Eu j� havia colocado estas ACL�s no meu squid.conf, segue abaixo um
trecho para analise:
------Inicio Pedaco squid.conf
acl password proxy_auth /etc/squid/passwd REQUIRED
#
#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl craz src 172.16.8.0/255.255.248.0
acl colegio_centro src 172.16.64.0/255.255.248.0
acl router_craz src 172.16.56.0/255.255.248.0
acl colegio_leste src 172.16.72.0/255.255.248.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 80 8080 98 443 901 563 70 210 1025-65535
acl CONNECT method CONNECT
acl horario_trab time 08:00-09:00
acl download urlpath_regex .*\.exe$ .*\.zip$ .*\.arj$ .*\.mp3$
.*\.wmp$
acl informatica proxy_auth osni alex wesley
acl webmail_bol urlpath_regex .*\webmail.exe$
acl intranet urlpath_regex server.craz.net
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# Access to the ICP port:
# icp_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to allow
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow craz password
http_access allow colegio_centro password
http_access allow colegio_leste password
http_access deny download !informatica !webmail_bol
http_access deny all !intranet
# TAG: icp_access
# Reply to all ICP queries we receive
#
icp_access allow all
-----Fim pedaco squid.conf
>
> > Sds,
> >
> > Tenho um Proxy SQUID rodando no Conectiva 4.2 e estou com
> o seguinte
> > problema: Na rede interna est� tudo funcionando beleza, porem nas
> > minhas subnets externas, que sao ligadas via
> roteadores/Frame-relay
> > elas n�o conseguem navegar pq o SQUID est� negando acesso. Existe
> > alguma configura��o especifica para aceitar requisicao de outras
> > subnets.
> > Tambem estou usando o Linux como um roteador entre as redes.
>
>
> Ola,
>
> Isso com certeza e' um problema para as ACL's. Voce
> deve ter ACL's
> para suas sub-redes:
> acl subnet1 src ip_rede1/mask_rede1
> acl subnet2 src ip_rede2/mask_rede2
>
> E colocar as entradas de http_access:
> http_access allow subnet1
> http_access allow subnet2
>
> Abraco!
> Alejandro
>
>
/-----------------------/
/Alex Souza Silveira /
/Analista de Sistemas /
/Cruz Azul de S�o Paulo /
/Ramal 4043 /
/-----------------------/
Assinantes em 18/07/2001: 2255
Mensagens recebidas desde 07/01/1999: 123530
Historico e [des]cadastramento: http://linux-br.conectiva.com.br
Assuntos administrativos e problemas com a lista:
mailto:[EMAIL PROTECTED]
