Logo Hardware.com.br
bfbicalho
bfbicalho Veterano Registrado
1.1K Mensagens 53 Curtidas

Squid3 não starta

#1 Por bfbicalho 26/07/2012 - 01:22
Pessoal:

Estou com o seguinte cenário:

virtual box com o ubuntu server 12.04 instalado e com a placa de rede em modo brigde

configurado o firewall e instalado o squid3(pro meu azar). até então não tinha instalado ele, mas somente com uma placa de rede em funcionamento o squid teria que funcionar normalmente como a versão anterior, mas não funcionou...

fiz os seguintes procedimentos:

criei o meu firewall:
#!/bin/bash

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

#PROXY TRANSPARENTE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

baixei o squid:

apt-get install squid

porém veio o squid3, aí comecei a configurar normalmente com as políticas que eu sempre fiz uso e no squid.conf o diretório squid, modifiquei para o squid3. criei o diretório de cache do squid e apliquei o chmod 777. iniciei o squid e deu o primeiro problema:

root@squid:~# squid3 -k reconfigure
2012/07/26 01:16:21| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'.
2012/07/26 01:16:21| SECURITY NOTICE: Overriding config setting. Using 'all' instead.
2012/07/26 01:16:21| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2012/07/26 01:16:21| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2012/07/26 01:16:21| WARNING: You should probably remove '::/0' from the ACL named 'all'
2012/07/26 01:16:21| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/07/26 01:16:21| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/07/26 01:16:21| WARNING: For now we will assume you meant to write /32

comentei a acl '0.0.0.0/0.0.0.0' e o problema sumiu:

squid.conf

# Regras do SQUID

# Dados do Squid
http_port 3128 transparent
visible_hostname Proxy.SQUID

# Configuração do cache
cache_mem 128 MB
maximum_object_size_in_memory 128 KB
maximum_object_size 300 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/cache/squid 2048 16 256

# Mensagens de erro do Squid em Português
error_directory /usr/share/squid/errors/Portuguese

# Localizacao do arquivo de log do Squid
cache_access_log /var/log/squid/access.log

# Atualizacao do Cache
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 20% 2280
refresh_pattern . 15 20% 2280

# IP's da rede local liberando todo o nivel de acesso
acl ip_liberado src "/etc/squid/ip_liberado"
http_access allow ip_liberado

# Sites Liberados
acl liberado url_regex -i "/etc/squid/sites_permitidos"
http_access allow liberado

#Palavras Liberadas
#acl liberados url_regex -i "/etc/squid/palavras_liberadas"
#http_access allow liberados

# Regras de bloqueio de site (por palavras)
acl palavra url_regex -i "/etc/squid/palavras_negadas"
http_access deny palavra

# Regras de bloqueio de site (por url)
acl site url_regex -i "/etc/squid/sites_negados"
http_access deny site

# IP's da rede local bloqueados
#acl ip_negado url_regex -i "/etc/squid/ip_negado"
#http_access deny ip_negado

#Bloqueando msn e webmessenger
#acl msn url_regex -i gateway.dll
#http_access deny msn

####BLOQUEIO PARA MSN############

#Regras para tratamento do MSN
acl msnmessenger url_regex -i gateway/gateway.dll? login.live.com
acl MSN rep_mime_type -i ^application/x-msn-messenger$

#Usuarios com acesso ao MSN
acl commsn src "/etc/squid/commsn"
http_access allow commsn MSN
http_access allow commsn msnmessenger
acl webmsn url_regex "/etc/squid/webmsn"
http_access allow commsn webmsn
http_access deny MSN
http_access deny msnmessenger
http_access deny webmsn


#acl bqmsn dstdomain passport.com
#http_access deny bqmsn

#Yahoo Messenger service
#acl Yahoo-Mess src "/etc/squid/yahoo"
#http_access deny Yahoo-Mess

#Limite de download
#acl down_ilimitado url_regex -i "/etc/squid/ilimitados"
#reply_body_max_size 20971520 deny all !down_ilimitado

#Liberacao gtalk
#acl ip_gtalk_google url_regex -i "/etc/squid/ip_gtalk_liberado"
#http_access allow ip_gtalk_google

