FreeBSD 7.0 IPFW SQUID
Добавлено: 2008-08-18 10:44:03
Я понимаю люди что тема заезжанная,но все же кто нибудь помогите плиззззз 
)))Готов быть обматеренным)))
Взял пример конфа IPFW с сайта
поставил squid
Когда пытаюсь выйти в инет , то squid режет ссылки и ругается.....
Аська через раз подключается....
Помогите плиззз
)))Готов быть обматеренным)))Взял пример конфа IPFW с сайта
Код: Выделить всё
FwCMD="/sbin/ipfw -q"
LanOut="vr0" # VNESH
NetOut="85.28.26.0/30" # vnesh LAN
IpOut="85.28.26.78" # vnech IP
LanIn="rl0" # vnut setevuxa
NetIn="192.168.0.0/24" # vnut LAN
ip_lan="192.168.0" # template
# reset all rules
${FwCMD} -f flush
# reset all pipe
${FwCMD} -f pipe flush
# reset queue
${FwCMD} -f queue flush
#Block
# Block L0 go to outside
${FwCMD} add deny ip from any to 127.0.0.0/8
${FwCMD} add deny ip from 127.0.0.0/8 to any
#GIVE traf lo0
${FwCMD} add allow ip from any to any via lo0
# block from vnut set na vnesh set
${FwCMD} add deny ip from ${NetIn} to any in via ${LanOut}
#block from vnesh set in vnut Set
${FwCMD} add deny ip from ${NetOut} to any in via ${LanIn}
# block private LAN
${FwCMD} add deny ip from any to 10.0.0.0/8 in via ${LanOut}
${FwCMD} add deny ip from any to 172.16.0.0/12 in via ${LanOut}
${FwCMD} add deny ip from any to 192.168.0.0/16 in via ${LanOut}
${FwCMD} add deny ip from any to 0.0.0.0/8 in via ${LanOut}
# BLOCK autoconfig LAN
${FwCMD} add deny ip from any to 169.254.0.0/16 in via ${LanOut}
# Block multicast maessage
${FwCMD} add deny ip from any to 224.0.0.0/4 in via ${LanOut}
# Block multicast maessage
${FwCMD} add deny ip from any to 240.0.0.0/4 in via ${LanOut}
# block fragment icmp
${FwCMD} add deny icmp from any to any frag
# block broadcast on vnesh inter
${FwCMD} add deny log icmp from any to 255.255.255.255 in via ${LanOut}
${FwCMD} add deny log icmp from any to 255.255.255.255 out via ${LanOut}
# VSEX to squid
${FwCMD} add fwd 127.0.0.1,3128 all from any to any 80 via ${LanOut}
#${FwCMD} add fwd 192.168.0.2,3128 tcp from ${NetIn} to any 80 via ${LanIn}
# NAT translation
${FwCMD} add divert natd ip from ${NetIn} to any out via ${LanOut}
${FwCMD} add divert natd ip from any to ${IpOut} in via ${LanOut}
#${FwCMD} add divert natd ip from any to any via ${LanOut}
# Block from private lan to vnes set
${FwCMD} add deny ip from 10.0.0.0/8 to any out via ${LanOut}
${FwCMD} add deny ip from 172.16.0.0/12 to any out via ${LanOut}
${FwCMD} add deny ip from 192.168.0.0/16 to any out via ${LanOut}
${FwCMD} add deny ip from 0.0.0.0/8 to any out via ${LanOut}
# block autoconfig LAN
${FwCMD} add deny ip from 169.254.0.0/16 to any out via ${LanOut}
# BLOCK multicast message
${FwCMD} add deny ip from 224.0.0.0/4 to any out via ${LanOut}
# block multicast message
${FwCMD} add deny ip from 240.0.0.0/4 to any out via ${LanOut}
# some types of icmp packets
${FwCMD} add allow icmp from any to any icmptypes 0,8,11
# OPEN vnut traf on vnut int(vhod)
${FwCMD} add allow ip from any to ${NetIn} in via ${LanIn}
# OPEN vnut traf on vnut int(vixod)
${FwCMD} add allow ip from ${NetIn} to any out via ${LanIn}
# give tcp-pack on open connect
${FwCMD} add allow tcp from any to any established
# DNS
${FwCMD} add allow udp from any to ${IpOut} 53 in via ${LanOut}
${FwCMD} add allow udp from ${IpOut} 53 to any out via ${LanOut}
${FwCMD} add allow udp from any 53 to ${IpOut} in via ${LanOut}
${FwCMD} add allow udp from ${IpOut} to any 53 out via ${LanOut}
