- eth0=192.168.0.2 → placa ligada à rede interna
- eth1=IP_Dinamico → placa ligada à Internet
Instalar Gateway DHCP Server
Instalando pacotes necessários:# apt-get install isc-dhcp-server
Configurações:
# vi /etc/default/isc-dhcp-server
INTERFACES="eth0" #--- Adicionar placa de rede ligada ao DHCP Server
# vi /etc/rc.local
echo 0
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE #--- Placa de rede ligada à Internet
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE #--- Placa de rede ligada à Internet
# vi /etc/dhcp/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
ignore client-updates;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.2;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "dominio.com.br";
subnet 192.168.0.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.0.30 192.168.0.55;
}
host server01_wifi {
hardware ethernet 00:1d:0f:f3:56:48;
fixed-address 192.168.0.2;
}
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
ignore client-updates;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.2;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "dominio.com.br";
subnet 192.168.0.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.0.30 192.168.0.55;
}
host server01_wifi {
hardware ethernet 00:1d:0f:f3:56:48;
fixed-address 192.168.0.2;
}
Depois:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# ifconfig eth0 192.168.0.2 netmask 255.255.255.0
# service isc-dhcp-server start
Instalar Squid no Ubuntu
Instalando pacotes necessários:# apt-get install squid3
Configurações:
# vi /etc/squid3/squid.conf
http_port 3128 transparent
visible_hostname dominio.com.br
cache_mem 256 MB #--Tamanho do cache da RAM usado pelo squid
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid3 2048 16 256
cache_access_log /var/log/squid3/cache.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl manager proto cache_object
acl localhost src 127.0.0.1
acl localnet src 192.168.0.0/24
acl Safe_ports port 80 #http
acl Safe_ports port 21#ftp
acl Safe_ports port 443 563#https,snews
acl Safe_ports port 70#gopher
acl Safe_ports port 210#wais
acl Safe_ports port 280#http-mgmt
acl Safe_ports port 488#gss-http
acl Safe_ports port 591#filemaker
acl Safe_ports port 777#multiling http
acl Safe_ports port 901#swat
acl Safe_ports port 1025-65535#portas altas
acl purge method PURGE
acl CONNECT method CONNECT
acl SSL_ports port 443 563
##ACLS
acl sitesbloqueados url_regex -i "/etc/squid3/regras/dominiosbloqueados"
acl hora_manha time MTWHF 07:00-11:30
acl hora_tarde time MTWHF 14:00-19:00
acl hosts_macaddress arp "/etc/squid3/regras/macaddressbloqueados"
acl redelocal src 192.168.0.0/24
#ACL para bloquear skype
acl acl_url_im_skype url_regex ^((0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5]|[3-9][0-9]{0,1}
)\.){3}(0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5][3-9][0-9]{0,1})(:|/|$\?)
http_access allow manager localhost localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
##Controle de acesso
http_access deny sitesbloqueados hora_manha
http_access deny sitesbloqueados hora_tarde
http_access deny CONNECT acl_url_im_skype
http_access allow localhost
http_access allow redelocal
http_access deny all
# Email do ADM Cache Squid
cache_mgr webmaster usuario@dominio.com.br
error_directory /usr/share/squid3/errors/pt-br
visible_hostname dominio.com.br
cache_mem 256 MB #--Tamanho do cache da RAM usado pelo squid
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid3 2048 16 256
cache_access_log /var/log/squid3/cache.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl manager proto cache_object
acl localhost src 127.0.0.1
acl localnet src 192.168.0.0/24
acl Safe_ports port 80 #http
acl Safe_ports port 21#ftp
acl Safe_ports port 443 563#https,snews
acl Safe_ports port 70#gopher
acl Safe_ports port 210#wais
acl Safe_ports port 280#http-mgmt
acl Safe_ports port 488#gss-http
acl Safe_ports port 591#filemaker
acl Safe_ports port 777#multiling http
acl Safe_ports port 901#swat
acl Safe_ports port 1025-65535#portas altas
acl purge method PURGE
acl CONNECT method CONNECT
acl SSL_ports port 443 563
##ACLS
acl sitesbloqueados url_regex -i "/etc/squid3/regras/dominiosbloqueados"
acl hora_manha time MTWHF 07:00-11:30
acl hora_tarde time MTWHF 14:00-19:00
acl hosts_macaddress arp "/etc/squid3/regras/macaddressbloqueados"
acl redelocal src 192.168.0.0/24
#ACL para bloquear skype
acl acl_url_im_skype url_regex ^((0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5]|[3-9][0-9]{0,1}
)\.){3}(0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5][3-9][0-9]{0,1})(:|/|$\?)
http_access allow manager localhost localnet
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
##Controle de acesso
http_access deny sitesbloqueados hora_manha
http_access deny sitesbloqueados hora_tarde
http_access deny CONNECT acl_url_im_skype
http_access allow localhost
http_access allow redelocal
http_access deny all
# Email do ADM Cache Squid
cache_mgr webmaster usuario@dominio.com.br
error_directory /usr/share/squid3/errors/pt-br
# mkdir /etc/squid3/regras
Obs.: dentro do diretório /etc/squid3/regras, criar os arquivos necessários para bloqueio de URLs.
