xlinux
(usa Ubuntu)
Enviado em 23/09/2013 - 14:07h
boa tarde pessoal,
Implementei aqui um servidor (proxy/firewall), o pessoal já está passando por ele mesmo via wireless no entanto percebo que as conexões estão extremamente lentas... o que poderia ser? O problema é no Squid? ou Firewall? Posto abaixo a configuração dos dois...
SQUID
http_port 3128 transparent
visible_hostname atenas
error_directory /usr/share/squid3/errors/Portuguese
cache_mem 256 MB #--Tamanho do cache da RAM usado pelo squid
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid3 2048 16 256
cache_access_log /var/log/squid3/cache.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#CONFIGURAÇÃO MÍNIMA##
acl manager proto cache_object
acl localnet src 127.0.0.1/255.255.255.255
acl to_localnet dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 1443 1494 11090 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 1433 # sql
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 #
[*****]
acl Safe_ports port 5432
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
##ACLS
acl sitesbloqueados url_regex -i "/etc/squid3/sitesbloqueados/bloqueados.txt"
#acl hora_manha time MTWHF 07:00-11:30
#acl hora_tarde time MTWHF 14:00-19:00
#acl hosts_macaddress arp "/etc/squid3/"
acl redelocal src 192.168.1.0/24
##Controle de acesso
http_access deny sitesbloqueados
http_access allow localnet
http_access allow localnet
http_access allow all
# Email do ADM Cache Squid
#cache_mgr webmaster usuario@dominio.com.br
FIREWALL
#!/bin/bash
iptables -F
iptables -X
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_tables
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-ports 3128
iptables -A FORWARD -t filter -j ACCEPT
iptables -A FORWARD -t filter -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -s 0/0 -d 0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 0/0 -d 0/0 -o eth+ -j MASQUERADE
chmod +x /etc/init.d/firewall
/etc/init.d/firewall.sh
Tem mais alguma coisa que possa fazer??? Uso Ubuntu 9
Obrigado