ragazzi dopo avere installato Samba come pdc sto cercando ora di far funzionare Squid sulla stessa macchina. In rc.local ho impostato alcune regole di firewalling e masquerade:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -i eth1 -j DROP
iptables -A FORWARD -s 10.0.0.0/8 -i eth1 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -i eth1 -j DROP
iptables -A FORWARD -s 172.16.0.0/12 -i eth1 -j DROP
iptables -A INPUT -s 192.168.0.0/16 -i eth1 -j DROP
iptables -A FORWARD -s 192.168.0.0/16 -i eth1 -j DROP
iptables -A INPUT -s 224.0.0.0/3 -i eth1 -j DROP
iptables -A FORWARD -s 224.0.0.0/3 -i eth1 -j DROP
iptables -A INPUT -s 127.0.0.1 -i eth1 -j DROP
iptables -A FORWARD -s 127.0.0.1 -i eth1 -j DROP
iptables -A INPUT -i eth1 -p tcp --dport 1024:65535 -j ACCEPT
iptables -A InPUT -i eth1 -p udp --dport 1024:65535 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 2/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A FORWARD -i eth1 -o eth0 -m state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
aggiungendo poi:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
per redirigere il traffico http sullo squid locale.
il file squid.conf :
http_port 3128
icp_port 3130
cache_mem 8 MB
cache_dir ufs /var/log/squid/cache 100 16 256
cache_access_log /var/log/squid/logs/access.log
cache_log /var/log/squid/logs/cache.log
cache_store_log /var/log/squid/logs/store.log
emulate_httpd_log off
mime_table /etc/squid/mime.conf
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl locallan src 192.168.0.0/255.255.255.0
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow locallan
http_access deny all
cache_effective_user nobody
cache_effective_group nobody
adesso non funzione più la condivisione internet. Sto approfondendo Squid ma intanto mi piacerebbe vederlo funzionare, e' da più di un giorno ch ci smanetto senza risultati