Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-es (1343 mails)

< Previous Next >
Re: [suse-linux-s] Squid con autentificacion
  • From: "Edwin Quijada" <listas_quijada@xxxxxxxxxxx>
  • Date: Thu, 06 Jan 2005 14:08:23 +0000
  • Message-id: <BAY1-F373BF56CBDE1DFF72324C5E3930@xxxxxxx>
MIra este es mi archivo de conf. Me gustaria saber si con este todo el trafico esta pasando por el proxy y sino pasa que no entre a internet. Si te das cuenta soy novato en esta cosa y talvez mi conf no este lo mejor pero lo he hecho con todo lo que he encontrado en internet.

Tambien te envio mi log cache
Gracias por la ayuda!


# -CONFIGURACION DE SQUID-
# NETWORK OPTIONS
http_port 10.0.1.1:3128
http_port 10.0.1.1:8080


#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


# OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 16 MB
cache_dir ufs /usr/local/squid/var/cache 400 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log

# -ACELERANDO EL USO DE LA CACHE DE SQUID -
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on

#
log_ip_on_direct off

#Recommended minimum configuration:
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

#ACL - Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl mi_red src 10.0.1.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl ncsa_users proxy_auth REQUIRED
#acl password proxy_auth REQUIRED
#
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow ncsa_users
http_access allow localhost
#http_access allow mi_red password
http_access deny !Safe_ports
http_access deny all

=====================================================
2005/01/05 13:09:21| Starting Squid Cache version 2.5.STABLE7 for i586-pc-linux-gnu...
2005/01/05 13:09:21| Process ID 5627
2005/01/05 13:09:21| With 1024 file descriptors available
2005/01/05 13:09:21| Performing DNS Tests...
FATAL: ipcache_init: DNS name lookup tests failed.
Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
CPU Usage: 0.032 seconds = 0.016 user + 0.016 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 263
2005/01/05 13:09:50| Starting Squid Cache version 2.5.STABLE7 for i586-pc-linux-gnu...
2005/01/05 13:09:50| Process ID 5635
2005/01/05 13:09:50| With 1024 file descriptors available
2005/01/05 13:09:50| Performing DNS Tests...
FATAL: ipcache_init: DNS name lookup tests failed.
Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
CPU Usage: 0.027 seconds = 0.014 user + 0.013 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 262
2005/01/05 13:09:53| Starting Squid Cache version 2.5.STABLE7 for i586-pc-linux-gnu...
2005/01/05 13:09:53| Process ID 5637
2005/01/05 13:09:53| With 1024 file descriptors available
2005/01/05 13:09:53| Performing DNS Tests...
FATAL: ipcache_init: DNS name lookup tests failed.
Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
CPU Usage: 0.026 seconds = 0.017 user + 0.009 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 262
2005/01/05 13:09:56| Starting Squid Cache version 2.5.STABLE7 for i586-pc-linux-gnu...
2005/01/05 13:09:56| Process ID 5639
2005/01/05 13:09:56| With 1024 file descriptors available
2005/01/05 13:09:56| Performing DNS Tests...
FATAL: ipcache_init: DNS name lookup tests failed.
Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
CPU Usage: 0.026 seconds = 0.010 user + 0.016 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 262
2005/01/05 13:09:59| Starting Squid Cache version 2.5.STABLE7 for i586-pc-linux-gnu...
2005/01/05 13:09:59| Process ID 5641
2005/01/05 13:09:59| With 1024 file descriptors available
2005/01/05 13:09:59| Performing DNS Tests...
FATAL: ipcache_init: DNS name lookup tests failed.
Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
CPU Usage: 0.026 seconds = 0.012 user + 0.014 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 262
2005/01/05 13:10:02| Starting Squid Cache version 2.5.STABLE7 for i586-pc-linux-gnu...
2005/01/05 13:10:02| Process ID 5643
2005/01/05 13:10:02| With 1024 file descriptors available
2005/01/05 13:10:02| Performing DNS Tests...
FATAL: ipcache_init: DNS name lookup tests failed.
Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
CPU Usage: 0.027 seconds = 0.011 user + 0.016 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 262

*-------------------------------------------------------*
*-Edwin Quijada
*-Developer DataBase
*-JQ Microsistemas
*-809-747-2787
* " Si deseas lograr cosas excepcionales debes de hacer cosas fuera de lo comun"
*-------------------------------------------------------*



From: "Eduardo J. Vega A" <edvega@xxxxxxxxxxx>
To: suse-linux-s@xxxxxxxx
Subject: Re: [suse-linux-s] Squid con autentificacion
Date: Wed, 05 Jan 2005 20:08:07 -0600



Lo que tienes que tener en cuenta es el bloqueo del trafico hacia Internet de modo que unicamente el Servidor Proxy lo pueda hacer, asi consigues que nadie mas pueda salir a internet, si no es a traves del Proxy. Luego configuras en los navegadores el acceso a Internet a traves del proxy.



No caeria mal que dijeras que estas viendo en el log de squid, para verificar si hay algun error o no, o que copies algunas de las lineas de la config de squid. en la que indicas el metodo de autenticacion para poder ayudarte mas.

Tambien, si tienes un Proxy Transparente te ahorras el tener que ver como bloqueas todo el resto del trafico hacia internet... es mas.. en el mismo proxy es posible que a travez de IPTABLES hagas la funcionalidad de Firewall sin necesidad de tener esto en el Enrutador...

--ed


--
Para dar de baja la suscripción, mande un mensaje a:
suse-linux-s-unsubscribe@xxxxxxxx
Para obtener el resto de direcciones-comando, mande
un mensaje a:
suse-linux-s-help@xxxxxxxx



_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: http://messenger.latam.msn.com/


< Previous Next >
Follow Ups
References