Recently tried to deploy this proxy (squid) in a client, but the
performance was bad. Access to the Internet was slow.
Is there any serious failure that committed without realizing?
They help me make it better?
The configuration of the machine was:
Processor: 3000 MHz (Pentium IV)
Memory: 1 GB
Hard Disk: 80 Gb
* The configuration file for squid is this:*
################ Squid ######################
### Arquivo de Configuracao do Squid
### Yuri Rodrigues - yurirbraz@gmail.com
#### Tags Comuns
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_mem 192 Mb
cache_swap_log /var/spool/squid/swap.log
cache_dir diskd /var/spool/squid 1024 16 256
maximum_object_size_in_memory 64 KB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
### Tags Proxy Autenticado
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
####################################
# Porta de acesso a internet
http_port 3128 transparent
# Nome da rede
visible_hostname champ
# esta ACL que exige a autenticacao dos usuarios
#acl USUARIOS proxy_auth REQUIRED
# ACL que identifica toda a rede
acl all src 192.168.0.0/16
### Bloqueio do msn
acl msnbloque url_regex -i "/etc/squid/srcmsn"
acl msnlibera src "/etc/squid/msnliberados"
http_access deny msnbloque !msnlibera
#########################
### Grupo de ips liberados
acl cpd src "/etc/squid/liberados"
http_access allow cpd
################################
######## Zona de Seguranca A #############
acl grupo1 src "/etc/squid/grupo1"
acl sites_grupo1 url_regex -i "/etc/squid/sites_grupo1.txt"
http_access allow grupo1 sites_grupo1
##################################
######## Zona de Seguranca B #############
#acl grupo2 src "/etc/squid/grupo2"
#acl sites_grupo2 url_regex -i "/etc/squid/sites_grupo2.txt"
#http_access allow grupo2 sites_grupo2
##################################
######## Zona de Seguranca Wifi #############
acl wifi src "/etc/squid/wifi"
acl sites_wifi url_regex -i "/etc/squid/sites_wifi.txt"
http_access allow wifi sites_wifi
##################################
# Bloquear todo o resto
http_access deny all
*The rules of firewall used were these:*
#! /bin/sh
iptables -F
iptables -t nat -F
iptables -t mangle -F
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
/sbin/modprobe iptable_nat
/sbin/modprobe ip_tables
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack
/sbin/modprobe ipt_multiport
/sbin/modprobe iptable_mangle
iptables -I PREROUTING -t nat -p tcp -s 192.168.0.0/16 --dport 80 -j
REDIRECT --to-port 3128
iptables -t nat -I POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/16 -d loginnet.passport.com -j REJECT
iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 25255 -j
DNAT --to 192.168.1.200
iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 20 -j
DNAT --to 192.192.1.200
iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 21 -j
DNAT --to 192.168.1.200
Since already many thanks to all.
Have a great day.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment