Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Problema com squid e ssh
View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Portuguese
View previous topic :: View next topic  
Author Message
mfdzerohour
Tux's lil' helper
Tux's lil' helper


Joined: 31 Aug 2005
Posts: 143
Location: Paranaíba-MS

PostPosted: Sat Aug 02, 2008 5:16 pm    Post subject: Problema com squid e ssh Reply with quote

Boa Tarde,

Estou encontrando problema com o squid, que não esta de forma transaparente, acredito que por isso, ele esta barrando a conexão do vnc de dentro para fora. A conexão com o vnc é feito atraves de um arquivo .bat na estação windows que se conecta no destino, é feito para 5 suportes, como dependendo do atendente pode ser um dos 5, não posso redirecionar as portas a determinados ip's, pois com isso ficaria limitado a 5 maquinas e na rede encontra-se 15 maquinas, e tb não consegui liberar o ssh, posto abaixo a configuração do squid e do firewall fazendo o redirecionamento.

PROXY SQUID

###############################
# Autor........: Marcelo F. Duarte #
# Criado em....: 28/02/2008 #
# Modificado em: 20/07/2008 #
# Contato......: mfdzerohour@hotmail.com #
# Cidade.......: Campo Grande-MS #
##############################
#Porta para squid transparente
http_port 3128 transparent

#Cache de memoria
cache_mem 32 MB

maximum_object_size 4096 KB
cache_dir ufs /var/cache/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log off
client_netmask 255.255.255.255

#Default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5500 5501 5502 5503 5505 # Porta VNC
acl FrostWire port 6346 # FrostWire
acl Safe_ports port 5500 5501 5502 5503 5505 # vnc
acl Safe_ports port 22 # porta ssh
acl CONNECT method CONNECT
acl minharede src 192.168.1.0/255.255.255.0

#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#Traducao do Squid para Portugues
error_directory /usr/share/squid/errors/Portuguese

# acl pra sites direto, nao passar pelo cache
acl NOCACHE url_regex "/etc/squid/acl/direto.txt" \?
no_cache deny NOCACHE

# acl pra bloquear palavras nos enderecos e liberar excessoes
acl negapalavra url_regex "/etc/squid/acl/negapalavra.txt"
acl liberapalavra url_regex "/etc/squid/acl/liberapalavra.txt"
http_access allow liberapalavra all
http_access deny negapalavra all

#CRIADO POR MIM

# Usuario com permissão de acessar tudo
acl ip_acesso_total src "/etc/squid/acl/ip_acesso_total.txt"

# Usuarios com restricoes, so acessam sites permitidos mais nada!
acl ip_restricao src "/etc/squid/acl/ip_restricao.txt"

# Sites que usuarios com restricao podem acessar
acl sites_acesso_restricao url_regex -i "/etc/squid/acl/sites_acesso_restricao.txt"

# Regra para acessar bancos, todos os usuarios acessam bancos
acl sites_bancos url_regex -i "/etc/squid/acl/sites_bancos.txt"

# Liberar MSN para determinado IP
## IP LIBERAR MSN
acl ip_liberar_msn src "/etc/squid/acl/ip_liberar_msn.txt"

## LIBERAR SITE
acl msn url_regex -i gateway.messenger
acl msn url_regex -i login.live.com
acl msn url_regex -i gateway.dll
acl msn url_regex -i msn.com

http_access allow ip_liberar_msn msn
# http_access deny ip_liberar_msn all

#FIM DA LICAO DO MSN

http_access allow ip_acesso_total
http_access allow ip_acesso_total FrostWire
http_access allow ip_restricao sites_acesso_restricao
http_access allow ip_restricao sites_bancos
http_access allow sites_bancos SSL_ports
http_access deny minharede
http_access deny all
cache_mgr mfdzerohour@ig.com.br
#cache_effective_user proxy
#cache_effective_group proxy
visible_hostname squid


## FIREWALL

#!/bin/bash

iptables -F -t nat


echo
echo
echo
echo
echo
echo "###########################################"
echo "###########################################"
echo "######## LAN = ETH1 - WAN = ETH0 ###########"
echo "###########################################"
echo "###########################################"
echo "############# METAMORFOS CONSULTORIA ########"
echo "###########################################"
echo "###########################################"

#=========================================================================================

echo
echo
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
echo "@@@ CONFIGURACAO DO FIREWALL @@@@@@@@@@@@@@"
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
echo
echo
#=========================================================================================
echo "BLOQUEANDO ATAQUES VIA DOS -------------------------------OK"


#=========================================================================================
echo " CARREGA OS MODULOS ------------------------ OK"
modprobe iptable_nat

#=========================================================================================
echo " DEFININDO AS REGRAS ----------------------- OK"

iptables -t nat -A PREROUTING -d 192.168.1.0/24 -p tcp -j ACCEPT

iptables -A INPUT -p tcp --destination-port 443 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 25 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 110 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 5500 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 500 -j DNAT --to-dest 192.168.1.39
iptables -A FORWARD -p tcp -i eth0 --dport 5500 -d 192.168.1.39 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 192.168.1.0/255.255.225.0 -j ACCEPT

#========================================================================================


echo " COMPARTILHAMENTO DA INTERNET, MASCARAMENTO ------------ OK"

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#=========================================================================================

echo " PERMITINDO PROXY TRANSPARENTE ------------------------- OK"

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
#=========================================================================================

echo " PERMITINDO REDIRECIONAMENTO DE PACOTES ---------------- OK"

echo 1 >/proc/sys/net/ipv4/ip_forward

#==========================================================================================
echo
echo
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
echo "@@@ TERMINO DA CONFIGURA�O @@@"
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
echo
echo
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portuguese All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum