Код: Выделить всё
gw# uname -a
FreeBSD gw.ekaterinburg.ibam.local 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Sat Mar 21 15:14:18 YEKT 2009 root@gw.ekaterinburg.ibam.local:/usr/obj/usr/src/sys/ASD_kernel.2009-21-03 i386
/usr/local/etc/squid/squid.conf
Код: Выделить всё
................................................
#NTLM
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid Proxy-Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
..................................................
# TAG: acl
acl _sams_49d4a2a5998ea proxy_auth "/usr/local/etc/squid/49d4a2a5998ea.sams"
acl _sams_49d4a2a5998ea_time time MTWHFAS 00:00-23:59
acl _sams_49d4a2fe4ddfd proxy_auth "/usr/local/etc/squid/49d4a2fe4ddfd.sams"
acl _sams_49d4a2fe4ddfd_time time MTWHF 08:00-21:00
acl _sams_49d5938394916 proxy_auth "/usr/local/etc/squid/49d5938394916.sams"
acl _sams_49d5938394916_time_1 time 00:00-24:0
acl _sams_49d5938394916_time_2 time 0:0-00:01
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.114.0/255.255.255.0 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
# TAG: http_access
http_access allow _sams_49d4a2a5998ea _sams_49d4a2a5998ea_time
http_access allow _sams_49d4a2fe4ddfd _sams_49d4a2fe4ddfd_time
http_access allow _sams_49d5938394916 _sams_49d5938394916_time_1 _sams_49d5938394916_time_2
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
.....................................................
redirect_program /usr/local/rejik/redirector /usr/local/rejik/redirector.conf
redirect_children 15
..................................................
ftp_passive off
...................................................
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_access 1 allow _sams_49d4a2a5998ea
delay_access 1 deny all
delay_parameters 1 524288/524288 524288/524288
delay_access 2 allow _sams_49d4a2fe4ddfd
delay_access 2 deny all
delay_parameters 2 64000/64000 64000/64000
ipfw list
Код: Выделить всё
00010 allow ip from any to any via lo0
00015 check-state
00020 allow ip from any to any out via re0
00021 allow ip from any to any in via re0
00110 allow tcp from any to IP_DNS1 dst-port 53 out via rl0 setup keep-state
00111 allow udp from any to IP_DNS1 dst-port 53 out via rl0 keep-state
00112 allow tcp from any to IP_DNS2 dst-port 53 out via rl0 setup keep-state
00113 allow udp from any to IP_DNS2 dst-port 53 out via rl0 keep-state
00200 allow tcp from any to any dst-port 80 out via rl0 setup keep-state
00201 allow tcp from any to any dst-port 21 out via rl0 setup keep-state
00220 allow tcp from any to any dst-port 443 out via rl0 keep-state
00240 allow tcp from me to any out via rl0 setup uid root keep-state
00250 allow icmp from any to any out via rl0 keep-state
00280 divert 8668 ip from any to any via rl0
00281 allow tcp from IP_INTERNET 1222 to any out via rl0
00282 allow tcp from any to 192.168.114.222 dst-port 1222
00283 allow tcp from IP_INTERNET 1024 to any out via rl0
00284 allow tcp from any to 192.168.114.204 dst-port 1024
00299 deny log logamount 100 ip from any to any out via rl0
00300 deny ip from 192.168.0.0/16 to any in via rl0
00301 deny ip from 172.16.0.0/12 to any in via rl0
00302 deny ip from 10.0.0.0/8 to any in via rl0
00303 deny ip from 127.0.0.0/8 to any in via rl0
00304 deny ip from 0.0.0.0/8 to any in via rl0
00305 deny ip from 169.254.0.0/16 to any in via rl0
00306 deny ip from 192.0.2.0/24 to any in via rl0
00307 deny ip from 204.152.64.0/23 to any in via rl0
00308 deny ip from 224.0.0.0/3 to any in via rl0
00310 deny icmp from any to any in via rl0
00315 deny tcp from any to any dst-port 113 in via rl0
00320 deny tcp from any to any dst-port 137 in via rl0
00321 deny tcp from any to any dst-port 138 in via rl0
00322 deny tcp from any to any dst-port 139 in via rl0
00323 deny tcp from any to any dst-port 81 in via rl0
00330 deny ip from any to any frag in via rl0
00332 deny tcp from any to any established in via rl0
01499 deny log logamount 100 ip from any to any in via rl0
01999 deny log logamount 100 ip from any to any
65535 deny ip from any to any
access.log
Код: Выделить всё
1239330398.039 0 192.168.114.152 TCP_DENIED/407 2643 GET ftp://ftp.freebsd.org/ - NONE/- text/html
1239330398.055 0 192.168.114.152 TCP_DENIED/407 3005 GET ftp://ftp.freebsd.org/ - NONE/- text/html
Код: Выделить всё
1239330459.101 61038 192.168.114.152 TCP_MISS/000 0 GET ftp://ftp.freebsd.org/ a.dvoryak DIRECT/87.51.34.132 -
Ну и потом в браузере(Mozilla)
В IE авторизация не запрашивается...но и по FTP не пускает...ОШИБКА
Доступ к кэшу запрещён
Во время доставки URL: ftp://ftp.freebsd.org/
Произошла следующая ошибка:
* Доступ к кэшу запрещён
Извините, Вы не можете запросить:
ftp://ftp.freebsd.org/
из этого кэша до тех пор, пока не пройдёте аутентификацию.
Для этого Вам необходим Netscape версии 2.0 либо выше, или Microsoft Internet Explorer 3.0, или HTTP/1.1 совместимый броузер. Пожалуйста свяжитесь с администратором кэша, если у Вас возникли проблемы с аутентификацией, либо смените Ваш пароль по умолчанию.
Generated Fri, 10 Apr 2009 03:56:53 GMT by gw.ekaterinburg.ibam.local (squid/3.0.STABLE13)
