Problemas con squid3 y raptorcache no redirecciona correctamente

Publicado por mfefrain, Noviembre 04, 2015, 07:27:15 AM

Tema anterior - Siguiente tema

mfefrain

Hola buenas tengo el raptor funcionando en gateway pero al parecer esta presentando problemas al redirigir al squid
me aparece el mensaje de error del squid
aqui les adjunto el squid y el firewall y tambien pego el codigo que uso espero vuestra ayuda y en que estoy fallando y otro problema tmb esque no puedo limpiar la cache de raptor no funciona el /etc/raptor/./clean 0.


####################FIREWALL simple#######################

#!/bin/bash
##Cortafuegos debian wheezy
######################################################
#=====Script iptables=====#
######################################################
server="192.162.4.44"
port="3128"
wan="eth0"
lan1="eth1"
vlan1="eth1:1"
vlan1_2="eth1:2"
lan2="eth2"
vlan2="eth2:1"

#Limpiar Filtros, tablas NAT y tablas MANGLE
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
#Zerro all packet
iptables -Z
iptables -t nat -Z
iptables -t mangle -Z
iptables -t filter -F
iptables -t filter -X
# Cargamos modulos necesarios
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_tables
modprobe ipt_limit
modprobe ipt_LOG


# Estableciendo politicas Accept por defecto
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
echo 1 >/proc/sys/net/ipv4/ip_forward


#Habilitamos algunos puertos
iptables -I FORWARD -p tcp --dport 82 -j ACCEPT
iptables -I FORWARD -p tcp --dport 110 -j ACCEPT
iptables -I FORWARD -p tcp --dport 2525 -j ACCEPT
iptables -I FORWARD -p tcp --dport 53 -j ACCEPT
iptables -I FORWARD -p udp --dport 53 -j ACCEPT
iptables -I FORWARD -p ICMP -j ACCEPT
iptables -I FORWARD -p tcp --dport 22 -j ACCEPT
iptables -I FORWARD -p udp --dport 22 -j ACCEPT

iptables -I FORWARD -p tcp --dport 135:139 -j ACCEPT
iptables -I FORWARD -p udp --dport 135:139 -j ACCEPT
iptables -I FORWARD -p tcp --dport 445 -j ACCEPT

####iptables -t filter -A FORWARD -s 192.168.0.0/24 -j ACCEPT
##--------------------------##
iptables -A FORWARD -i $lan1 -j ACCEPT
iptables -A FORWARD -i $lan2 -j ACCEPT
iptables -A FORWARD -i $vlan1 -j ACCEPT
iptables -A FORWARD -i $vlan2 -j ACCEPT
iptables -A INPUT -i $lan1 -j ACCEPT
iptables -A OUTPUT -o $lan1 -j ACCEPT
iptables -A INPUT -i $lan2 -j ACCEPT
iptables -A OUTPUT -o $lan2 -j ACCEPT
iptables -A INPUT -i $vlan1 -j ACCEPT
iptables -A OUTPUT -o $vlan1 -j ACCEPT
iptables -A INPUT -i $vlan2 -j ACCEPT
iptables -A OUTPUT -o $vlan2 -j ACCEPT






echo "Redireccionamiento de trafico a squid"
#REDIRECCIONAMOS PUERTO 80 AL 3128
##Redireccion de puertos
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -o eth1 -j ACCEPT
iptables -A FORWARD -i eth2 -j ACCEPT
iptables -A FORWARD -o eth2 -j ACCEPT

iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p udp --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.6:80
#iptables -t nat -A PREROUTING -i eth0 -p udp --dport 80 -j DNAT --to-destination 192.168.1.6:80

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -i $lan1 -p tcp --dport 80 -j REDIRECT --to-port $port
iptables -t nat -A PREROUTING -s 192.168.15.0/24 -i $vlan1 -p tcp --dport 80 -j REDIRECT --to-port $port
iptables -t nat -A PREROUTING -s 192.3.3.0/24 -i $vlan1_2 -p tcp --dport 80 -j REDIRECT --to-port $port
iptables -t nat -A PREROUTING -s 192.168.33.0/24 -i $lan2 -p tcp --dport 80 -j REDIRECT --to-port $port
iptables -t nat -A PREROUTING -s 192.168.20.0/24 -i $vlan2 -p tcp --dport 80 -j REDIRECT --to-port $port


echo "Firewall terminado"
iptables -t nat -A POSTROUTING -s 192.168.33.0/24 -o $wan -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -o $wan -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -o $wan -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o $wan  -j MASQUERADE


