group squid visible_hostname fw.gransig.grancursos.com.br error_directory /usr/local/etc/squid/errors/Portuguese coredump_dir /usr/local/squid/cache #ACLS Gerais acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #ACLS de Controle acl rede src 192.168.0.0/24 #Rede acl liberados url_regex -i /usr/local/squid/web/liberados.sites acl administrativo src /usr/local/squid/web/administrativo acl diretoria src /usr/local/squid/web/diretoria.txt acl term_consulta src /usr/local/squid/web/term_consulta.txt acl consulta_portal url_regex -i /usr/local/squid/web/consulta_portal.txt # Novas regras acl adicionadas by ROD_NOKEY. acl spyware url_regex -i /usr/local/squid/web/spyware.txt # Lista com dom?nios de spyware. acl chat url_regex -i /usr/local/squid/web/chat.txt # Lista com dom?nios de chat. acl redirector url_regex -i /usr/local/squid/web/redirector.txt # Lista com dom?nios de sites que funcionam como browser. acl violence url_regex -i /usr/local/squid/web/violence.txt # Lista com dom?nios de viol?ncia. acl warez url_regex -i /usr/local/squid/web/warez.txt # Lista com dom?nios de warez, torrents e upfiles. acl webtv url_regex -i /usr/local/squid/web/webtv.txt # Lista com dom?nios de webtv. acl msn url_regex -i /usr/local/squid/web/msn.txt # Lista para bloquear MSN apenas. # Bloqueio de ICQ acl bloq_icq req_mime_type -i ^application/x-Icq$ #Diretivas http_accesss Padrao http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_reply_access allow all icp_access allow all #Diretivas http_access Customizadas # A regra abaixo est? bloqueando todas as listas de dom?nios das regras acl # e retirando os IP's da secretaria e do call center da rede 192.168.0.0/24. http_access allow !administrativo !chat !spyware !redirector !violence !warez !bloq_icq !term_consulta rede http_access allow administrativo liberados http_access allow term_consulta consulta_portal http_access allow all diretoria http_access deny all Compilação # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for squid-3.0.24 _OPTIONS_READ=squid-3.0.24 WITH_SQUID_KERB_AUTH=true WITHOUT_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITHOUT_SQUID_SASL_AUTH=true WITHOUT_SQUID_DELAY_POOLS=true WITH_SQUID_SNMP=true WITH_SQUID_CARP=true WITHOUT_SQUID_SSL=true WITHOUT_SQUID_PINGER=true WITHOUT_SQUID_DNS_HELPER=true WITHOUT_SQUID_HTCP=true WITHOUT_SQUID_VIA_DB=true WITHOUT_SQUID_CACHE_DIGESTS=true WITH_SQUID_WCCP=true WITHOUT_SQUID_WCCPV2=true WITHOUT_SQUID_STRICT_HTTP=true
Re: [FUG-BR] WARNING: transparent proxying not supported
Se voce nos passasse a mensagem, ficaria um pouco mais fácil.. Em 2 de dezembro de 2011 18:16, Rodrigo Calado rodrigocal...@rodrigocalado.com.br escreveu: Olá, Já li diversos fóruns, fiz os ajustes coerentes e a mensagem continua. Vejam os arquivos de configuração: rc.conf defaultrouter=186.215.69.177 gateway_enable=YES hostname=fw.gransig.grancursos.com.br ifconfig_xl0=inet 186.215.69.182 netmask 255.255.255.248 ifconfig_xl1=inet 192.168.0.254 netmask 255.255.255.0 natd.conf interface xl0 dynamic yes use_sockets yes same_ports yes ipfw 00050 divert 8668 ip from any to any via xl0 00051 skipto 6 ip from table(15) to any 00060 skipto 6 ip from 192.168.0.0/24 to 200.201.160.0/20 00061 skipto 6 ip from 192.168.0.0/24 to 200.201.166.0/24 00062 skipto 6 ip from 192.168.0.0/24 to 200.201.173.0/24 00063 skipto 6 ip from 192.168.0.0/24 to 200.201.174.0/24 00064 divert 8668 ip from any to any via xl0 00100 allow tcp from me to any dst-port 80 00101 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 65535 allow ip from any to any squid.conf http_port 127.0.0.1:3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl SWF urlpath_regex swf no_cache deny SWF cache_mem 100 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 512 KB logfile_rotate 3 cache_dir ufs /usr/local/squid/cache 2000 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log /usr/local/squid/logs/store.log dns_nameservers 8.8.8.8 8.8.4.4 hosts_file /etc/hosts auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 cache_mgr webmas...@grancursos.com.br cache_effective_user squid cache_effective_group squid visible_hostname fw.gransig.grancursos.com.br error_directory /usr/local/etc/squid/errors/Portuguese coredump_dir /usr/local/squid/cache #ACLS Gerais acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #ACLS de Controle acl rede src 192.168.0.0/24 #Rede acl liberados url_regex -i /usr/local/squid/web/liberados.sites acl administrativo src /usr/local/squid/web/administrativo acl diretoria src /usr/local/squid/web/diretoria.txt acl term_consulta src /usr/local/squid/web/term_consulta.txt acl consulta_portal url_regex -i /usr/local/squid/web/consulta_portal.txt # Novas regras acl adicionadas by ROD_NOKEY. acl spyware url_regex -i /usr/local/squid/web/spyware.txt # Lista com dom?nios de spyware. acl chat url_regex -i /usr/local/squid/web/chat.txt # Lista com dom?nios de chat. acl redirector url_regex -i /usr/local/squid/web/redirector.txt # Lista com dom?nios de sites que funcionam como browser. acl violence url_regex -i /usr/local/squid/web/violence.txt # Lista com dom?nios de viol?ncia. acl warez url_regex -i /usr/local/squid/web/warez.txt # Lista com dom?nios de warez, torrents e upfiles. acl webtv url_regex -i /usr/local/squid/web/webtv.txt # Lista com dom?nios de webtv. acl msn url_regex -i /usr/local/squid/web/msn.txt # Lista para bloquear MSN apenas. # Bloqueio de ICQ acl bloq_icq req_mime_type -i ^application/x-Icq$ #Diretivas http_accesss Padrao http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_reply_access allow all icp_access allow all #Diretivas http_access Customizadas # A regra abaixo est? bloqueando todas as listas de dom?nios das regras acl # e retirando os IP's da secretaria e do call center da rede 192.168.0.0/24. http_access allow !administrativo !chat !spyware !redirector !violence !warez !bloq_icq !term_consulta rede http_access allow administrativo liberados http_access allow term_consulta consulta_portal http_access allow all diretoria http_access deny all Compilação # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for squid-3.0.24 _OPTIONS_READ=squid-3.0.24 WITH_SQUID_KERB_AUTH=true WITHOUT_SQUID_LDAP_AUTH=true WITH_SQUID_NIS_AUTH=true WITHOUT_SQUID_SASL_AUTH=true WITHOUT_SQUID_DELAY_POOLS=true
Re: [FUG-BR] WARNING: transparent proxying not supported
tenta usar seu firewall assim: #=== if_in=xl1 if_out=xl0 minharede=192.168.0.0/24 00060 skipto 6 ip from http://192.168.0.0/24 $minharede to 200.201.160.0/20 00061 skipto 6 ip from http://192.168.0.0/24$minharede to 200.201.166.0/24 00062 skipto 6 ip from $minharede to 200.201.173.0/24 00063 skipto 6 ip from $minharede to 200.201.174.0/24 00100 allow tcp from me to any dst-port 80 via $if_out 00101 fwd 127.0.0.1,3128 tcp from $minharede to any dst-port 80 in via $if_in 6 divert 8668 ip from $minharede to any out via $if_out 60001 divert 8668 ip from any to me in via $if_out 65535 allow ip from any to any #= Em 2 de dezembro de 2011 17:16, Rodrigo Calado rodrigocal...@rodrigocalado.com.br escreveu: Olá, Já li diversos fóruns, fiz os ajustes coerentes e a mensagem continua. Vejam os arquivos de configuração: rc.conf defaultrouter=186.215.69.177 gateway_enable=YES hostname=fw.gransig.grancursos.com.br ifconfig_xl0=inet 186.215.69.182 netmask 255.255.255.248 ifconfig_xl1=inet 192.168.0.254 netmask 255.255.255.0 natd.conf interface xl0 dynamic yes use_sockets yes same_ports yes ipfw 00050 divert 8668 ip from any to any via xl0 00051 skipto 6 ip from table(15) to any 00060 skipto 6 ip from 192.168.0.0/24 to 200.201.160.0/20 00061 skipto 6 ip from 192.168.0.0/24 to 200.201.166.0/24 00062 skipto 6 ip from 192.168.0.0/24 to 200.201.173.0/24 00063 skipto 6 ip from 192.168.0.0/24 to 200.201.174.0/24 00064 divert 8668 ip from any to any via xl0 00100 allow tcp from me to any dst-port 80 00101 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 65535 allow ip from any to any squid.conf http_port 127.0.0.1:3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl SWF urlpath_regex swf no_cache deny SWF cache_mem 100 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 512 KB logfile_rotate 3 cache_dir ufs /usr/local/squid/cache 2000 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log /usr/local/squid/logs/store.log dns_nameservers 8.8.8.8 8.8.4.4 hosts_file /etc/hosts auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 cache_mgr webmas...@grancursos.com.br cache_effective_user squid cache_effective_group squid visible_hostname fw.gransig.grancursos.com.br error_directory /usr/local/etc/squid/errors/Portuguese coredump_dir /usr/local/squid/cache #ACLS Gerais acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #ACLS de Controle acl rede src 192.168.0.0/24 #Rede acl liberados url_regex -i /usr/local/squid/web/liberados.sites acl administrativo src /usr/local/squid/web/administrativo acl diretoria src /usr/local/squid/web/diretoria.txt acl term_consulta src /usr/local/squid/web/term_consulta.txt acl consulta_portal url_regex -i /usr/local/squid/web/consulta_portal.txt # Novas regras acl adicionadas by ROD_NOKEY. acl spyware url_regex -i /usr/local/squid/web/spyware.txt # Lista com dom?nios de spyware. acl chat url_regex -i /usr/local/squid/web/chat.txt # Lista com dom?nios de chat. acl redirector url_regex -i /usr/local/squid/web/redirector.txt # Lista com dom?nios de sites que funcionam como browser. acl violence url_regex -i /usr/local/squid/web/violence.txt # Lista com dom?nios de viol?ncia. acl warez url_regex -i /usr/local/squid/web/warez.txt # Lista com dom?nios de warez, torrents e upfiles. acl webtv url_regex -i /usr/local/squid/web/webtv.txt # Lista com dom?nios de webtv. acl msn url_regex -i /usr/local/squid/web/msn.txt # Lista para bloquear MSN apenas. # Bloqueio de ICQ acl bloq_icq req_mime_type -i ^application/x-Icq$ #Diretivas http_accesss Padrao http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_reply_access allow all icp_access allow all #Diretivas http_access Customizadas # A regra abaixo est? bloqueando todas as listas de dom?nios das regras acl # e retirando os IP's da