Squid Lento
1. Squid Lento
joaov1tor
(usa Outra)
Enviado em 20/10/2014 - 17:27h
Boa tarde, estou com problema no meu squid/iptabels, ele esta lento d+++++, segue abaixo squid.conf e iptables.http_port 3128 transparent
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
error_directory /usr/share/squid/errors/pt-br
emulate_httpd_log on
visible_hostname GRUPO_GUARDIA
cache_mgr suporte@2mtecnologia.com.br
cache_effective_user squid
cache_effective_group squid
refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# acl - Recomendadas
#*******************
acl all src
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/32
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#
# acl - Personalizadas
#*********************
#
# *** Define portas liberadas
acl Safe_ports port 3050 # Interbase/Firebird
acl Safe_ports port 23000 # Serpro
acl Safe_ports port 13352 # SIRF
acl Safe_ports port 500 # FAP Digital
acl Safe_ports port 5017 # PREV
acl redelocal src 10.1.1.0/24
acl mac_liberado arp "/etc/squid/files/mac"
http_access allow mac_liberado
acl ips_liberados src "/etc/squid/files/ips_liberados"
http_access allow ips_liberados
acl sites_liberados url_regex -i "/etc/squid/files/sites_liberados"
http_access allow sites_liberados
acl sites_bloqueados url_regex -i "/etc/squid/files/sites_bloqueados"
http_access deny sites_bloqueados
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow redelocal
http_access deny all
=========================================================================
#!/bin/bash
#liberando encaminhamento de pacotes
echo "1" > /proc/sys/net/ipv4/ip_forward
# adicionando módulos no kernel
modprobe ip_tables
modprobe iptable_nat
# limpando todas as regras pré-existentes no iptables
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F
iptables -t mangle -F
# habilitando o encaminhamento de pacoes via iptables
# lembre-se que se estiver usando uma outra interface troque
# a eth0 pela qual estiver você estiver usando no momento da configuração
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#Habilitando a troca de porta do proxy
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
#liberando terminal service
iptables -t nat -A PREROUTING -p tcp --dport 3389 -i eth0 -j DNAT --to 10.1.1.2
iptables -t nat -A PREROUTING -p tcp --dport 3390 -i eth0 -j DNAT --to 10.1.1.3:3389
# liberando ssh
iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 -j DNAT --to 10.1.1.1
# liberando DVR
iptables -t nat -A PREROUTING -p tcp --dport 9001 -i eth0 -j DNAT --to 10.1.1.4
iptables -t nat -A PREROUTING -p udp --dport 9001 -i eth0 -j DNAT --to 10.1.1.4
iptables -t nat -A PREROUTING -p tcp --dport 9002 -i eth0 -j DNAT --to 10.1.1.4
iptables -t nat -A PREROUTING -p udp --dport 9002 -i eth0 -j DNAT --to 10.1.1.4
iptables -t nat -A PREROUTING -p tcp --dport 9003 -i eth0 -j DNAT --to 10.1.1.5
iptables -t nat -A PREROUTING -p udp --dport 9003 -i eth0 -j DNAT --to 10.1.1.5
iptables -t nat -A PREROUTING -p tcp --dport 9004 -i eth0 -j DNAT --to 10.1.1.5
iptables -t nat -A PREROUTING -p udp --dport 9004 -i eth0 -j DNAT --to 10.1.1.5
#placa ethernet pabc
iptables -t nat -A PREROUTING -p tcp --dport 61000 -i eth0 -j DNAT --to 10.1.1.255
# liberando webmin
iptables -t nat -A PREROUTING -p tcp --dport 10000 -i eth0 -j DNAT --to 10.1.1.1
# liberando totvs
iptables -t nat -A PREROUTING -p tcp --dport 5555 -i eth0 -j DNAT --to 10.1.1.3
iptables -t nat -A PREROUTING -p tcp --dport 6666 -i eth0 -j DNAT --to 10.1.1.3
iptables -t nat -A PREROUTING -p tcp --dport 1237 -i eth0 -j DNAT --to 10.1.1.3
iptables -t nat -A PREROUTING -p tcp --dport 1247 -i eth0 -j DNAT --to 10.1.1.3
iptables -t nat -A PREROUTING -p tcp --dport 2244 -i eth0 -j DNAT --to 10.1.1.3
#bloqueio facebook
iptables -A FORWARD -i eth0 -d 10.1.1.0/24 -m string --algo bm --string "facebook.com" -j DROP #BLOQUEIA GERAL
iptables -A FORWARD -i eth0 -d 10.1.1.0/24 -m string --algo bm --string "twitter.com" -j DROP #BLOQUEIA GERAL
iptables -I FORWARD -m string --algo bm --string "facebook.com" -j DROP
Fico aguardando retorno!!!
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
