Entonces el orden de las líneas si afecta? Es como Iptables? Muchas gracias, Saludos
Daniel Ortiz Gutierrez El 30/05/2012, a las 14:49, Ernesto Pérez Estévez <cen...@ecualinux.com> escribió: > On 05/30/2012 02:15 PM, Daniel wrote: >> Así? Ya corregí pero aun así Deja pasar todo. >>>>>> acl manager proto cache_object >>>>>> acl localhost src 127.0.0.1/32 ::1 >>>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >>>>>> acl localnet src 10.1.0.0/17 >>>>>> acl google src 74.125.0.0/16 >>>>>> acl youtube srcdomain .youtube.com >>>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>>> http_access allow manager localhost >>>>>> http_access deny manager >>>>>> http_access allow localnet >>>>>> http_access allow localhost >>>>>> http_port 10.1.50.252:8080 intercept >>>> http_access deny google >>>> http_access deny youtube >>>> http_access deny youtube_2 >>>> visible_hostname proxy.lsvp > > ok, si ese es el orden, entonces no está bien, porque estás poniendo el > allow localnet delante de los deny, y siempre se irán por el allow entonces > saludos > epe > > >> >> Daniel Ortiz Gutierrez >> >> El 30/05/2012, a las 13:03, Ernesto Pérez Estévez<cen...@ecualinux.com> >> escribió: >> >>> On 05/30/2012 12:55 PM, Daniel wrote: >>>>>> acl manager proto cache_object >>>>>> acl localhost src 127.0.0.1/32 ::1 >>>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >>>>>> acl localnet src 10.1.0.0/17 >>>>>> acl google src 74.125.0.0/16 >>>>>> acl youtube srcdomain .youtube.com >>>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>>> http_access allow manager localhost >>>>>> http_access deny manager >>>>>> http_access allow localnet >>>>>> http_access allow localhost >>>>>> http_port 10.1.50.252:8080 intercept >>>> http_access deny google >>>> http_access deny youtube >>>> http_access deny youtube_2 >>>> visible_hostname proxy.lsvp >>>> >>>> Perdón no puse el archivo de configuración completo. >>> ahora dudo de la posición del http_access (porque tú usas http_port >>> aquí, parámetro que no comprendo) >>> >>> >>>> >>>> Daniel Ortiz Gutierrez >>>> >>>> El 30/05/2012, a las 12:33, Ernesto Pérez Estévez<cen...@ecualinux.com> >>>> escribió: >>>> >>>>> On 05/30/2012 12:09 PM, Daniel wrote: >>>>>> Saludos >>>>>> >>>>>> Instale Squid 3.1 en un centos 6.2 minimo, con un "yum install squid" >>>>>> este es el archivo de configuracion, >>>>>> >>>>>> acl manager proto cache_object >>>>>> acl localhost src 127.0.0.1/32 ::1 >>>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >>>>>> acl localnet src 10.1.0.0/17 >>>>>> >>>>>> acl google src 74.125.0.0/16 >>>>>> acl youtube srcdomain .youtube.com >>>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>>> >>>>> quizá leí muy rápido, pero veo la ACL definida mas no el http_access >>>>> para denegar o permitir lo que machee con esa acl >>>>> >>>>>> >>>>>> http_access allow manager localhost >>>>>> http_access deny manager >>>>>> http_access allow localnet >>>>>> http_access allow localhost >>>>>> http_port 10.1.50.252:8080 intercept >>>>>> >>>>>> acl google src 74.125.0.0/16 >>>>>> acl youtube srcdomain .youtube.com >>>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e >>>>>> intentado con otras direcciones para ver si es problema de https pero >>>>>> incluso cuando pongo >>>>>> >>>>>> acl all src all >>>>>> http_access all deny >>>>>> >>>>>> me sigue dejando navegar sin problemas, mis reglas de iptables son: >>>>>> >>>>>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports >>>>>> 8080 >>>>>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT >>>>>> >>>>>> el puerto 443 esta abierto por que no me estoy metiendo con https, por >>>>>> el momento. >>>>>> >>>>>> Saludos y espero alguien me pueda ayudar. >>>>>> _______________________________________________ >>>>>> CentOS-es mailing list >>>>>> CentOS-es@centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos-es >>>>>> >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> _______________________________________________ >>>>> CentOS-es mailing list >>>>> CentOS-es@centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos-es >>>> _______________________________________________ >>>> CentOS-es mailing list >>>> CentOS-es@centos.org >>>> http://lists.centos.org/mailman/listinfo/centos-es >>>> >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> _______________________________________________ >>> CentOS-es mailing list >>> CentOS-es@centos.org >>> http://lists.centos.org/mailman/listinfo/centos-es >> _______________________________________________ >> CentOS-es mailing list >> CentOS-es@centos.org >> http://lists.centos.org/mailman/listinfo/centos-es >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > CentOS-es mailing list > CentOS-es@centos.org > http://lists.centos.org/mailman/listinfo/centos-es _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