#Bloqueio de google talk
#acl blocktlk url_regex -i chatenabled.gmail.com
#http_access deny blocktlk

#Bloqueio por download de arquivo
#acl download url_regex -i "/etc/squid/download"
#http_access deny download

#Autenticação
#auth_param basic realm Proxy Servidor
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#acl autenticados proxy_auth REQUIRED
#http_access allow autenticados
#auth_param basic children 5
#auth_param basic realm Digite a sua senha
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off

# Media Streams

## Flash Video Format
#acl media rep_mime_type video/flv video/x-flv
#acl mediapr urlpath_regex \.flv(\?.*)?$

#http_access deny mediapr
#http_reply_access deny media

## MediaPlayer MMS Protocol
#acl mms rep_mime_type mms
#acl mmspr url_regex dvrplayer mediastream ^mms://
#http_access deny mmspr
#http_reply_access deny mms

## Active Stream Format (Windows Media Player)
#acl wmp rep_mime_type x-ms-asf
#acl wmppr urlpath_regex \.(afx|asf)(\?.*)?$
#http_access deny wmppr
#http_reply_access deny wmp

################## ACL for Radio / Video Stream ###########################
#acl StreamingRequest1 req_mime_type -i ^video/x-ms-asf$
#acl StreamingRequest2 req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
#acl StreamingRequest3 req_mime_type -i ^application/x-mms-framed$
#acl StreamingRequest4 req_mime_type -i ^audio/x-pn-realaudio$
#acl StreamingReply1 rep_mime_type -i ^video/x-ms-asf$
#acl StreamingReply2 rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
#acl StreamingReply3 rep_mime_type -i ^application/x-mms-framed$
#acl StreamingReply4 rep_mime_type -i ^audio/x-pn-realaudio$
################## ACL for Radio / Video Stream ###########################

#Edit File in squid.conf above line in http_access Zone.
#################### Rules to block Radio / Video Stream #################
#http_access deny StreamingRequest1 all
#http_access deny StreamingRequest2 all
#http_access deny StreamingRequest3 all
#http_access deny StreamingRequest4 all

#http_reply_access deny StreamingReply1 all
#http_reply_access deny StreamingReply2 all
#http_reply_access deny StreamingReply3 all
#http_reply_access deny StreamingReply4 all
#################### Rules to block Radio / Video Stream #################

#[edit2] se vc quer ser o tecnico/suporte mais odiado use isso ( se bem que essas coisas sao pra evitar o uso da banda mas vc sera odiado por causa disso)

## Stop multimedia downloads ##
#acl useragent browser -i ^.*NSPlayer.*
#acl useragent browser -i ^.*player.*
#acl useragent browser -i ^.*Windows-Media-Player.*
#acl useragentq rep_mime_type ^.*video.*
#acl useragentq rep_mime_type ^.*audio.*
#http_access deny useragent
#http_access deny useragentq

# Regras de bloqueio (o IP x somente tem acesso aos sites y)
#acl site_restrito dstdomain "/etc/squid/site_restrito"
#acl ip_restrito src "/etc/squid/ip_restrito"
#http_access deny ip_restrito !site_restrito

# Regras de bloqueio (os IPs x não tem acesso aos sites por palavras y)
#acl palavras1 url_regex -i "/etc/squid/palavras_negadas1"
#acl ips_restritos src "/etc/squid/ips_restritos"
#http_access deny palavras1 ips_restritos

#Regras de gerais
#acl all src 0.0.0.0/0.0.0.0
http_access allow all
always_direct allow all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https, news
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistred ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #swat
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# Libera para a rede local
acl redelocal src 192.168.0.0/24
http_access allow localhost
http_access allow redelocal

# Bloqueia o resto
#http_access deny all

# Paginas de Informacoes
#deny_info down.htm download

daí apareceu mais um problema:

apliquei o comando reconfigure e o resultado foi esse:


root@squid:~# squid3 -k reconfigure
2012/07/26 01:17:28| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/07/26 01:17:28| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/07/26 01:17:28| WARNING: For now we will assume you meant to write /32

alguém ppode me dizer onde errei no procedimento? e que erros são esses?

Obrigado pela ajuda.
placa rede instalado starta squid3
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal