Você está na página 1de 7

Squidtransparentecomcachedearquivos+Windows Update+taxadetransfernciaemdownloads

Sistemaoperacional:LinuxDebianLenny5.0 Versodokernel:2.6.261686 Versodospacotesutilizados: Squidcache:Version2.7.STABLE3 SARGVersion:2.2.5Mar032008 Apache/2.2.9 Sistemadeproxytransparente: Cachededownloaddearquivosdenomximo300MBporarquivoeumtotalde10GBde armazenamentototaldearquivos; CacheparaWindowsUpdate; Limitededownload: *30kbpspadroparatodos; *70kbpsparausurioscadastrados. Bloqueiodeblock_listdesitescomhistricodespamouvrus,atualizaoautomtica diria; Bloqueio/liberaodesite; CadastrodeIPsliberadosparaacessolivreinternet.

InstalaodoDebianLenny5.0
InstaleoDebianLenny5.0selecionandoapenasaseguinteopo: [x]Sistemabsico *NOTA:TodososendereosIPdestedocumentosodeexemplo,sendodiferentesparacadarede.

Instalaodepacotesadicionais
Apsotrminodainstalaobsica,necessrioinstalaralgunspacotesadicionais: #aptgetinstallsshsargsquidvimvimcommonapache2

Configuraodarede
VerifiqueoIPatribudomquinapeloDHCPeacesseviaSSHcomo"root". http://www.apostilao.blogspot.com

Squidtransparentecomcachedearquivos+Windows Update+taxadetransfernciaemdownloads
Editeoarquivo/etc/network/interfacesedeixeodaseguintemaneira,adaptandosuarede: #Loopback autolo ifaceloinetloopback #InterfaceInternet autoeth0 ifaceeth0inetstatic address192.168.254.1 netmask255.255.255.0 network192.168.254.0 broadcast192.168.254.255 gateway192.168.254.254 #InterfaceLAN autoeth1 ifaceeth1inetstatic address192.168.100.1 netmask255.255.255.0 network192.168.100.0 broadcast192.168.100.255 Crieosdiretrios,arquivoselinksnecessrios: #mkdir/etc/squid/conf #touch/etc/squid/conf/ips_admin #touch/etc/squid/conf/sites_bloqueados #touch/etc/squid/conf/sites_liberados #touch/etc/squid/conf/download #touch/etc/squid/conf/ips_download_70 #touch/etc/squid/conf/sistema_direto #touch/etc/squid/conf/malware_block_list #chmod777/etc/squid/confR Noarquivo/etc/squid/conf/ips_admindeveficaralistagemdosIPscomacessoliberado. Noarquivo/etc/squid/conf/sites_bloqueadosdeveficaralistagemdossitesquesobloqueados, inclusiveparaosIPslistadosem/etc/squid/conf/ips_admin. Noarquivo/etc/squid/conf/sites_liberadosdeveficaralistagemdesitesliberadosparatodaarede. http://www.apostilao.blogspot.com

Squidtransparentecomcachedearquivos+Windows Update+taxadetransfernciaemdownloads
Noarquivo/etc/squid/conf/downloaddeveficaralistagemdeextensesbloqueadasparatodaarede. Noarquivo/etc/squid/conf/ips_download_70deveficaralistagemIPsliberadosparadownloadsa 70kbparatodaarede. Noarquivo/etc/squid/conf/sistema_diretodeveficaralistagemdesitessemcacheesem autenticaoJava,maisutilizadoquandoocorremerrosaacessoasitesdebancos. Noarquivo/etc/squid/conf/malware_block_listdeveficaralistagemdossitesquecontmvruse sobloqueadosparatodaarede. Editeoseguintearquivo(senoexistir,omesmosercriado): #vim/etc/cron.daily/malwaresquid.sh Adicioneasinformaes: #!/bin/sh wgetOhttp://malware.hiperlinks.com.br/cgi/submit?action=list_squid> /etc/squid/conf/malware_block_list squidkreconfigure Salveesaia. #chmod+x/etc/cron.daily/malwaresquid.sh #sh/etc/cron.daily/malwaresquid.sh Editeoarquivo/etc/squid/squid.confcomoseguintecontedo,adaptandoasconfiguraesrede: #CachedoWindowsUpdate refresh_patternwindowsupdate.com/.*\.(cab|exe|dll|msi)10080100%43200reloadintoims refresh_patterndownload.microsoft.com/.*\.(cab|exe|dll|msi)10080100%43200reloadintoims refresh_patternwww.microsoft.com/.*\.(cab|exe|dll|msi)10080100%43200reloadintoims refresh_patternau.download.windowsupdate.com/.*\.(cab|exe|dll|msi)4320100%43200reload intoims # cache_mem128MB cache_swap_low90 cache_swap_high95 maximum_object_size300MB maximum_object_size_in_memory200KB minimum_object_size0KB http://www.apostilao.blogspot.com

