Уважаемый!
Совсем уже замучился, перерыл весь форум, перепробовал все советы - не помогает (мож руки не оттуда растут...), проблема вот в чем - поставил squid 2.5, настроил на ntlm уатентификацию через samba 2.2.8 на этой же машине, поставил natd и ipfw, так как понабилось пускать почту, аську, фтп и т.д и началось...решил настроить форвардинг www - запросов на сквид, чтоб пользователи ходили в инет только через сквид, прописал в конфиге ipfw:
${fwcmd} add fwd 127.0.0.1,80 tcp from any to 10.0.0.10 80
^^^^^^^^^^^^^^^ есть thttpd
${fwcmd} add fwd 10.0.0.10,3128 tcp from any to any 80,81,443,8000,8080,8100
в настройках сквида прописал:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
ни почта, ни аська, ни фтп , ни т.д и т.п. не работают, и сквид в инет не пускает: пишет доступ запрещен, правда к локальному www - серверу обращаться можно...
Хотелось бы услышать советы по данному вопросу, привожу свой конфиг ipfw, может кто скажет в чем дело или предложит свой рабочий конфиг:
fwcmd="/sbin/ipfw -q"
${fwcmd} -f flush
oif="xl0"
onet="192.168.1.0"
omask="255.255.255.0"
oip="192.168.1.1"
iif="xl1"
inet="10.0.0.0"
imask="255.255.255.0"
iip="10.0.0.1"
${fwcmd} add 1 check-state
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
# Allow IP fragments to pass through
${fwcmd} add deny icmp from any to any frag
${fwcmd} add pass icmp from any to any via ${oif}
${fwcmd} add pass tcp from any to any 113 in via ${iif} setup keep-state
# ${fwcmd} add pass tcp from any to any keep-state
# ${fwcmd} add pass udp from any to any
# Stop spoofing
# ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
# ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
${fwcmd} add fwd 127.0.0.1,80 tcp from any to 10.0.0.1 80
${fwcmd} add fwd 10.0.0.1,3128 tcp from any to any 80,81,443,8000,8080,8100
${fwcmd} add divert natd all from ${inet}:${imask} to any out via ${oif}
${fwcmd} add divert natd all from any to ${oip}
${fwcmd} add pass tcp from any to any established
${fwcmd} add pass tcp from any to any setup
${fwcmd} add pass tcp from any to any in via lo0 setup keep-state
${fwcmd} add pass udp from any to any in via lo0 keep-state
${fwcmd} add pass ip from any to any in via lo0
${fwcmd} add pass tcp from any to any in via ${iif} setup keep-state
${fwcmd} add pass udp from any to any in via ${iif} keep-state
${fwcmd} add pass ip from any to any in via ${iif}
${fwcmd} add pass tcp from any to any in via ${oif} setup keep-state
${fwcmd} add pass udp from any to any in via ${oif} keep-state
${fwcmd} add pass ip from any to any in via ${oif}
# Allow setup of incoming email
${fwcmd} add pass tcp from any to ${oip} 25 setup
${fwcmd} add pass tcp from ${oip} to any 25
${fwcmd} add pass tcp from any to ${oip} 110 setup
${fwcmd} add pass tcp from ${oip} to any 110
# ${fwcmd} add deny udp from ${inet}:${imask} to in.icq.com
# Allow DNS queries out in the world
${fwcmd} add pass tcp from any to any 53 keep-state
${fwcmd} add pass udp from any to any 53 keep-state
${fwcmd} add pass udp from any 53 to any keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${oip} to any 123 keep-state
${fwcmd} add pass udp from ${oip} to any 119 keep-state
${fwcmd} add pass tcp from ${inet}:${imask} to ${iip} 139
${fwcmd} add pass udp from ${inet}:${imask} to ${iip} 137,138
${fwcmd} add pass tcp from ${iip} 139 to ${inet}:${imask}
${fwcmd} add pass udp from ${iip} 137,138 to ${inet}:${imask}
# Reject& all setup of incoming connections from the outside
${fwcmd} add deny log tcp from any to any
а может быть не мучаться с ipfw+nat и поставить какой-нибудь socks прокси?
Вариант для распечатки
Настройка Squid и других прокси серверов (Public)
on
20-Май-03, 07:49 (MSK)
