squid lentissimo [RESOLVIDO]
1. squid lentissimo [RESOLVIDO]
xlinux
(usa Ubuntu)
Enviado em 24/09/2013 - 11:17h
Bom dia vou postar aqui minhas configurações já fiz de tudo meu squid está lento demais preciso de um help:Squid
http_port 3128 transparent
visible_hostname atenas
error_directory /usr/share/squid3/errors/Portuguese
#--Tamanho do cache da RAM usado pelo squid
cache_mem 512 MB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir aufs /var/spool/squid3 2048 16 256
cache_access_log /var/log/squid3/cache.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#DNS
dns_nameservers 192.168.1.2
#CONFIGURAÇÃO MÍNIMA##
acl manager proto cache_object
acl localnet src 127.0.0.1/255.255.255.255
acl to_localnet dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 1443 1494 11090 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 1433 # sql
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # [*****]
acl Safe_ports port 5432
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
##ACLS
acl sitesbloqueados url_regex -i "/etc/squid3/sitesbloqueados/bloqueados.txt"
#acl hora_manha time MTWHF 07:00-11:30
#acl hora_tarde time MTWHF 14:00-19:00
#acl hosts_macaddress arp "/etc/squid3/"
acl redelocal src 192.168.1.0/24
##Controle de acesso
http_access deny sitesbloqueados
http_access allow localnet
http_access allow localnet
http_access allow all
# Email do ADM Cache Squid
#cache_mgr webmaster usuario@dominio.com.br
Firewall
#!/bin/bash
iptables -F
iptables -X
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_tables
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-ports 3128
iptables -A FORWARD -t filter -j ACCEPT
iptables -A FORWARD -t filter -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -s 0/0 -d 0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 0/0 -d 0/0 -o eth+ -j MASQUERADE
chmod +x /etc/init.d/firewall
/etc/init.d/firewall.sh
Configuração do Bind
db.atenas.local(meu servidor)
// Substitua tabajara.local com o nome do seu dominio. nao esqueca do . depois do nome do dominio!
$TTL 86400 ; Tempo para atualizar o cache do dns - apartir do bind9 eh obrigatoria
@ IN SOA atenas.local. root.atenas.local.(
2013092401 ; Serial, deve ser mudado toda vez que alterar o arquivo
10800 ; refresh apos 3h
3600 ; retry apos 1h
640800 ; expire apos 1 semana
86400 ; default_ttl minimo de 1 dia
)
NS servidor.atenas.local.
servidor A 192.168.1.2
www A 192.168.1.2
Named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "atenas.com.br" {
type master;
file "atenas.local";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
NAMED.CONF.LOCAL
//
// Do any local configuration here
//
//
// Do any local configuration here
//
zone "atenas.local" {
type master;
file "/etc/bind/zones/atenas.local";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.1.168.192";
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
NAMED.CONF.OPTIONS
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
// Servidores DNSs abertos. Você coloca a sua escolha.
200.175.182.139;
200.175.5.139;
// ADSL router. Aqui você deve ter o cuidado de colocar o IP do gateway/roteador da sua rede.
192.168.1.2;
};
// Opcoes de seguranca.
listen-on port 53 { 127.0.0.1; 192.168.1.2; };
allow-query { 127.0.0.1; 192.168.1.0/24; };
allow-recursion { 127.0.0.1; 192.168.1.0/24; };
allow-transfer { none; };
auth-nxdomain no; # conform to RFC1035
//listen-on-v6 { any; };
};
RESOLV.CONF
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 10.1.1.1
nameserver 10.1.1.201
Percebo quando reinicio o servidor a navegação fica rápida mas em cinco minutos vira uma carroça....
Pessoal onde estou errando?
Obrigado