Estou tentando usar o proxy transparente, mas não esta funcionando da forma que deveria.<br>todos os sites https é que não abrem, EX: <a href="http://gmail.com">gmail.com</a>, <a href="http://orkut.com">orkut.com</a>. E tambem o msn que usa as portas 1863 e 443 não funciona. Eu sinceramente ja virei a noite tentando entender o por que com o proxy default eu consigo acessar ao gmail e no transparente ele não funciona. A importante o msn não funciona nem no proxy default e nem no transparente tb. Agradeço toda a ajuda, deem uma analizada no squid e no iptables. Segue o meu squid. conf e meu firewall teste:
<br><br><span style="font-weight: bold; color: rgb(102, 0, 204);">Squid.conf:</span><br><br>http_port 3128<br>cache_mem 96 MB<br>cache_dir ufs /var/spool/squid 100 16 256<br>maximum_object_size 81192 KB<br>maximum_object_size_in_memory 1024 KB
<br>cache_access_log /var/log/squid/access.log<br>cache_log /var/log/squid/cache.log<br>cache_store_log none<br>cache_mgr <a href="mailto:jasonnfedora@gmail.com">jasonnfedora@gmail.com</a><br>log_fqdn off<br>emulate_httpd_log off
<br>client_lifetime 12 hours<br>ftp_user <a href="mailto:anonymous@user.com">anonymous@user.com</a><br>ftp_passive on<br>dns_retransmit_interval 20 seconds<br>dns_timeout 100 seconds<br>redirect_rewrites_host_header off<br>
positive_dns_ttl 1 hours<br>hierarchy_stoplist cgi-bin ?<br>acl QUERY urlpath_regex cgi-bin \?<br>no_cache deny QUERY<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440
<br>refresh_pattern . 0 20% 4320<br>acl all src <a href="http://192.168.1.0/255.255.255.0">192.168.1.0/255.255.255.0</a><br>acl diretoria src <a href="http://192.168.1.5">192.168.1.5</a> <a href="http://192.168.1.6">
192.168.1.6</a><br>acl expediente time M-F 08:00-18:00<br>acl almoco time 12:00-14:00<br>acl diasuteis time M-F<br>acl manager proto cache_object<br>acl localhost src <a href="http://127.0.0.1/255.255.255.255">127.0.0.1/255.255.255.255
</a><br>acl to_localhost dst <a href="http://127.0.0.0/8">127.0.0.0/8</a><br>acl SSL_ports port 443 563<br>acl Safe_ports port 80 # http<br>acl Safe_ports port 21 # ftp<br>acl Safe_ports port 443 563 # https, snews
<br>acl Safe_ports port 1863 # msn<br>acl Safe_ports port 70 # gopher<br>acl Safe_ports port 210 # wais<br>acl Safe_ports port 1025-65535 # unregistered ports<br>acl Safe_ports port 280 # http-mgmt
<br>acl Safe_ports port 488 # gss-http<br>acl Safe_ports port 591 # filemaker<br>acl Safe_ports port 777 # multiling http<br>acl CONNECT method CONNECT<br><br>http_access allow manager localhost<br>
http_access deny manager<br>http_access deny !Safe_ports<br>http_access allow CONNECT !SSL_ports<br>http_access allow localhost<br>http_access allow all<br>http_reply_access allow all<br>icp_access allow all<br>coredump_dir /var/spool/squid
<br>ie_refresh on<br>error_directory /usr/share/squid/errors/Portuguese<br>visible_hostname fbrasil<br>httpd_accel_host virtual<br>httpd_accel_port 80<br>httpd_accel_with_proxy on<br>httpd_accel_uses_host_header on<br><br>
<br><span style="font-weight: bold; color: rgb(51, 51, 153);">Meu Iptables:</span><br><br>#---------------------------------------#<br># COMPARTILHANDO ACESSO INTERNET #<br>#---------------------------------------#<br>
<br>echo "1" > /proc/sys/net/ipv4/ip_forward<br><br>IPADDR=`/sbin/ifconfig | grep -A 4 ppp0 | awk '/inet end/ { print $3 } ' | sed -e s/addr://` # Endereco IP valido do servidor<br>EXTERNAL_INTERFACE="ppp0" # Interface de rede conectada a Internet
<br>LOCAL_INTERFACE="eth1" # Interface de rede conectada a intranet<br>LOOPBACK_INTERFACE="lo" # Interface de rede loopback<br>INTRANET="<a href="http://192.168.1.0/24">
192.168.1.0/24</a>" #Faixa privada de enderecamento<br>PRIMARY_NAMESERVER="<a href="http://200.165.132.154">200.165.132.154</a>" # Servidor DNS primario TELEMAR<br>SECONDARY_NAMESERVER="
<a href="http://200.165.132.147">200.165.132.147</a>" # Servidor DNS primario TELEMAR<br>LOOPBACK="<a href="http://127.0.0.0/8">127.0.0.0/8</a>" # Faixa de enderecamento loopback<br>CLASS_A="
<a href="http://10.0.0.0/8">10.0.0.0/8</a>" # Redes privadas classe A<br>CLASS_B="<a href="http://172.16.0.0/12">172.16.0.0/12</a>" # Redes privadas classe B<br>CLASS_C="
<a href="http://192.168.0.0/24">192.168.0.0/24</a>" # Redes privadas classe C<br>CLASS_D_MULTICAST="<a href="http://224.0.0.0/4">224.0.0.0/4</a>" # Enderecamento multicast classe D<br>CLASS_E_RESERVED_NET="
<a href="http://240.0.0.0/5">240.0.0.0/5</a>" # Enderecamento reservado classe E<br>BROADCAST_SRC="<a href="http://0.0.0.0">0.0.0.0</a>" # Endereco de braodcast de origem<br>BROADCAST_DEST="
<a href="http://255.255.255.255">255.255.255.255</a>" # Endereco de braodcast de origem<br>PRIVPORTS="0:1023" # Faixa de portas reservadas<br>UNPRIVPORTS="1024:" # Faixa de portas nao reservadas
<br>SSH_LOCAL_PORTS="1022:65535" # Faixa de portas para clientes ssh locais<br>SSH_REMOTE_PORTS="512:65535" # Faixa de portas para clientes ssh remotos<br>SNMP_REMOTE_PORTS="512:65535" # Faixa de portas para clientes ssh remotos
<br>TRACEROUTE_SRC_PORTS="32769:65535" # Faixa de portas para traceroute de origem<br>TRACEROUTE_DEST_PORTS="33434:33523" # Faixa de portas para traceroute de destino<br>FBRASIL=<a href="http://192.168.1.50">
192.168.1.50</a> # Ip FIRE<br><br>#------------------------------------------------------------------------------#<br># POLITICAS E DIRETIVAS INICIAIS #<br>#------------------------------------------------------------------------------#
<br><br># DENY a politica default<br># Serao aceitas conexoes de entrada e saida explicitamente desejadas<br><br># Remove todas as regras de filtragem existentes<br><br>iptables -F<br><br># Remove quaisquer cadeias existentes definidas pelo usuario
<br><br>iptables -X<br><br># Define politica padrao para DROP<br><br>iptables -P INPUT DROP<br>iptables -P OUTPUT DROP<br>iptables -P FORWARD DROP<br><br># Aceita trafego na interface LOOPBACK<br><br>iptables -A INPUT -i $LOOPBACK_INTERFACE -j ACCEPT
<br>iptables -A OUTPUT -o $LOOPBACK_INTERFACE -j ACCEPT<br><br># Todas as maquinas internas tem acesso a maquina firewall<br><br>iptables -A INPUT -i $LOCAL_INTERFACE -s $INTRANET -j ACCEPT<br>iptables -A OUTPUT -o $LOCAL_INTERFACE -d $INTRANET -j ACCEPT
<br><br># Impede pacotes netbios sairem da rede local<br><br>iptables -A FORWARD -p tcp --sport 137:139 -o ppp0 -j DROP<br>iptables -A FORWARD -p udp --sport 137:139 -o ppp0 -j DROP<br>iptables -A OUTPUT -p tcp --sport 137:139 -o ppp0 -j DROP
<br>iptables -A OUTPUT -p udp --sport 137:139 -o ppp0 -j DROP<br><br># Descarta pacotes XMAS mal-formados.<br><br>iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP<br>iptables -A FORWARD -p tcp --tcp-flags ALL ALL -j DROP
<br><br># Descarta pacotes NULL mal-formados<br><br>iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP<br>iptables -A FORWARD -p tcp --tcp-flags ALL NONE -j DROP<br><br># Impede pacotes falsos de atravessarem o firewall
<br><br>iptables -A FORWARD -i $LOCAL_INTERFACE -s ! $INTRANET -j DROP<br><br>#------------------------------------------------------------------------------#<br># POLITICAS E DIRETIVAS ANTI-SPOOFING E ENDERECOS FORJADOS #
<br>#------------------------------------------------------------------------------#<br><br># Rejeita pacotes de spoofing.<br># Ignora ederecos de origem ilegais.<br># Protege a rede de envio para enderecos forjados.<br><br>
