[FUG-BR] WARNING: transparent proxying not supported

Rodrigo Calado rodrigocalado em rodrigocalado.com.br
Sexta Dezembro 2 18:16:21 BRST 2011 

Olá,
	Já li diversos fóruns, fiz os ajustes coerentes e a mensagem continua. Vejam os arquivos de configuração:

rc.conf

defaultrouter="186.215.69.177"
gateway_enable="YES"
hostname="fw.gransig.grancursos.com.br"
ifconfig_xl0="inet 186.215.69.182 netmask 255.255.255.248"
ifconfig_xl1="inet 192.168.0.254 netmask 255.255.255.0"

natd.conf

interface xl0
dynamic yes
use_sockets yes
same_ports yes

ipfw

00050 divert 8668 ip from any to any via xl0
00051 skipto 60000 ip from table(15) to any
00060 skipto 60000 ip from 192.168.0.0/24 to 200.201.160.0/20
00061 skipto 60000 ip from 192.168.0.0/24 to 200.201.166.0/24
00062 skipto 60000 ip from 192.168.0.0/24 to 200.201.173.0/24
00063 skipto 60000 ip from 192.168.0.0/24 to 200.201.174.0/24
00064 divert 8668 ip from any to any via xl0
00100 allow tcp from me to any dst-port 80
00101 fwd 127.0.0.1,3128 tcp from any to any dst-port 80
65535 allow ip from any to any

squid.conf

http_port 127.0.0.1:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl SWF urlpath_regex swf
no_cache deny SWF
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 512 KB
logfile_rotate 3
cache_dir ufs /usr/local/squid/cache 2000 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
dns_nameservers 8.8.8.8 8.8.4.4
hosts_file /etc/hosts
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
cache_mgr webmaster em grancursos.com.br
cache_effective_user squid
cache_effective_group squid
visible_hostname fw.gransig.grancursos.com.br
error_directory /usr/local/etc/squid/errors/Portuguese
coredump_dir /usr/local/squid/cache

#>>>>>>>>ACLS Gerais<<<<<<<<<<<<

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#>>>>>>>>>ACLS de Controle<<<<<<<<<<<<<<

acl rede src 192.168.0.0/24 #Rede

acl liberados url_regex -i "/usr/local/squid/web/liberados.sites"

acl administrativo src "/usr/local/squid/web/administrativo"
acl diretoria src "/usr/local/squid/web/diretoria.txt"
acl term_consulta src  "/usr/local/squid/web/term_consulta.txt"
acl consulta_portal url_regex -i  "/usr/local/squid/web/consulta_portal.txt"

# Novas regras acl adicionadas by ROD_NOKEY.

acl spyware url_regex -i "/usr/local/squid/web/spyware.txt" # Lista com dom?nios de spyware.
acl chat url_regex -i "/usr/local/squid/web/chat.txt" # Lista com dom?nios de chat.
acl redirector url_regex -i "/usr/local/squid/web/redirector.txt" # Lista com dom?nios de sites que funcionam como browser.
acl violence url_regex -i "/usr/local/squid/web/violence.txt" # Lista com dom?nios de viol?ncia.
acl warez url_regex -i "/usr/local/squid/web/warez.txt" # Lista com dom?nios de warez, torrents e upfiles.
acl webtv url_regex -i "/usr/local/squid/web/webtv.txt" # Lista com dom?nios de webtv.
acl msn url_regex -i "/usr/local/squid/web/msn.txt" # Lista para bloquear MSN apenas.


# Bloqueio de ICQ
acl bloq_icq req_mime_type -i ^application/x-Icq$

#>>>>>>>>>>Diretivas http_accesss Padrao<<<<<<<<<<

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all
icp_access allow all


#>>>>>>>>>Diretivas http_access Customizadas<<<<<<

# A regra abaixo est? bloqueando todas as listas de dom?nios das regras acl
# e retirando os IP's da secretaria e do call center da rede 192.168.0.0/24.

http_access allow !administrativo !chat !spyware !redirector !violence !warez !bloq_icq !term_consulta rede

http_access allow administrativo liberados

http_access allow term_consulta consulta_portal 

http_access allow all diretoria

http_access deny all

Compilação

# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for squid-3.0.24
_OPTIONS_READ=squid-3.0.24
WITH_SQUID_KERB_AUTH=true
WITHOUT_SQUID_LDAP_AUTH=true
WITH_SQUID_NIS_AUTH=true
WITHOUT_SQUID_SASL_AUTH=true
WITHOUT_SQUID_DELAY_POOLS=true
WITH_SQUID_SNMP=true
WITH_SQUID_CARP=true
WITHOUT_SQUID_SSL=true
WITHOUT_SQUID_PINGER=true
WITHOUT_SQUID_DNS_HELPER=true
WITHOUT_SQUID_HTCP=true
WITHOUT_SQUID_VIA_DB=true
WITHOUT_SQUID_CACHE_DIGESTS=true
WITH_SQUID_WCCP=true
WITHOUT_SQUID_WCCPV2=true
WITHOUT_SQUID_STRICT_HTTP=true
WITH_SQUID_IDENT=true
WITHOUT_SQUID_REFERER_LOG=true
WITHOUT_SQUID_USERAGENT_LOG=true
WITHOUT_SQUID_ARP_ACL=true
WITHOUT_SQUID_IPFW=true
WITHOUT_SQUID_PF=true
WITHOUT_SQUID_IPFILTER=true
WITHOUT_SQUID_ICAP=true
WITHOUT_SQUID_ESI=true
WITHOUT_SQUID_AUFS=true
WITHOUT_SQUID_COSS=true
WITH_SQUID_KQUEUE=true
WITHOUT_SQUID_LARGEFILE=true
WITHOUT_SQUID_STACKTRACES=true
WITHOUT_SQUID_DEBUG=true

Alguma sugestão?

Att.,
Rodrigo Calado.

Mais detalhes sobre a lista de discussão freebsd