![[banner]](/images/banners/progra.png)
![[banner]](/images/banners/unixro.gif)
![[banner]](/images/banners/undeadly.png)
Redirectionare proxy (squid) pe OpenBSD 3.8
Submitted by ediX on Fri, 02/10/2006 - 18:03.
Am si eu o problema la squid (pf/nat). Mi s-a aprobat cerearea pt. a schimba actualul server de net(dual P1 133/128 RAM) si mi s-a dat un P IV 1,6, 512 RAM, HDD 40 Gb. Pe serverul vechi am RedHat 7.3 si rulez servicii pt. webserver, dns, email si proxy.
Asa ca, pe noul server am instalat OpenBSD 3.8. Nu am facut ca in tutorialul de pe forum, adica sa selectez optiune Kern-developer, am dat pe custom si am selectat singur aplciatiile/pachetele.
Totul a decurs okapa.
Mentionez ca am o singura placa de reatea si am 1 clasa de ip-uri publice noua (81.18.73.1-32), pe linga subretea (192.168.0.0/24), iar ip-ul public de la fibra optica(86.126.134.179) inca este alocat pe serverul vechi. Pe serverul vechi i-am alocat o adresa de ip public din clasa noua, 81.18.73.6 iar ca gateway o adresa de ip publica de la severul vechi (81.18.73.1).
Severul este funcionabil ca routere si gateway, adica la orice statie din retea daca pun ca gateway ipul serverului nou, la aceea statie merge netu' (e rutata pe net).
Am luat squid direct de la sursa, squid-cache.org, si nu din i386/packages . Am compilat si instalat squid pt. portul 8080.
Acum, intrebarea mea este cum redirectionez traficul din reteaua locala 192.168.0.0./24, precum si clasa noua de ip-uri pe portul 8080? :confused:
va atasez continutul fisiereler rc.conf, sysctl.conf. cred ca sint suficiente, daca nu imi spuneti ce mai.
[rc.conf] .... gateway_enable="YES" hostname="lydia.curier.ro" inetd_enable="YES" kern_securelevel_enable="NO" sshd_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="rl0" natd_flags="" named_enable="YES" ifconfig_rl0="inet 81.18.73.6 netmask 255.255.255.192 broadcast 81.18.73.255 up" defaultrouter="81.18.73.1" (ip din clasa noua pe serveru; vechi -> merge ca alias pe aceeasi placa su subnetu')
[sysctl.conf]
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0)
net.inet.tcp.rfc1323=0 # 0=disable TCP RFC1323 extensions (for if tcp is slow)
#net.inet.tcp.rfc3390=1 # 1=Enable RFC3390 for TCP window increasing
net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol
net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol
net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
net.inet.ipcomp.enable=0 # 1=Enable the IPCOMP protocol
net.inet.etherip.allow=0 # 1=Enable the Ethernet-over-IP protocol
net.inet.tcp.ecn=0 # 1=Enable the TCP ECN extension
#ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
#ddb.console=1 # 1=Permit entry of ddb from the console
#fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
#vfs.nfs.iothreads=4 # number of nfsio kernel threads
net.inet.ip.mtudisc=0 # 0=disable tcp mtu discovery
#kern.usercrypto=1 # 1=enable userland use of /dev/crypto
#kern.splassert=2 # 2=enable with verbose error messages
machdep.allowaperture=2 # See xf86(4)
#machdep.apmwarn=10 # battery % when apm status messages enabled
#machdep.apmhalt=1 # 1=powerdown hack, try if halt -p doesn't work
#machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a nice halt
#machdep.userldt=1 # allow userland programs to play with ldt,
# required by some ports
....
restu' sint disable (#)
Am mare nevoie de ajutor. Va multumesc anticipat.
»
- Login to post comments
Redirectionare proxy (squid) pe OpenBSD 3.8
OpenBSD 3.8 nu poate fi instalat cu optiunea Kern-developer, cred ca ai vrut sa te referi la FreeBSD.
Daca folosesti OpenBSD sau FreeBSD este bine sa instalezi Squid din ports sau packages.
Si eu folosesc Squid pe un server OpenBSD, este configurat transparent. Asta inseamna ca cei din reteaua interna il pot utiliza fara sa modifice ceva in browser.