# Rejeita pacotes de entrada pretensamente do endereco externo.<br><br>iptables -A INPUT -s $IPADDR -j DROP<br><br># Recusa pacotes de entrada de redes privadas classe A, B ou C.<br><br>iptables -A INPUT -s $CLASS_A -j DROP
<br>iptables -A INPUT -s $CLASS_B -j DROP<br>iptables -A INPUT -s $CLASS_C -j ACCEPT<br><br># Rejeita pacotes de endereco de broadcast de origem<br><br>iptables -A INPUT -s $BROADCAST_DEST -j DROP<br>iptables -A INPUT -d $BROADCAST_SRC -j DROP
<br><br># Rejeita enderecos de classe D multicast<br># Enderecos multicast de de origem sao ilegais.<br># Multicast usa UDP.<br><br>iptables -A INPUT -s $CLASS_D_MULTICAST -j DROP<br><br># Rejeita endereços IP reservados de classe E
<br><br>iptables -A INPUT -s $CLASS_E_RESERVED_NET -j DROP<br><br># Rejeita enderecos especiais de classes reservadas<br><br>iptables -A INPUT -s <a href="http://0.0.0.0/8">0.0.0.0/8</a> -j DROP<br>iptables -A INPUT -s <a href="http://127.0.0.0/8">
127.0.0.0/8</a> -j DROP<br>iptables -A INPUT -s <a href="http://169.254.0.0/16">169.254.0.0/16</a> -j DROP<br>iptables -A INPUT -s <a href="http://192.0.2.0/24">192.0.2.0/24</a> -j DROP<br>iptables -A INPUT -s <a href="http://224.0.0.0/3">
224.0.0.0/3</a> -j DROP<br><br>#################################################################<br>#MAQUINAS COM ACESSO DIRETO A INTERNET #<br>#################################################################
<br><br>#LIBERACAO DA PORTA 80 PARA REDE<br>iptables -A FORWARD -p tcp -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> --sport 1:65535 -d 0/0 --dport 80 -j ACCEPT<br>iptables -A FORWARD -p udp -s <a href="http://192.168.1.0/24">
192.168.1.0/24</a> --sport 1:65535 -d 0/0 --dport 80 -j ACCEPT<br><br>#LIBERACAO DA PORTA 1863 PARA REDE<br>iptables -A FORWARD -p tcp -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> --sport 1:65535 -d 0/0 --dport 1863 -j ACCEPT
<br>iptables -A FORWARD -p udp -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> --sport 1:65535 -d 0/0 --dport 1863 -j ACCEPT<br><br>#LIBERACAO DA PORTA 443 PARA REDE<br>iptables -A FORWARD -p tcp -s <a href="http://192.168.1.0/24">
192.168.1.0/24</a> --sport 1:65535 -d 0/0 --dport 443 -j ACCEPT<br>iptables -A FORWARD -p udp -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> --sport 1:65535 -d 0/0 --dport 443 -j ACCEPT<br><br>################################################################################
<br># DIRETIVAS ESPECIAIS - NEGACAO - INTERNO > EXTERNO #<br>################################################################################<br><br>#BLOQUEIO DO ACESSO DIRETO A HTTP<br><br>iptables -A FORWARD -p tcp --dport 80 -j REJECT
<br>iptables -A FORWARD -p udp --dport 80 -j REJECT<br><br>#BLOQUEIO DE ACESSO DIRETO A TELNET<br><br>iptables -A FORWARD -p tcp --dport 23 -j REJECT<br>iptables -A FORWARD -p udp --dport 23 -j REJECT<br><br>#BLOQUEIO DE ACESSO DIRETO A HTTPS
<br><br>iptables -A FORWARD -p tcp --dport 443 -j REJECT<br>iptables -A FORWARD -p udp --dport 443 -j REJECT<br><br># BLOQUEIO DE MSN<br><br>iptables -A FORWARD -p tcp --dport 1863 -j REJECT<br>iptables -A FORWARD -p udp --dport 1863 -j REJECT
<br><br>################################################################################<br># DIRETIVAS DE CONEXOES E MASCARAMENTO #<br>################################################################################
<br><br>#TODO O TRAFEGO INTERNO MASCARADO EXTERNAMENTE.<br><br>iptables -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE<br><br>#PROXY TRANSPARENTE<br>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -s 0/0 -j REDIRECT --to-port 3128
<br><br>#PERMITE QUE TODOS OS PACOTES SAIAM DE SUA REDE.<br><br>iptables -A FORWARD -m state --state NEW,ESTABLISHED -i $LOCAL_INTERFACE -s $INTRANET -j ACCEPT<br><br>#PERMITE O RETORNO DE PACOTES ASSOCIADOS COM SUAS CONEXOES.
