Увидели сообщение с непонятной ссылкой, спам, непристойность или оскорбление?Воспользуйтесь ссылкой «Сообщить модератору» рядом с сообщением!
0 Пользователей и 1 Гость просматривают эту тему.
acl all src 0.0.0.0/0.0.0.0acl usr src 192.168.1.2-192.168.1.49acl manager proto cache_objectacl localhost src 127.0.0.1/32acl SSL_ports port 443 # httpsacl SSL_ports port 563 # snewsacl SSL_ports port 873 # rsyncacl SSL_ports port 5222 # jabber0acl SSL_ports port 5223 # jabber1acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 123 # NTPacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl Safe_ports port 631 # cupsacl Safe_ports port 873 # rsyncacl Safe_ports port 901 # SWATacl purge method PURGEacl CONNECT method CONNECThttp_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny CONNECT !SSL_portshttp_access deny !Safe_portshttp_access allow usrhttp_access deny usrhttp_access deny allhttp_port 8085 transparenticp_port 0hierarchy_stoplist cgi-bin ?access_log /SQUID/log/access.log squidlogfile_rotate 4refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880refresh_pattern . 0 20% 4320acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]upgrade_http0.9 deny shoutcastacl apache rep_header Server ^Apachebroken_vary_encoding allow apacheextension_methods REPORT MERGE MKACTIVITY CHECKOUThosts_file /etc/hostscoredump_dir /SQUIDcache_mem 64 MBmaximum_object_size 4096 KBmaximum_object_size_in_memory 512 KBcache_dir ufs /SQUID/cache 4096 16 256cache_log /SQUID/log/cache.logcache_store_log /SQUID/log/store.logpid_filename /SQUID/log/squid.pidcache_effective_user proxycache_effective_group proxy
# Generated by iptables-save v1.4.4 on Tue May 31 16:21:55 2011*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [5:4556]:OUTPUT ACCEPT [0:0]-A INPUT -i eth0 -j ACCEPT-A INPUT -i eth1 -p udp -j ACCEPT-A INPUT -i eth1 -p tcp -j ACCEPT-A FORWARD -j ACCEPT-A OUTPUT -j ACCEPTCOMMIT# Completed on Tue May 31 16:21:55 2011# Generated by iptables-save v1.4.4 on Tue May 31 16:21:55 2011*mangle:PREROUTING ACCEPT [414:389052]:INPUT ACCEPT [26:1820]:FORWARD ACCEPT [388:387232]:OUTPUT ACCEPT [21:9869]:POSTROUTING ACCEPT [409:397101]COMMIT# Completed on Tue May 31 16:21:55 2011# Generated by iptables-save v1.4.4 on Tue May 31 16:21:55 2011*nat:PREROUTING ACCEPT [0:0]:POSTROUTING ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A PREROUTING ! -d 192.168.1.0/24 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 8085 COMMIT# Completed on Tue May 31 16:21:55 2011
...-A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -p udp -j SNAT --to-source 192.168.50.254 -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -p tcp -j SNAT --to-source 192.168.50.254...
*filter:INPUT ACCEPT [0:0]
-A INPUT -i eth0 -j ACCEPT-A INPUT -i eth1 -p udp -j ACCEPT-A INPUT -i eth1 -p tcp -j ACCEPT
*nat:PREROUTING ACCEPT [0:0]....-A PREROUTING ! -d 192.168.1.0/24 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 8085
если я удаляю squid (dpkg -P squid) и раздаю интернет через iptables
sudo /etc/init.d/squid3 stop
Уверены, что клиенты через прокси ходят?
Трэйсерт с клиентов.
traceroute to www.google.ru (74.125.77.104), 30 hops max, 60 byte packets 1 uServer (192.168.1.1) 0.192 ms 0.139 ms 0.130 ms 2 192.168.50.1 (192.168.50.1) 1.683 ms 2.542 ms 3.905 ms 3 213.228.117.148.ncc.sibirtelecom.ru (213.228.116.148) 610.303 ms 610.533 ms 610.962 ms
traceroute to www.google.ru (74.125.232.80), 30 hops max, 60 byte packets 1 192.168.50.1 (192.168.50.1) 1.340 ms 2.230 ms 3.237 ms 2 213.228.117.148.ncc.sibirtelecom.ru (213.228.116.148) 188.596 ms 188.986 ms 189.280 ms
Страница сгенерирована за 0.051 секунд. Запросов: 25.