Valdir Duarte

Fala galera. Preciso de um help aqui com mue squid. Fiz todas as configurações possiveis do squid, e quando tento configurar o proxy transparent a maquina cliente simplesmente não navega, Gostaria de um help para que me ajudem a detectar o erro. a principio achei que o erro estava nas configurações do iptables, porém esta tudo ok com estas O mesmo ocorre com a configuração de proxy automático. Esse simplesmente não funciona na maquina cliente. segue a configuração do squid, iptables e dhcp: ############SQUID######################## http_port 3128 intercept #ERROLOG error_directory /usr/share/squid3/errors/Portuguese #HOSTNAME visible_hostname SERVIDOR #E-MAIL cache_mgr [email protected] #USUÁRIO E GRUPO DOS ARQUIVOS E PROCESSOS DO SERVIÇO cache_effective_user proxy #ACESSO LOG cache_log /var/log/squid3/cache.log #DECLARAÇÃO DE ACLS PARA LIBERAÇÃO DE PORTAS acl rede_local src 192.168.1.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl purge method PURGE acl CONNECT method CONNECT http_access allow rede_local # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager http_access deny all cache_swap_high 95 cache_swap_low 90 #CACHE SQUID cache_mem 256 MB ########COMPARTILHAMENTO IPTABLES############ #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -F iptables -t mangle -F modprobe ip_tables modprobe iptable_nat echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A INPUT -p icmp --icmp-type echo-request -j DROP echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --syn -j DROP iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -i 192.168.1.1/24 -p tcp --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -i 192.168.1.1/24 -p tcp --dport 443 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128 #/etc/init.d/compartilhar start #sh /etc/init.d/compartilhar.sh exit 0 ##########DHCP############ # # Sample configuration file for ISC dhcpd for Debian # # $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $ # # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # option definitions common to all supported networks... option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. #subnet 10.152.187.0 netmask 255.255.255.0 { #} # This is a very basic subnet declaration. #subnet 10.254.239.0 netmask 255.255.255.224 { # range 10.254.239.10 10.254.239.20; # option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; #} # This declaration allows BOOTP clients to get dynamic addresses, # which we don't really recommend. #subnet 10.254.239.32 netmask 255.255.255.224 { # range dynamic-bootp 10.254.239.40 10.254.239.60; # option broadcast-address 10.254.239.31; # option routers rtr-239-32-1.example.org; #} # A slightly different configuration for an internal subnet. #subnet 10.5.5.0 netmask 255.255.255.224 { # range 10.5.5.26 10.5.5.30; # option domain-name-servers ns1.internal.example.org; # option domain-name "internal.example.org"; # option routers 10.5.5.1; # option broadcast-address 10.5.5.31; # default-lease-time 600; # max-lease-time 7200; #} # Hosts which require special configuration options can be listed in # host statements. If no address is specified, the address will be # allocated dynamically (if possible), but the host-specific information # will still come from the host declaration. #host passacaglia { # hardware ethernet 0:0:c0:5d:bd:95; # filename "vmunix.passacaglia"; # server-name "toccata.fugue.com"; #} # Fixed IP addresses can also be specified for hosts. These addresses # should not also be listed as being available for dynamic assignment. # Hosts for which fixed IP addresses have been specified can boot using # BOOTP or DHCP. Hosts for which no fixed address is specified can only # be booted with DHCP, unless there is an address range on the subnet # to which a BOOTP client is connected which has the dynamic-bootp flag # set. #host fantasia { # hardware ethernet 08:00:07:26:c0:a5; # fixed-address fantasia.fugue.com; #} # You can declare a class of clients and then do address allocation # based on that. The example below shows a case where all clients # in a certain class get addresses on the 10.17.224/24 subnet, and all # other clients get addresses on the 10.0.29/24 subnet. #class "foo" { # match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; #} #shared-network 224-29 { # subnet 10.17.224.0 netmask 255.255.255.0 { # option routers rtr-224.example.org; # } # subnet 10.0.29.0 netmask 255.255.255.0 { # option routers rtr-29.example.org; # } # pool { # allow members of "foo"; # range 10.17.224.10 10.17.224.250; # } # pool { # deny members of "foo"; # range 10.0.29.10 10.0.29.230; # } #} # # Default LTSP dhcpd.conf config file. # authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.248; option domain-name "example.com"; option domain-name-servers 192.168.1.1; option broadcast-address 192.168.1.255; option routers 192.168.1.1; next-server 192.168.1.1; # get-lease-hostnames true; option subnet-mask 255.255.255.0; } #PROXY AUTOMATICO option wpad-url code 252 = text; option wpad-url "http://192.168.1.1/wpad.dat\n";

