tenta usar seu firewall assim: #=========================== if_in=xl1 if_out=xl0 minharede=192.168.0.0/24
00060 skipto 60000 ip from <http://192.168.0.0/24> $minharede to 200.201.160.0/20 00061 skipto 60000 ip from <http://192.168.0.0/24>$minharede to 200.201.166.0/24 00062 skipto 60000 ip from $minharede to 200.201.173.0/24 00063 skipto 60000 ip from $minharede to 200.201.174.0/24 00100 allow tcp from me to any dst-port 80 via $if_out 00101 fwd 127.0.0.1,3128 tcp from $minharede to any dst-port 80 in via $if_in 60000 divert 8668 ip from $minharede to any out via $if_out 60001 divert 8668 ip from any to me in via $if_out 65535 allow ip from any to any #===================== Em 2 de dezembro de 2011 17:16, Rodrigo Calado < rodrigocal...@rodrigocalado.com.br> escreveu: > Olá, > Já li diversos fóruns, fiz os ajustes coerentes e a mensagem > continua. Vejam os arquivos de configuração: > > rc.conf > > defaultrouter="186.215.69.177" > gateway_enable="YES" > hostname="fw.gransig.grancursos.com.br" > ifconfig_xl0="inet 186.215.69.182 netmask 255.255.255.248" > ifconfig_xl1="inet 192.168.0.254 netmask 255.255.255.0" > > natd.conf > > interface xl0 > dynamic yes > use_sockets yes > same_ports yes > > ipfw > > 00050 divert 8668 ip from any to any via xl0 > 00051 skipto 60000 ip from table(15) to any > 00060 skipto 60000 ip from 192.168.0.0/24 to 200.201.160.0/20 > 00061 skipto 60000 ip from 192.168.0.0/24 to 200.201.166.0/24 > 00062 skipto 60000 ip from 192.168.0.0/24 to 200.201.173.0/24 > 00063 skipto 60000 ip from 192.168.0.0/24 to 200.201.174.0/24 > 00064 divert 8668 ip from any to any via xl0 > 00100 allow tcp from me to any dst-port 80 > 00101 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 > 65535 allow ip from any to any > > squid.conf > > http_port 127.0.0.1:3128 transparent > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > acl SWF urlpath_regex swf > no_cache deny SWF > cache_mem 100 MB > cache_swap_low 90 > cache_swap_high 95 > maximum_object_size 512 KB > logfile_rotate 3 > cache_dir ufs /usr/local/squid/cache 2000 16 256 > cache_access_log /usr/local/squid/logs/access.log > cache_log /usr/local/squid/logs/cache.log > cache_store_log /usr/local/squid/logs/store.log > dns_nameservers 8.8.8.8 8.8.4.4 > hosts_file /etc/hosts > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > cache_mgr webmas...@grancursos.com.br > cache_effective_user squid > cache_effective_group squid > visible_hostname fw.gransig.grancursos.com.br > error_directory /usr/local/etc/squid/errors/Portuguese > coredump_dir /usr/local/squid/cache > > #>>>>>>>>ACLS Gerais<<<<<<<<<<<< > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > #>>>>>>>>>ACLS de Controle<<<<<<<<<<<<<< > > acl rede src 192.168.0.0/24 #Rede > > acl liberados url_regex -i "/usr/local/squid/web/liberados.sites" > > acl administrativo src "/usr/local/squid/web/administrativo" > acl diretoria src "/usr/local/squid/web/diretoria.txt" > acl term_consulta src "/usr/local/squid/web/term_consulta.txt" > acl consulta_portal url_regex -i > "/usr/local/squid/web/consulta_portal.txt" > > # Novas regras acl adicionadas by ROD_NOKEY. > > acl spyware url_regex -i "/usr/local/squid/web/spyware.txt" # Lista com > dom?nios de spyware. > acl chat url_regex -i "/usr/local/squid/web/chat.txt" # Lista com dom?nios > de chat. > acl redirector url_regex -i "/usr/local/squid/web/redirector.txt" # Lista > com dom?nios de sites que funcionam como browser. > acl violence url_regex -i "/usr/local/squid/web/violence.txt" # Lista com > dom?nios de viol?ncia. > acl warez url_regex -i "/usr/local/squid/web/warez.txt" # Lista com > dom?nios de warez, torrents e upfiles. > acl webtv url_regex -i "/usr/local/squid/web/webtv.txt" # Lista com > dom?nios de webtv. > acl msn url_regex -i "/usr/local/squid/web/msn.txt" # Lista para bloquear > MSN apenas. > > > # Bloqueio de ICQ > acl bloq_icq req_mime_type -i ^application/x-Icq$ > > #>>>>>>>>>>Diretivas http_accesss Padrao<<<<<<<<<< > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_reply_access allow all > icp_access allow all > > > #>>>>>>>>>Diretivas http_access Customizadas<<<<<< > > # A regra abaixo est? bloqueando todas as listas de dom?nios das regras acl > # e retirando os IP's da secretaria e do call center da rede > 192.168.0.0/24. > > http_access allow !administrativo !chat !spyware !redirector !violence > !warez !bloq_icq !term_consulta rede > > http_access allow administrativo liberados > > http_access allow term_consulta consulta_portal > > http_access allow all diretoria > > http_access deny all > > Compilação > > # This file is auto-generated by 'make config'. > # No user-servicable parts inside! > # Options for squid-3.0.24 > _OPTIONS_READ=squid-3.0.24 > WITH_SQUID_KERB_AUTH=true > WITHOUT_SQUID_LDAP_AUTH=true > WITH_SQUID_NIS_AUTH=true > WITHOUT_SQUID_SASL_AUTH=true > WITHOUT_SQUID_DELAY_POOLS=true > WITH_SQUID_SNMP=true > WITH_SQUID_CARP=true > WITHOUT_SQUID_SSL=true > WITHOUT_SQUID_PINGER=true > WITHOUT_SQUID_DNS_HELPER=true > WITHOUT_SQUID_HTCP=true > WITHOUT_SQUID_VIA_DB=true > WITHOUT_SQUID_CACHE_DIGESTS=true > WITH_SQUID_WCCP=true > WITHOUT_SQUID_WCCPV2=true > WITHOUT_SQUID_STRICT_HTTP=true > WITH_SQUID_IDENT=true > WITHOUT_SQUID_REFERER_LOG=true > WITHOUT_SQUID_USERAGENT_LOG=true > WITHOUT_SQUID_ARP_ACL=true > WITHOUT_SQUID_IPFW=true > WITHOUT_SQUID_PF=true > WITHOUT_SQUID_IPFILTER=true > WITHOUT_SQUID_ICAP=true > WITHOUT_SQUID_ESI=true > WITHOUT_SQUID_AUFS=true > WITHOUT_SQUID_COSS=true > WITH_SQUID_KQUEUE=true > WITHOUT_SQUID_LARGEFILE=true > WITHOUT_SQUID_STACKTRACES=true > WITHOUT_SQUID_DEBUG=true > > Alguma sugestão? > > Att., > Rodrigo Calado. > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