Depois, reinicie o Squid:
# service squid3 start
Instalar Sarg no Ubuntu
Pacotes necessários para instalação:# apt-get install sarg
Se necessário, instalar o Apache:
# apt-get install apache2
# service apache2 start
Configurações:
# vi /etc/sarg/sarg.conf
# TAG: Linguagem
#language Portuguese
# TAG: Caminho para o arquivo Access.log
access_log /var/log/squid3/cache.log
# TAG: Graficos
graphs Yes
graph_days_bytes_bar_color Green
# TAG:itulos relatórios
title "Relatorio de Acessos a Internet"
# TAG: Visual
font_face Arial
header_color #666666
header_bgcolor #EEEEEE
header_font_size 9px
title_font_size 11px
background_color #FFFFFF
text_color #666666
text_bgcolor #FFFFFF
title_color #009999
#logo_image none
#logo_text ""
#logo_text_color #000000
#image_size 80 45
#background_image none
# TAG: Temporarios
temporary_dir /tmp/sarg
# TAG: Diretotio de Saida
output_dir /var/www/sarg
# TAG: Top Users
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
# TAG: URL Excluidas do Relatorio
exclude_hosts /etc/sarg/sarg.hosts
# TAG: Filtragem de Strings
#exclude_string /etc/sarg/sarg.strings
# TAG: Filtragem de Usuarios
#exclude_users /etc/sarg/sarg.users
# TAG: Formato de Data
date_format e
# TAG: Limite de Logs [0 = Sem limites]
lastlog 0
# TAG: Mostrar IP
user_ip Yes
# TAG: Mostrar Usuario
usertab /etc/sarg/sarg.usertab
# TAG: Gerando Relatorios
remove_temp_files Yes
index Yes
overwrite_report Yes
records_without_userid ignore
use_comma no
topsites_num 100
topsites_sort_order BYTES D
exclude_codes /etc/sarg/exclude_codes
max_elapsed 28800000
#report_typie topsites users_sites sites_users date_time denied auth_failures
site_user_time_date
long_url no
show_successful_message no
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME
MILISEC %TIME TOTAL AVERAGE
topuser_num 0
download_suffix
"zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,
mp3,avi,mpg,mpeg,rar,docx,xlsx,pptx,pdf,mp4,mkv,tgz,deb,rpm"
# TAG: Caminho para o arquivo Access.log
access_log /var/log/squid3/cache.log
# TAG: Graficos
graphs Yes
graph_days_bytes_bar_color Green
# TAG:itulos relatórios
title "Relatorio de Acessos a Internet"
# TAG: Visual
font_face Arial
header_color #666666
header_bgcolor #EEEEEE
header_font_size 9px
title_font_size 11px
background_color #FFFFFF
text_color #666666
text_bgcolor #FFFFFF
title_color #009999
#logo_image none
#logo_text ""
#logo_text_color #000000
#image_size 80 45
#background_image none
# TAG: Temporarios
temporary_dir /tmp/sarg
# TAG: Diretotio de Saida
output_dir /var/www/sarg
# TAG: Top Users
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
# TAG: URL Excluidas do Relatorio
exclude_hosts /etc/sarg/sarg.hosts
# TAG: Filtragem de Strings
#exclude_string /etc/sarg/sarg.strings
# TAG: Filtragem de Usuarios
#exclude_users /etc/sarg/sarg.users
# TAG: Formato de Data
date_format e
# TAG: Limite de Logs [0 = Sem limites]
lastlog 0
# TAG: Mostrar IP
user_ip Yes
# TAG: Mostrar Usuario
usertab /etc/sarg/sarg.usertab
# TAG: Gerando Relatorios
remove_temp_files Yes
index Yes
overwrite_report Yes
records_without_userid ignore
use_comma no
topsites_num 100
topsites_sort_order BYTES D
exclude_codes /etc/sarg/exclude_codes
max_elapsed 28800000
#report_typie topsites users_sites sites_users date_time denied auth_failures
site_user_time_date
long_url no
show_successful_message no
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME
MILISEC %TIME TOTAL AVERAGE
topuser_num 0
download_suffix
"zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,
mp3,avi,mpg,mpeg,rar,docx,xlsx,pptx,pdf,mp4,mkv,tgz,deb,rpm"
Criar arquivo para relacionar IP com usuário: /etc/sarg/sarg.usertab
Agendar no cron:
# crontab -e
SHELL=/bin/bash
MAILTO=usuario@dominio.com.br
01 00 * * * /usr/sbin/sarg-reports today
00 01 * * 6 /usr/sbin/sarg-reports weekly
00 03 01 * * /usr/sbin/sarg-reports monthly
MAILTO=usuario@dominio.com.br
01 00 * * * /usr/sbin/sarg-reports today
00 01 * * 6 /usr/sbin/sarg-reports weekly
00 03 01 * * /usr/sbin/sarg-reports monthly
Reiniciar o Squid:
# service squid3 reload