<br><br>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -i $EXTERNAL_INTERFACE -s ! $INTRANET -j ACCEPT<br><br>################################################################################<br># DIRETIVA GLOBAL DE NAGACAO - ACRESCENTE AS EXEXOES ANTES DESTA DIRETIVA #
<br>################################################################################<br><br>#BLOQUEIO AS PORTAS NAO PRIVILEGIADAS<br>#iptables -A FORWARD -p tcp --dport $UNPRIVPORTS -j REJECT<br>#iptables -A FORWARD -p udp --dport $UNPRIVPORTS -j REJECT
<br><br>################################################################################<br># DIRETIVAS DE CONEXAO #<br>################################################################################
<br><br># DNS: SERVIDOR PRIMARIO (53)<br># CLIENTE/SERVIDOR PARA PESQUISA OU RESPOSTA DO SERVIDOR.<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p udp --source-port $UNPRIVPORTS -d $IPADDR --destination-port 53 -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p udp -s $IPADDR --source-port 53 --destination-port $UNPRIVPORTS -j ACCEPT<br><br># DNS: SERVIDOR DE ENCAMINHAMENTO (53)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p udp -s $PRIMARY_NAMESERVER --source-port 53 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p udp -s $IPADDR --source-port $UNPRIVPORTS -d $PRIMARY_NAMESERVER --destination-port 53 -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn -s $PRIMARY_NAMESERVER --source-port 53 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS -d $PRIMARY_NAMESERVER --destination-port 53 -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p udp -s $SECONDARY_NAMESERVER --source-port 53 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p udp -s $IPADDR --source-port $UNPRIVPORTS -d $SECONDARY_NAMESERVER --destination-port 53 -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn -s $SECONDARY_NAMESERVER --source-port 53 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS -d $SECONDARY_NAMESERVER --destination-port 53 -j ACCEPT<br><br># DNS: TRANSFERENCIA DE ZONAS (53)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $UNPRIVPORTS -d $IPADDR --destination-port 53 -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port 53 --destination-port $UNPRIVPORTS -j ACCEPT<br><br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port 53 -d $IPADDR --destination-port 53 -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port 53 --destination-port 53 -j ACCEPT<br><br><br># DNS: CLIENTES (53)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p udp --source-port 53 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p udp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 53 -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 53 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 53 -j ACCEPT<br><br># HTTP: CLIENTE (80)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 80 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 80 -j ACCEPT<br><br># HTTPS: CLIENTE (443)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 443 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 443 -j ACCEPT<br><br># SSH: SERVIDOR (2222)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $SSH_REMOTE_PORTS -d $IPADDR --destination-port 2222 -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port 2222 --destination-port $SSH_REMOTE_PORTS -j ACCEPT<br><br># SNMP: SERVIDOR (161)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p udp -d $IPADDR --destination-port 161 -j DROP
<br><br># SNMP: SERVIDOR (199)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp -d $IPADDR --destination-port 199 -j DROP<br><br><br># SSH: CLIENTE (2222)<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $SSH_LOCAL_PORTS --destination-port 2222 -j ACCEPT
<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 2222 -d $IPADDR --destination-port $SSH_LOCAL_PORTS -j ACCEPT<br><br># POP: SERVIDOR (110)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $UNPRIVPORTS -d $IPADDR --destination-port 110 -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port 110 --destination-port $UNPRIVPORTS -j ACCEPT<br><br># POP: CLIENTE (110)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 110 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 110 -j ACCEPT<br><br># IMAP: CLIENTE (143)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 143 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 143 -j ACCEPT<br><br># SMTP: SERVIDOR (25)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $UNPRIVPORTS -d $IPADDR --destination-port 25 -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port 25 --destination-port $UNPRIVPORTS -j ACCEPT<br><br># SMTP: CLIENTE (25)<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 25 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 25 -j ACCEPT<br><br># FTP: SERVIDOR (21)<br><br># REQUISICOES DE ENTRADA<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $UNPRIVPORTS -d $IPADDR --destination-port 21 -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port 21 --destination-port $UNPRIVPORTS -j ACCEPT<br><br># NODO PORT: RESPOSTA DO CANAL DE DADOS<br><br>#iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port 20 --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>#iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port $UNPRIVPORTS -d $IPADDR --destination-port 20 -j ACCEPT<br><br># MODO PASSIVE: RESPOSTA DO CANAL DE DADOS<br><br>#iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $UNPRIVPORTS -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br>#iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port $UNPRIVPORTS --destination-port $UNPRIVPORTS -j ACCEPT<br><br>################################################################################