Squidtransparentecomcachedearquivos+Windows Update+taxadetransfernciaemdownloads
cache_replacement_policylru memory_replacement_policylru cache_dirufs/var/spool/squid1000016256 cache_access_log/var/log/squid/access.log cache_log/var/log/squid/cache.log cache_store_log/var/log/squid/store.log pid_filename/var/run/squid.pid log_mime_hdrson hosts_file/etc/hosts redirect_children5 redirect_rewrites_host_headeron ### hierarchy_stoplistcgibin? aclQUERYurlpath_regexcgibin\? no_cachedenyQUERY connect_timeout180seconds request_timeout40seconds aclallsrc0.0.0.0/0.0.0.0 aclmanagerprotocache_object acllocalhostsrc127.0.0.1/255.255.255.255 aclSSL_portsport443563 aclSafe_portsport80#http aclSafe_portsport21#ftp aclSafe_portsport443563#https,snews aclSafe_portsport70#gopher aclSafe_portsport210#wais aclSafe_portsport102565535#unregisteredports aclSafe_portsport280#httpmgmt aclSafe_portsport488#gsshttp aclSafe_portsport591#filemaker aclSafe_portsport777#multilinghttp aclCONNECTmethodCONNECT http_accessallowmanagerlocalhost http_accessdenymanager http_accessdeny!Safe_ports http_accessdenyCONNECT!SSL_ports ####DownloadBloqueado acldownloadurlpath_regex"/etc/squid/conf/download" #BlockListatualizadanosquid http://www.apostilao.blogspot.com

Squidtransparentecomcachedearquivos+Windows Update+taxadetransfernciaemdownloads
aclmalware_block_listurl_regexi"/etc/squid/conf/malware_block_list" #CachesistemaInternodesabilitado aclsistema_diretodstdomain"/etc/squid/conf/sistema_direto"always_direct aclsistema_direto_no_cacheurl_regexi"/etc/squid/conf/sistema_direto" cachedenysistema_direto_no_cache #Arquivosdesitesbloqueadoseliberados aclbloqueadosurl_regexi"/etc/squid/conf/sites_bloqueados" aclliberadosurl_regexi"/etc/squid/conf/sites_liberados" #ArquivocomIPsdosusurioscomacessoliberado acladminsrc"/etc/squid/conf/ips_admin" ###Inciodeliberao/bloqueiodeacessos #UsurioscomacessoliberadoNOtemacessoaossitesbloqueados http_accessdenymalware_block_list http_accessdenybloqueados http_accessdenydownload http_accessallowadmin http_accessallowsistema_direto #DefineafaixadeIPsdarede acllansrc192.168.100.0/24 #Liberaacessoparaaredesomenteparaossitesliberados http_accessallowlanliberados http_accessallowdownload ######################################### ####Parmetrosparacontroledebanda ####IPscadastradosparadownload70k aclips_download_70src"/etc/squid/conf/ips_download_70" #### delay_pools2 delay_class12 delay_access1allowips_download_70 delay_class22 delay_access2allowlan delay_parameters11/170000/70000 delay_parameters21/132000/32000 ######################################### http://www.apostilao.blogspot.com

Squidtransparentecomcachedearquivos+Windows Update+taxadetransfernciaemdownloads
http_accessdenyall icp_accessallowall #Emaildoadministrador cache_mgremail@dominio.com.br #Proxytransparente http_port3128transparent #Logs cache_access_log/var/log/squid/access.log error_directory/usr/share/squid/errors/Portuguese

Configuraodocrontab
Configureocrontabadicionandoasseguintesinformaesnoarquivo/etc/crontab,daseguinte maneira: #Logsdosquid 050***/usr/bin/sargnx>/dev/null2>&1 IniciandooSquid: #squidz #/etc/init.d/squidstart

Soluodealgunsproblemas
Seocorreralgumerroparecidocomooreportadoabaixoporqueoarquivodeconfiguraode liberaes/bloqueiosestvazio.Entonoesqueadeadicionarinformaeseleparaqueno ocorrammaisoserros. Erro:"aclParseAclLine:WARNING:emptyACL:acladminsrc"/etc/squid/conf/ips_admin""

Alteraodescriptdefirewall
Adicioneasseguinteslinhasnoseuscriptdefirewallparanavegaotransparente.Lembrandoque estesumexemplo,asfaixasdeIPspodemserdiferentesemsuaredeinterna. IPTABLES=/usr/bin/iptables http://www.apostilao.blogspot.com

Squidtransparentecomcachedearquivos+Windows Update+taxadetransfernciaemdownloads
IF_INTERNA=eth1 LAN='192.168.100.0/24' $iptablestnatAPREROUTINGi$IF_INTERNAs$LANptcpdport80jREDIRECTto port3128

http://www.apostilao.blogspot.com