Hi..
I'm making a transparent proxy with pf and squid 3 in FreeBSD 8.
When I set the configuration of proxy in my browser, the internet worked, but without this configuration, don't work.
I believe in my squid.conf and pf.conf is almost corrects.
This is my pf.conf:
All permissions was configured.In /etc/devfs.conf , in /dev/pf..
This is my squid.conf:
Thanks.
Orige
I'm making a transparent proxy with pf and squid 3 in FreeBSD 8.
When I set the configuration of proxy in my browser, the internet worked, but without this configuration, don't work.
I believe in my squid.conf and pf.conf is almost corrects.
This is my pf.conf:
Code:
EXTIF="bge0" #recebe a internet
INTIF="bge1" #compartilha..rede interna
set skip on lo0
scrub in all
nat on $EXTIF from !($EXTIF)->($EXTIF:0)
#regras de rdr
rdr on $INTIF inet proto tcp from any to any port www -> 127.0.0.1 port 3128
pass in on $INTIF inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $EXTIF inet proto tcp from any to any port www keep state
pass in quick on { lo0 $INTIF } all
pass out quick on $EXTIF inet proto {tcp,udp} from any to any keep state
#libera ssh e http de fora pra maquina
pass in quick on $EXTIF inet proto tcp to $EXTIF port { http ssh } flags S/SA keep state
#pass out all
pass out quick on $EXTIF inet proto { tcp,udp,icmp} all
All permissions was configured.In /etc/devfs.conf , in /dev/pf..
This is my squid.conf:
Code:
http_port 3128 transparent
cache_mem 1000 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 45000 16 256
maximum_object_size 30000 KB
maximum_object_size_in_memory 40 KB
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/log/squid/squid.pid
memory_pools off
diskd_program /usr/local/squid/diskd
unlinkd_program /usr/local/libexec/squid/unlinkd
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
quick_abort_max 16 KB
quick_abort_pct 95
quick_abort_min 16 KB
request_header_max_size 20 KB
reply_header_max_size 20 KB
request_body_max_size 0 KB
#Defaults:
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl minharede src 192.168.1.0/255.255.255.0
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl NOCACHE url_regex "/usr/local/etc/squid/direto"\?
no_cache deny NOCACHE
acl negapalavra url_regex "/usr/local/etc/squid/proibidos"
acl liberapalavra url_regex "/usr/local/etc/squid/livres"
http_access allow liberapalavra all
http_access deny all
http_access deny negapalavra all
http_access allow minharede
http_access deny all
cache_mgr *@*
cache_effective_user squid
cache_effective_group squid
Thanks.
Orige