Holas...
estoy teniendo un problema al configurar un servidor proxy ( SQUID ), me he leido ya dos manuales ( de rapides ) pero no logro que las maquinas de la red accedan a internet...
les paso la configuracion de mi Pc (el servidor)..
conf. Red
eth0 --->> 192.168.1.211/24 ( acceder internet )
eth1 --->> 192.168.0.211/24 ( red local )
************************************************** ****
conf. squid (squid .conf)
http_port 3128
icp_port 3130
cache_peer 192.168.0.211 parent 3128 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
maximum_object_size 4096 KB
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
reply_body_max_size 4096 KB
refresh_pattern . 0 20% 432
reference_age 1 month
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl redlocal src 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow redlocal
http_access deny all
icp_access allow all
cache_mgr
[email protected]
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
************************************************** *****
conf. iptables
#!/bin/sh
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_TOS
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_LOG
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
if [ -e /proc/sys/net/ipv4/ip_forward ]; then
echo 0 > /proc/sys/net/ipv4/ip_forward
fi
enmascaramiento
/sbin/iptables -t filter -P FORWARD DROP
externo-interno
/sbin/iptables -t filter -A FORWARD -d 0/0 -s 192.168.0.0/255.255.255.0 -o eth1 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -d 192.168.0.0/255.255.255.0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o eth0 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A INPUT -s 192.168.0.0/255.255.255.0 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -s 192.168.0.0/255.255.255.0 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p icmp -s 192.168.0.0/255.255.255.0 -d 0/0 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
************************************************** ***
NOTA: mi servidor proxy sale por un router ADSL (modo multipuesto), le he redirecionado el puerto 3128 a mi server...
Las maquinas tienen configurada la ip de la eth1 de servidor proxy, el router y la eth0 estan en la misma red
disculpen el post tan largo!!!!!!
espero me puedan ayudar...