SQUID www.sii.cl

OLIVAREZ COTAL JOSE LUIS joolivar en ing.uchile.cl
Jue Nov 25 18:39:53 CLST 2004 

Que esta mal ya que no puedo hacer que squid navege por www.sii.cl en 
forma segura esta configurado con

%configure \
    --exec_prefix=/usr \
    --bindir=%{_sbindir} \
    --libexecdir=%{_libdir}/squid \
    --localstatedir=/var \
    --sysconfdir=/etc/squid \
    --enable-poll \
    --enable-snmp \
    --enable-removal-policies="heap,lru" \
    --enable-storeio="aufs,coss,diskd,null,ufs" \
    --enable-ssl \
    --enable-arp-acl \
    --enable-delay-pools \
    --enable-linux-netfilter \
    --with-pthreads \
    --enable-ntlm-auth-helpers="SMB,winbind" \

--enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_group,winbind_group" 
\
    --enable-auth="basic,ntlm" \
    --with-winbind-auth-challenge \
    --enable-useragent-log \
    --enable-referer-log \
    --disable-dependency-tracking \
    --enable-cachemgr-hostname=localhost \
    --disable-ident-lookups \
    --enable-truncate \
    --enable-underscores \
    --datadir=%{_datadir} \

--enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,winbind" 
de un spec FC2
  , la salida del squid es
192.168.0.161 - - [25/Nov/2004:18:29:24 -0300] "GET 
http://accesos.sii.cl/cert/hit.dll? HTTP/1.1" 200 471 TCP_MISS:DIRECT
192.168.0.161 - - [25/Nov/2004:18:29:27 -0300] "GET 
http://accesos.sii.cl/cert/hit.dll? HTTP/1.1" 200 471 TCP_MISS:DIRECT

Y el Archivo de configuracion
  http_port 3128
  ssl_unclean_shutdown off
  icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
  cache_mem 256 MB
  cache_swap_low 90
  cache_swap_high 95
  cache_dir ufs /var/spool/squid 256 16 256
  cache_access_log /var/log/squid/access.log
  cache_log /var/log/squid/cache.log
  cache_store_log /var/log/squid/store.log
  emulate_httpd_log on
  log_ip_on_direct on
  mime_table /etc/squid/mime.conf
  pid_filename /var/run/squid.pid
  debug_options ALL,1
  ftp_user Squid@
  ftp_sanitycheck on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access allow localhost
icp_access allow all
httpd_accel_host virtual

httpd_accel_port 80 443 8080 19720 19721 10000
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off
  logfile_rotate 10
  icon_directory /usr/share/squid/icons
error_directory /etc/squid/errors
coredump_dir /var/spool/squid
http_access allow Safe_ports
acl ppp arp  La_mac
http_access allow ppp  all
http_access  deny all


La cosa es que quieren controlar el acceso a internet por lo que deje nat 
y trato de usar un proxy transparente
cualquier ayuda se agradece

Más información sobre la lista de distribución Linux