# UDP (tim sync - 123 port)
${FwCMD} add allow udp from any to any 123 via ${LanOut}
# ok from out connect to 53 port (TCP DNS)
${FwCMD} add allow tcp from any to ${IpOut} 53 in via ${LanOut} setup
# k from out connect to 80 port - if we have www server on your car
${FwCMD} add allow tcp from any to ${IpOut} 80 in via ${LanOut} setup
# k from out connect to 20,21 port - for active FTP
${FwCMD} add allow tcp from any to ${IpOut} 20,21 in via ${LanOut} setup
# EMAIL
${FwCMD} add allow tcp from any to ${IpOut} 25 in via ${LanOut} setup
# SSH
${FwCMD} add allow tcp from any to ${IpOut} 22 in via ${LanOut} setup
# open from vnesh sreda 20,21 port - for active FTP
${FwCMD} add allow tcp from any to ${IpOut} 20,21 in via ${LanOut} setup
# passive FTP
# DLY uznavaniy potrantaga, go to
# /usr/home/lissyara/>sysctl net.inet.ip.portrange.firt
# net.inet.ip.portrange.first: 49152
# /usr/home/lissyara/>sysctl net.inet.ip.portrange.last
# net.inet.ip.portrange.last: 65535
# You can do like this, but need like this
#${FwCMD} add allow tcp from any to ${IpOut} \
#`sysctl net.inet.ip.portrange.first | awk '{print $2}'`-\
#`sysctl net.inet.ip.portrange.last | awk '{print $2}'` via ${LanOut}
${FwCMD} add allow tcp from any to ${IpOut} 49152-65535 via ${LanOut}
# COUNTER-STRIKE (No commments :))
#${FwCMD} add allow udp from any 27015-27025 to ${NetIn} in via ${LanOut}
#${FwCMD} add allow udp from any 27015-27025 to ${NetIn} out via ${LanIn}
#${FwCMD} add allow udp from ${NetIn} to any 27015-27025 in via ${LanIn}
#${FwCMD} add allow udp from ${IpOut} to any 27015-27025 out via ${LanOut}
# Block All and add to logs
${FwCMD} add deny log tcp from any to ${IpOut} in via ${LanOut} setup
${FwCMD} add allow tcp from ${IpOut} to any out via ${LanOut} setup
${FwCMD} add allow tcp from any to ${IpOut} in via ${LanIn} setup
########### BEGIN USERS ###############################
# (ICQ)
${FwCMD} add allow tcp from ${NetIn} to any 5190 in via ${LanIn} setup
# Пользователи которым разрешён инет
${FwCMD} add allow tcp from ${ip_lan}.1 to not ${NetIn} in via ${LanIn} setup
${FwCMD} add allow tcp from ${ip_lan}.2 to not ${NetIn} in via ${LanIn} setup
${FwCMD} add allow tcp from ${ip_lan}.3 to not ${NetIn} in via ${LanIn} setup
${FwCMD} add allow tcp from ${ip_lan}.49 to not ${NetIn} in via ${LanIn} setup
############# END USERS #################################
${FwCMD} add deny ip from any to any
Код: Выделить всё
http_port 3128
icp_port 0
cache_mem 100 MB
maximum_object_size 16384 KB
cache_dir ufs /var/squid/cache 100 16 256
cache_access_log /var/squid/logs/acess.log
cache_store_log /var/squid/logs/store.log
acl localnet dst 192.168.0.0/24
acl tema src 192.168.0.3
acl all src 0.0.0.0/0.0.0.0
http_access allow tema
http_access deny all
то сам браузер говорит что заданный узел недоступен..(((Емае...ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: /pnews/119068/i/163/0/r/
The following error was encountered:
Invalid URL
Some aspect of the requested URL is incorrect. Possible problems:
Missing or incorrect access protocol (should be `http://'' or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed
Your cache administrator is webmaster.
Generated Mon, 18 Aug 2008 14:09:58 GMT by GATE.OOMIISERVER.LOCAL (squid/3.0.RC1+PatchSets-20071001)
Аська через раз подключается....
Помогите плиззз
Хоть по почте)))
ты как на проксю ходишь? через какой порт?