Fala galera, seguinte...estou com o seguinte problema eu montei um proxy, FreeBSD 6.1 XEON 3.0 1GB RAM 40 SCSI 2 placas GIGA "ps: ela nao faz nat..somente forward"
Esta máquina..esta funcionando como Hierarquia de proxy, ou seja, ele é um proxy antes do outro proxy, tive q instalar ele pra filtrar coisas que o proxy 2 não filtra.. Até ae. blz..compilei a ultima versão estavel do squid..com diskd.. igualzinho ao artigo da FUG mas galera....o acesso á paginas está muito lento..as vezes nem abre as páginas.. esta maquina está segurando uns 160 usuários. Eu ja não sei mais oq fazer.....pq se eu tiro o proxy 1 e deixo as pessoas navegar direito pelo proxy 2 , como eles estavam antes...a internet volta a ficar rapida. então logo..o gargalo ta no meu proxy. vou postar a configuração do meu squid.conf http_port 3128 ##### CACHE ############ cache_mem 256 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 250 MB cache_dir diskd /usr/cache 5000 16 256 Q1=72 Q2=64 cache_replacement_policy heap GDSF ##### ICP ###### icp_port 3130 #hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY visible_hostname proxy2 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 ######## HIERARQUIA DE PROXY ############### cache_peer 10.1.6.82 parent 80 3130 no-query no-digest default ######### USUARIO PARA RODAR O SQUID ########### # Usuario sob o qual ira rodar o Squid. cache_effective_user squid # Grupo sob o qual ira rodar o Squid. cache_effective_group squid ############ LOGS ####################### # Log de requisicoes. cache_access_log /var/logs/access.log # Log do cache. cache_log /var/logs/cache.log ############# ACLS #################### acl all src 0.0.0.0/0.0.0.0 ############ BLOQUEIA IP PARA ACESSAR PAGINAS ########## acl ipnegado src "/usr/local/etc/squid/regras/IPBlock" ############ LIBERA IP PARA ACESSO TOTAL ########## acl Livres src "/usr/local/etc/squid/regras/IPLivre" ############## MUSICAS E RADIO ONLINE BLOQUEIA ################## acl proibir_musica urlpath_regex -i "/usr/local/etc/squid/regras/Musicblock" ############## DOWNLOADS BLOQUEADOS ################## acl download url_regex -i "/usr/local/etc/squid/regras/Downblock" ############## DOWNLOADS PERMITIDOS ################## acl downloadok url_regex -i "/usr/local/etc/squid/regras/Downaccept" ############### SITES BLOQUEADOS ############### acl Negados url_regex -i "/usr/local/etc/squid/regras/Negados" ############### SITES LIBERADOS ############### acl SitesAllow url_regex -i "/usr/local/etc/squid/regras/Livres" #Agora comeca o squid default acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl rede_interna src 10.30.1.0/24 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT ########## DEFINE CONTROLE DE ACESSO ######## http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports icp_access allow all http_access allow Livres http_access allow SitesAllow http_access deny ipnegado http_access deny Negados http_access allow download Livres http_access allow downloadok http_access deny download #http_reply_access allow downloadsrp Livres #http_reply_access deny downloadsrp #http_reply_access allow streaming Livres #http_reply_access deny streaming http_access deny proibir_musica http_access allow localhost http_access allow rede_interna http_access deny all http_reply_access allow all icp_access allow all detect_broken_pconn on pipeline_prefetch on coredump_dir none never_direct allow all cache_log on ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