############SQUID COnf#############

#=====================================================================#
#                           Squid 3.x Conf                            #
#=====================================================================#
http_port 3128 intercept
visible_hostname raptor.os
icp_port 0
#----------------------------------------------------------------------
acl google url_regex -i (googlevideo.com|www.youtube.com)
acl mobile browser -i regexp (iPhone|iPad|Windows.*Phone|BlackBerry|PlayBook|Trident|IEMobile)
request_header_access User-Agent deny google !mobile
request_header_replace User-Agent Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
#----------------------------------------------------------------------
#error_directory /usr/share/squid3/errors/Spanish/
#----------------------------------------------------------------------
acl blacklist url_regex -i "/etc/squid3/blacklist.lst"
#----------------------------------------------------------------------
# Servidor DNS y Politica de Cambios
#----------------------------------------------------------------------
dns_nameservers 200.48.0.50 4.2.2.2
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
#----------------------------------------------------------------------
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl CONNECT method CONNECT

acl Safe_ports port 80 23 82 84 86 107 992 7777 8080 11000 20558 21407 # http
acl Safe_ports port 970 980 990 1040 1060 20101 # siaf
acl Safe_ports port 443 1000 2096 2083 # https
acl SSL_ports port 443 10000 2096 2083 # https

##Inicio reglas
acl extensiones urlpath_regex "/etc/squid3/extensiones"

acl jefes src "/etc/squid3/grupos/jefes"
acl informatica src "/etc/squid3/grupos/informatica"
acl logistica src "/etc/squid3/grupos/logistica"
acl otros src "/etc/squid3/grupos/otros"
acl rpp src "/etc/squid3/grupos/rpp"
acl siaf src "/etc/squid3/grupos/siaf"
acl pornografia dstdomain -i "/etc/squid3/pornografia.lst"
acl redessociales1 dstdomain "/etc/squid3/redessociales.lst"
acl redessociales2 url_regex -i "/etc/squid3/listas/redessociales2"
acl libre src "/etc/squid3/grupos/libre"
acl antenas src "/etc/squid3/grupos/antenas"
acl palabras_denegadas url_regex "/etc/squid3/listas/palabras_denegadas"
acl adultos1 url_regex -i "/etc/squid3/listas/adultos1"
acl adultos2 dstdomain "/etc/squid3/listas/adultos2"
acl audios1 url_regex "/etc/squid3/listas/audios1"
acl audios2 dstdomain "/etc/squid3/listas/audios2"
acl videos1 dstdomain "/etc/squid3/listas/videos1"
acl videos2 url_regex "/etc/squid3/listas/videos2"
acl rocobamba src "/etc/squid3/listas/rocobamba"

##Fin
#http_access deny all
#----------------------------------------------------------------------
coredump_dir /var/spool/squid3
#----------------------------------------------------------------------
# Log de acessos
#----------------------------------------------------------------------
logfile_rotate 7
access_log /var/log/squid3/access.log
access_log /var/log/squid3/error.log
cache_store_log none
#----------------------------------------------------------------------
# Otras configuraciones
#----------------------------------------------------------------------
cache_mgr raptor.os
shutdown_lifetime 2 seconds
half_closed_clients off



server_persistent_connections off
client_persistent_connections off
log_fqdn off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
max_filedescriptors 65536
#----------------------------------------------------------------------
#----------------------------------------------------------------------
#cache deny all
#----------------------------------------------------------------------
acl sys_lst url_regex -i "/etc/raptor/sys.lst"
acl raptor_lst url_regex -i "/etc/raptor/raptor.lst"
acl wth_lst url_regex -i "/etc/raptor/whitelist.lst"
acl host_googlevideo req_header Host -i (.*-.*\.googlevideo\.com|\.youtube\.com|\.ytimg.com)
acl exts url_regex -i \.(cab|exe|msi|msu|zip|deb|rpm|bz|bz2|gz|tgz|rar|bin|7z|mp3|mp4|flv)$
acl head_html req_header Accept -i text/html.+
acl slgonzaga src "/etc/squid3/listas/slgonzaga"
acl administrador src "/etc/squid3/grupos/administrador"
#http_access deny blacklist
http_access allow manager localhost
http_access deny manager all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access allow administrador
http_access allow informatica
http_access allow siaf
http_access allow jefes !extensiones
http_access allow libre !extensiones
http_access allow slgonzaga !adultos1 !adultos2
http_access allow rpp !extensiones !adultos1 !adultos2

cache deny raptor_lst
cache_peer 192.162.4.44 parent 8080 0 proxy-only no-digest

dead_peer_timeout 2 seconds
cache_peer_access 192.162.4.44 allow host_googlevideo
cache_peer_access 192.162.4.44 allow exts
cache_peer_access 192.162.4.44 deny head_html
cache_peer_access 192.162.4.44 deny wth_lst
cache_peer_access 192.162.4.44 allow raptor_lst
cache_peer_access 192.162.4.44 allow sys_lst
cache_peer_access 192.162.4.44 deny all

cache deny all
#----------------------------------------------------------------------
cache_effective_user proxy
cache_effective_group proxy