O serviço isc-dhcp-server simplesmente não sobe. Ja verifiquei os arquivos de configuração e não encontrei nada que possa ocasionar o erro. Ao reiniciar o serviço me aparece a seguinte mensagem: Active: failed (Result: exit-code) since Fri 2017-05-12 19:13:28 -03; 20s ago Docs: man:systemd-sysv-generator(8) Process: 3992 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=1/FAILURE) Segue abaixo as configurações dos arquivos isc-dhcp-server e em seguida dhcpd.conf. #######################ISC DHCP SERVER################################ # Defaults for isc-dhcp-server initscript # sourced by /etc/init.d/isc-dhcp-server # installed at /etc/default/isc-dhcp-server by the maintainer scripts # # This is a POSIX shell fragment # # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). DHCPD_CONF=/etc/dhcp/dhcpd.conf # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). DHCPD_PID=/var/run/dhcpd.pid # Additional options to start dhcpd with. # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead OPTIONS="DHCPD_CONF" # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="eth0" ## SubNet home.lan subnet 192.168.80.0 netmask 255.255.255.0 { range 192.168.80.15 192.168.80.63; option routers 192.168.80.1; option broadcast-address 192.168.80.255; # option definitions common to all supported networks... option domain-name "home.lan"; option domain-name-servers 192.168.80.100, 192.168.80.1; next-servers 192.168.80.1 option subnet-mask 255.255.255.0 } ## Proxy auto configuration option wpad code 252 = text; option wpad "http://192.168.80.1/var/www/wpad.dat"; ##############################DHCP.CONF############################### # # Sample configuration file for ISC dhcpd for Debian # # # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # option definitions common to all supported networks... option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. #subnet 10.152.187.0 netmask 255.255.255.0 { #} # This is a very basic subnet declaration. #subnet 10.254.239.0 netmask 255.255.255.224 { # range 10.254.239.10 10.254.239.20; # option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; #} # This declaration allows BOOTP clients to get dynamic addresses, # which we don't really recommend. #subnet 10.254.239.32 netmask 255.255.255.224 { # range dynamic-bootp 10.254.239.40 10.254.239.60; # option broadcast-address 10.254.239.31; # option routers rtr-239-32-1.example.org; #} # A slightly different configuration for an internal subnet. #subnet 10.5.5.0 netmask 255.255.255.224 { # range 10.5.5.26 10.5.5.30; # option domain-name-servers ns1.internal.example.org; # option domain-name "internal.example.org"; # option routers 10.5.5.1; # option broadcast-address 10.5.5.31; # default-lease-time 600; # max-lease-time 7200; #} # Hosts which require special configuration options can be listed in # host statements. If no address is specified, the address will be # allocated dynamically (if possible), but the host-specific information # will still come from the host declaration. #host passacaglia { # hardware ethernet 0:0:c0:5d:bd:95; # filename "vmunix.passacaglia"; # server-name "toccata.fugue.com"; #} # Fixed IP addresses can also be specified for hosts. These addresses # should not also be listed as being available for dynamic assignment. # Hosts for which fixed IP addresses have been specified can boot using # BOOTP or DHCP. Hosts for which no fixed address is specified can only # be booted with DHCP, unless there is an address range on the subnet # to which a BOOTP client is connected which has the dynamic-bootp flag # set. #host fantasia { # hardware ethernet 08:00:07:26:c0:a5; # fixed-address fantasia.fugue.com; #} # You can declare a class of clients and then do address allocation # based on that. The example below shows a case where all clients # in a certain class get addresses on the 10.17.224/24 subnet, and all # other clients get addresses on the 10.0.29/24 subnet. #class "foo" { # match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; #} #shared-network 224-29 { # subnet 10.17.224.0 netmask 255.255.255.0 { # option routers rtr-224.example.org; # } # subnet 10.0.29.0 netmask 255.255.255.0 { # option routers rtr-29.example.org; # } # pool { # allow members of "foo"; # range 10.17.224.10 10.17.224.250; # } # pool { # deny members of "foo"; # range 10.0.29.10 10.0.29.230; # } #} ## SubNet home.lan subnet 192.168.80.0 netmask 255.255.255.0 { range 192.168.80.15 192.168.80.63; option routers 192.168.80.1; option broadcast-address 192.168.80.255; # option definitions common to all supported networks... option domain-name "home.lan"; option domain-name-servers 192.168.80.100, 192.168.80.1; next-servers 192.168.80.1 option subnet-mask 255.255.255.0 } #################################################################### Por favor, se encontrarem algum erro que possa esta ocasionando esse problema me apontem, para correção. erro dhcp.rar

Simplesmente, não consigo entregar a carga e concluir a viagem. Como ta na foto, estacione certinho na vaga, mas a carga não "estaciona" e a todo tempo "cai" ao da ré. Queria saber o que posso fazer pra resolver isso ai. Help Please!