<br># DIRETIVAS DE CONEXOES E MASCARAMENTO #<br>################################################################################<br># FTP: CLIENTE (21)<br># ---------------<br><br># REQUISICOES DE SAIDA
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 21 -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 21 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
<br><br># MODO PORT: RESPOSTA DO CANAL DE DADOS<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port 20 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port $UNPRIVPORTS --destination-port 20 -j ACCEPT
<br><br>################################################################################<br># DIRETIVAS DE CONEXOES E MASCARAMENTO #<br>################################################################################
<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p icmp --icmp-type echo-reply -d $IPADDR -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p icmp --icmp-type destination-unreachable -d $IPADDR -j ACCEPT<br><br>
iptables -A INPUT -i $EXTERNAL_INTERFACE -p icmp --icmp-type source-quench -d $IPADDR -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p icmp --icmp-type time-exceeded -d $IPADDR -j ACCEPT<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p icmp --icmp-type parameter-problem -d $IPADDR -j ACCEPT
<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p icmp -s $IPADDR --icmp-type fragmentation-needed -j ACCEPT<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p icmp -s $IPADDR --icmp-type source-quench -j ACCEPT<br><br>
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p icmp -s $IPADDR --icmp-type echo-request -j ACCEPT<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p icmp -s $IPADDR --icmp-type parameter-problem -j ACCEPT<br><br># HABILITA LOGGING PARA PACOTES PROIBIDOS SELECIONADOS
<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp -j DROP<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p udp --destination-port $PRIVPORTS -j DROP<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p udp --destination-port $UNPRIVPORTS -j DROP
<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p icmp --icmp-type 5 -j DROP<br><br>iptables -A INPUT -i $EXTERNAL_INTERFACE -p icmp --icmp-type 13/255 -j DROP<br><br>iptables -A OUTPUT -o $EXTERNAL_INTERFACE -j REJECT
<br><br><br><br><div><span class="gmail_quote">Em 10/02/07, <b class="gmail_sendername">Robert Pereira</b> <<a href="mailto:robertjs@gmail.com">robertjs@gmail.com</a>> escreveu:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Brother:</div>
<div> </div>
<div>Cola aqui na lista seu squid.conf (sem os comentários)<br><br> </div>
<div><span class="gmail_quote">Em 09/02/07, <b class="gmail_sendername">Cristiano Furtado</b> <<a href="mailto:jasonnfedora@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">jasonnfedora@gmail.com
</a>> escreveu:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;"><div><span class="e" id="q_110a9ac3fa53a881_1">Galera estou com um outro problema aqui agora. Quando ativo o squid, não consigo abrir o
<a href="http://gmail.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
gmail.com</a> e nem o msn. Não tenho nenhuma lista no squid de bloqueio, e quando eu estou acessando com o squid parado tudo funciona. Deixa eu explicar melhor os problemas: <br>1- Proxy Default<br><br>Acesso ao gmail, mais não acesso ao msn.
<br><br>2- Proxy Transparente<br><br>Não acesso ao msn nem ao <a href="http://gmail.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">gmail.com</a><br><br>Eu sinceramente não consigo entender. Estou aqui tentando resolver isso mesmo assim. valeu ae.
<br clear="all"><span><br>-- <br>Cristiano Furtado dos Santos<br>Administrador de Sistemas Linux<br><a href="http://jasonnfedora.eti.br/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://jasonnfedora.eti.br
</a><br><a href="http://fedora.org.br/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://fedora.org.br</a> </span><br></span></div>--<br>Fedora-users-br mailing list<br><a href="mailto:Fedora-users-br@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Fedora-users-br@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/fedora-users-br" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">https://www.redhat.com/mailman/listinfo/fedora-users-br
</a><br><br></blockquote></div><br>
<br>--<br>Fedora-users-br mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Fedora-users-br@redhat.com">Fedora-users-br@redhat.com</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://www.redhat.com/mailman/listinfo/fedora-users-br" target="_blank">
https://www.redhat.com/mailman/listinfo/fedora-users-br</a><br><br></blockquote></div><br><br clear="all"><br>-- <br>Cristiano Furtado dos Santos<br>Administrador de Sistemas Linux<br><a href="http://jasonnfedora.eti.br">
http://jasonnfedora.eti.br</a><br><a href="http://fedora.org.br">http://fedora.org.br</a>