Bienvenido(a) a Alcance Libre 31/01/2023, 05:04
|
![]() |
Índice del foro > Todo acerca de Linux > Redes y Servidores |
![]() ![]() |
![]() |
proser |
|
||||||
![]() ![]() ![]() ![]() ![]() Nuevo Estado: desconectado ![]() Identificado: 08/09/11 Mensajes: 3 |
El squid y el shorewall me funcionan correctamente para usuarios que tienen configurado el proxy, sin embargo quiero que sea transparente para un grupo de usuarios móviles los cuales tienen que estar cambiando las configuraciones de acceso a internet en sus equipos y no tienen conocimiento de como hacerlo.
con la siguiente configuración pueden navegar por hhtps pero no por http, alguna recomendación? Configuracion shorewall/rules PHP Formatted Code # # Shorewall -- /etc/shorewall/rules # # For information on the settings in this file, type "man shorewall-rules" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-rules.html # ############################################################################################################################################################## #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER ?SECTION ALL ?SECTION ESTABLISHED ?SECTION RELATED ?SECTION INVALID ?SECTION UNTRACKED ?SECTION NEW #Ping/ACCEPT lan fw ACCEPT lan fw tcp 8080,80 ACCEPT all fw tcp 22,20,21,80,443,30300:30309 ACCEPT all fw icmp 8 - - 10/sec:5 REDIRECT lan 8080 tcp 80 ACCEPT lan wan tcp 25,110,143,465,587,993,995 #ACCEPT lan wan tcp 43,53,63,123 ACCEPT lan wan udp 43,53,63,123 ACCEPT lan wan icmp 8 - - 20/sec:10 ACCEPT lan wan:200.23.91.0/24 all ACCEPT lan:192.168.5.10 wan all Configuracion Squid.conf PHP Formatted Code acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl usuarios src 192.168.5.50/24 192.168.5.254/24 acl gerencia src 192.168.5.1/24 192.168.5.30/24 # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager http_access allow gerencia http_access allow usuarios # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all |
||||||
|
|||||||
proser |
|
||||||
![]() ![]() ![]() ![]() ![]() Nuevo Estado: desconectado ![]() Identificado: 08/09/11 Mensajes: 3 |
Solucionado con la siguiente configuración en /etc/shorewall/rules
ACCEPT lan fw tcp 8080 ACCEPT all fw tcp 22,20,21,80,443,30300:30309 ACCEPT all fw icmp 8 - - 10/sec:5 ACCEPT lan wan tcp 25,110,143,465,587,993,995 ACCEPT lan wan tcp 43,53,63,123 ACCEPT lan wan udp 43,53,63,123 ACCEPT lan wan icmp 8 - - 20/sec:10 ACCEPT lan wan:200.23.91.0/24 all ACCEPT lan:192.168.5.10 wan all ~ Saludos! |
||||||
|
|||||||
Contenido generado en: 0.12 segundos |
![]() ![]() |
Todas las horas son CST. Hora actual 05:04 AM. |
|
|