Daca Squid este configurat transparent poti redirectiona traficul din reteaua interna spre portul 8080 cu pf (packet filter):
rdr pass on $int_if proto tcp to port www -> 127.0.0.1 port 8080O descriere mai amanuntita gasesti aici : http://www.benzedrine.cx/transquid.html
Sper ca te-am putut ajuta. Nu sunt mare expert in Squid, il folosesc mai mult pentru a filtra reclame (ad) de pe pagini web.
Ma gandesc sa il desfiintez pentru ca am gasit o modalitate mai buna si mai rapida, sa filtrez prin serverul DNS (BIND).
Redirectionare proxy (squid) pe OpenBSD 3.8
M-a ajutat, merge. Multumesc mult de tot.
Ai dreptate. Am citi tot aici pe forum, cred ca un tutorial de instalare la FreeBSD. M-am zapacit :o ca de 3 zile am tot frunzarit pe forumuri BSD. MI-a kestia ramas aia in cap. Scuze.
N-am instalat din ports/packages pt ca am vurt sa fiu sigur ca instalez io cu optiunile:
./configure --enable-dl-malloc --enable-async-io --enable-useragent-log --enable-kill-parent-hack --enable-arp-acl --enable-cache-digests --enable-htcp --enable-delay-pools --enable-heap-replacement
/* mi-a dat un warn cu filedescriptor 1024 ca tre' sa mares. M-am dus la sursa, adica www, sa citesc despre ce este vb.
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.4
*/
sysctl -a
sysctl -a | more
pstat -T
pstat -T | more
sysctl -a | more
sysctl -w kern.maxfiles=4096
/* parametru asta nu l-am gasit.
sysctl.kern.maxfileperproc
*/
pico configure
./configure --enable-dl-malloc --enable-async-io --enable-useragent-log --enable-kill-parent-hack --enable-arp-acl --enable-cache-digests --enable-htcp --enable-delay-pools --enable-heap-replacement
make && make clean
make install
ca sa fiu sincer m-am uitat pe tutorialul de la pf. am incercat sa fac ceva ca acolo:
[/etc/pf.conf] # $OpenBSD: pf.conf,v 1.29 2005/08/23 02:52:58 henning Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. #ext_if="ext0" #int_if="int0" #table <spamd> persist #table <spamd-white> persist #set skip on { lo $int_if } #scrub in #nat on $ext_if from !($ext_if) -> ($ext_if:0) #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 #rdr pass on $ext_if proto tcp from <spamd> to port smtp # -> 127.0.0.1 port spamd #rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp # -> 127.0.0.1 port spamd #block in #pass out keep state #antispoof quick for { lo $int_if } #pass in on $ext_if proto tcp to ($ext_if) port ssh keep state #pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep state #pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state #pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state #pass in on rl0 from 192.168.0.0/24 #rdr on rl0 proto tcp from any to 81.18.73.6 port 80 -> 81.18.73.6 port 8080 #table <localnet> { 192.168.0.0/24, 81.18.73.0/32 } #block in on rl0 all #pass in on rl0 from <localnet> to any #pass out on rl0 #pass in on rl0 proto tcp from 192.168.0.0/24 to rl0 port 8080 #ext_if="rl0" int_if="lo0" #proxy="81.18.73.6" #localnet = "192.168.0.0/24" #table <spamd> persist #set skip on lo0, rl0 #scrub in on rl0 #block all #antispoof quick for rl0 inet #pass in on rl0 from 192.168.0.0/24 to any #pass out on rl0 from any to 192.168.0.0/24 #pass out on rl0 proto tcp all modulate state flags S/SA #pass out on rl0 proto { udp, icmp } all keep state #rdr on rl0 inet proto tcp from any to 81.18.73.6 port 80 -> 81.18.73.6 port 8080 #nat on rl0 from $localnet to any -> rl0 #pass in all #pas out all rdr pass on $int_if proto tcp to www -> 127.0.0.1 port 8080 pass in all pass out allse pare ca nu am reusit sau poate nu am fost atent. imi tot dadea niste erori, era vb. de o ordine ... si cind te gindesti ca era atit de simplu...
cam atit despre problema mea. multumesc mult de tot. :)
Redirectionare proxy (squid) pe OpenBSD 3.8
esti bine venit!
oricand ai intrebari, poti sa postezi pe forum si incercam sa te ajutam :)