Welcome to Soft32 Linux Forums!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Firewall Proxy - Have a Problem?

  
   Soft32 Home -> Linux -> Firewall RSS
Next:  apomorphine  
Author Message
Yuri Rodrigues

External


Since: Oct 27, 2007
Posts: 2



(Msg. 1) Posted: Sat Oct 27, 2007 8:00 am
Post subject: Firewall Proxy - Have a Problem?
Archived from groups: linux>debian>maint>firewall (more info?)
Hello everyone,

Recently tried to deploy this proxy (squid) in a client, but the
performance was bad. Access to the Internet was slow.
Is there any serious failure that committed without realizing?
They help me make it better?

The configuration of the machine was:
Processor: 3000 MHz (Pentium IV)
Memory: 1 GB
Hard Disk: 80 Gb

* The configuration file for squid is this:*

################ Squid ######################

### Arquivo de Configuracao do Squid
### Yuri Rodrigues - yurirbraz.RemoveThis@gmail.com

#### Tags Comuns
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_mem 192 Mb
cache_swap_log /var/spool/squid/swap.log
cache_dir diskd /var/spool/squid 1024 16 256
maximum_object_size_in_memory 64 KB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95

### Tags Proxy Autenticado
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours

####################################

# Porta de acesso a internet
http_port 3128 transparent

# Nome da rede
visible_hostname champ

# esta ACL que exige a autenticacao dos usuarios
#acl USUARIOS proxy_auth REQUIRED

# ACL que identifica toda a rede
acl all src 192.168.0.0/16

### Bloqueio do msn
acl msnbloque url_regex -i "/etc/squid/srcmsn"
acl msnlibera src "/etc/squid/msnliberados"
http_access deny msnbloque !msnlibera
#########################

### Grupo de ips liberados
acl cpd src "/etc/squid/liberados"
http_access allow cpd
################################

######## Zona de Seguranca A #############
acl grupo1 src "/etc/squid/grupo1"
acl sites_grupo1 url_regex -i "/etc/squid/sites_grupo1.txt"
http_access allow grupo1 sites_grupo1
##################################

######## Zona de Seguranca B #############
#acl grupo2 src "/etc/squid/grupo2"
#acl sites_grupo2 url_regex -i "/etc/squid/sites_grupo2.txt"
#http_access allow grupo2 sites_grupo2
##################################

######## Zona de Seguranca Wifi #############
acl wifi src "/etc/squid/wifi"
acl sites_wifi url_regex -i "/etc/squid/sites_wifi.txt"
http_access allow wifi sites_wifi
##################################

# Bloquear todo o resto
http_access deny all



*The rules of firewall used were these:*

#! /bin/sh

iptables -F
iptables -t nat -F
iptables -t mangle -F

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

/sbin/modprobe iptable_nat
/sbin/modprobe ip_tables
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack
/sbin/modprobe ipt_multiport
/sbin/modprobe iptable_mangle

iptables -I PREROUTING -t nat -p tcp -s 192.168.0.0/16 --dport 80 -j
REDIRECT --to-port 3128

iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -j MASQUERADE

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A FORWARD -s 192.168.0.0/16 -d loginnet.passport.com -j REJECT

iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 25255 -j
DNAT --to 192.168.1.200

iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 20 -j
DNAT --to 192.192.1.200

iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 21 -j
DNAT --to 192.168.1.200


Since already many thanks to all.

Have a great day.



--
To UNSUBSCRIBE, email to debian-firewall-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org
Back to top
Login to vote
Yuri Rodrigues

External


Since: Oct 27, 2007
Posts: 2



(Msg. 2) Posted: Sun Oct 28, 2007 8:30 am
Post subject: Re: Firewall Proxy - Have a Problem? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Obrigado Diego,

Fiz as alterações, agora vou fazer uns testes. Depois posto o resultado
para a lista.
Muito obrigado.

Grato,

Yuri Rodrigues.


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org
Back to top
Login to vote
Display posts from previous:   
Related Topics:
[gentoo-user] emerge problem (proxy? firewall?) - Hi all, I have a Gentoo PC connected to the net through a proxy that I cannot access. I can surf the net, but wget..

seeking linux gateway/router/proxy/firewall advice - im sure there are people more knowledgeble then me in this area and i wanted to run this by them for a sanity check /....

[gentoo-user] Problem with proxy authentication - Hi, I have modified my etc.make.conf for a proxy with authetication according to the Gentoo FAQ. It works but only if....

Proxy Server - Hi, there, I am going to setup a proxy server to my RH9.0 Linux box (LAN:192.168.1.1). What I want is, for example:..

How to force use of proxy? - Hi I am running RH7.3 on my lan gateway and recently installed squid proxy to enable me to control the web pages my..

Please help with proxy authentification - Hello all I hope someone can help me with the next problem. We have an corperate network with W2K and windows NT..
       Soft32 Home -> Linux -> Firewall All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
 Windows
  Linux
 Mac
 PDA

[ Contact us | Terms of Service/Privacy Policy ]