Boa tarde galera...
hj anoite vo começar tudo do zero... novamente passar a madrugada.. tentando resolver esse problema.. se algume quiser me ajudar.... me add
[email protected].....
Obrigado a todos q me ajudaram
Versão Imprimível
Boa tarde galera...
hj anoite vo começar tudo do zero... novamente passar a madrugada.. tentando resolver esse problema.. se algume quiser me ajudar.... me add
[email protected].....
Obrigado a todos q me ajudaram
galera... eu consegui... fazer o proxy paralelo com o seguinte codigo do squid....
tem como ver c tem algum erro ??
como eu sei q ela ta funcionando certinhu ???
como eu consigo ver um relatorio de todos os sites acessados ????
eu vi um programa q c chama sarg ?????
# regras de segurança, iptables, etc. executadas no mikrotik.
http_port 5128 transparent
visible_hostname webproxy
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70 #protocolo gopher antigão
acl Safe_ports port 210 #whais
acl Safe_ports port 1024-65535 #todas as outras portas
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multi http
acl Safe_ports port 901 #acesso Swat
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_PORTS
#permissão de acesso ao proxy, rede do Mikrotik
#classe de rede ou classes separadas por espaços.
acl redelocal src 192.168.10.1/24
http_access allow localhost
http_access allow redelocal
#bloquear todos outros acessos.
http_access deny all
#access log
cache_access_log /var/log/squid3/access.log
#cache.log
cache_log /var/log/squid3/cache.log
#memoria reservada para o cache, coloque um valor de preferencia 40%
# do total da sua maquina, e não mais.
cache_mem 700 MB
#máximo tamanho dos arquivo cache na memoria
maximum_object_size_in_memory 128 KB
#máximo tamanho dos arquivo cache no hd
maximum_object_size 5120 MB
minimum_object_size 0 KB
#regra que começa a esvaziar / substituir arquivos no cache em 90%
cache_swap_low 80
cache_swap_high 90
#indicação de localização da pasta de arquivos cache e em sequência valor
#total em MB de espaço no hd a ser usado pelo cache, numero de pastas, e
#numero de subpastas do cache.
cache_dir ufs /var/spool/squid3 50048 16 256
#intervalos de tempos que o proxy verificara os arquivos dos site acessado
#conferem com o do cache, o valor 4560 significa 04 dias
refresh_pattern ^ftp: 15 20% 4560
refresh_pattern ^gopher: 15 0% 4560
refresh_pattern . 15 20% 4560
#Mantendo objetos recentes e pequenos na memoria
memory_replacement_policy heap GDSF
#Ativando pools de memoria, evitando o Squid ficar realocando memoria toda hora que precisar, manter pools de 32MB
#memory_pools off
#memory_pools_limit 0
galera tem algum erro no conf ???
tenho como aumentar o cache rapido..
qndo eu baixo um arquivo de uns 4mb e baixou denovu
ele vem rapidinhu...
agora qndo baixo um maior... de uns 20 mb.. ele vem normal.. a taxa
q tiver cadastra no clientes.
galera tem como ver c minha conf. ta certa???
lembrando meu mikrotik 2.9.27
/ ip firewall filter
add chain=input in-interface=internet protocol=tcp dst-port=3128 action=drop \
comment="" disabled=no
/ ip firewall nat
add chain=srcnat src-address=15.15.0.0/30 action=masquerade comment="Conex o \
para o proxy" disabled=no
add chain=pre-hotspot in-interface=clientes src-address=192.168.10.0/24 \
dst-address=!15.15.0.2 protocol=tcp dst-port=80 hotspot=auth \
action=redirect to-ports=3128 comment="Redirecionamento do proxy do \
servidor para os clientes" disabled=no
add chain=srcnat src-address=192.168.10.0/24 action=masquerade \
comment="Conex o para os clientes" disabled=no
/ip firewall mangle
add chain=output protocol=tcp src-port=3128 content="X-Cache: HIT" \
action=mark-connection new-connection-mark=squid-connection-HIT \
passthrough=yes comment="CACHE FULL SQUID-DEBIAN" disabled=no
add chain=output connection-mark=squid-connection-HIT action=mark-packet \
new-packet-mark=squid-packet-HIT passthrough=yes comment="" disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=P2P-Conexao passthrough=yes comment="CONTROLE P2P" \
disabled=no
add chain=prerouting protocol=tcp tcp-flags=syn p2p=all-p2p \
connection-limit=15,24 action=mark-connection \
new-connection-mark=P2P-Conexao-Limite passthrough=yes comment="" \
disabled=no
add chain=prerouting connection-mark=P2P-Conexao action=mark-packet \
new-packet-mark=P2P-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=P2P-Conexao-Limite action=mark-packet \
new-packet-mark=P2P-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=ICMP-Conexao passthrough=yes comment="CONTROLE ICMP" \
disabled=no
add chain=prerouting connection-mark=ICMP-Conexao action=mark-packet \
new-packet-mark=ICMP-Pacotes passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="CONTROLE \
NAVEGACAO" disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=yes
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=21 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting connection-mark=Navegacao-Conexao action=mark-packet \
new-packet-mark=Navegacao-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="CONTROLE \
MESSENGER" disabled=no
add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=6891-6901 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=udp dst-port=6891-6901 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=udp dst-port=5190 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting connection-mark=Messenger-Conexao action=mark-packet \
new-packet-mark=Messenger-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=Acesso-Remoto-Conexao passthrough=yes comment="Winbox" \
disabled=no
add chain=prerouting connection-mark=Acesso-Remoto-Conexao action=mark-packet \
new-packet-mark=Acesso-Remoto-Pacotes passthrough=no comment="" \
disabled=no
add chain=prerouting protocol=udp action=mark-connection \
new-connection-mark=UDP-Conexao passthrough=yes comment="CONTROLE UDP" \
disabled=no
add chain=prerouting connection-mark=UDP-Conexao action=mark-packet \
new-packet-mark=UDP-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=Outras-Conexao \
passthrough=no comment="CONTROLE SERVICOS NAO IDENTIFICADOS" disabled=yes
add chain=prerouting connection-mark=Outras-Conexao action=mark-packet \
new-packet-mark=Outras-Pacotes passthrough=no comment="" disabled=yes
add chain=prerouting action=accept comment="" disabled=yes
resto da configuração......
tem como ver c tem algo errado para min ??
eu sinto a nevegação um poko presa....
/ queue tree
add name="QOS" parent=global-total packet-mark="" limit-at=128000 \
queue=default priority=8 max-limit=100000000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="1 - Navegacao" parent=QOS packet-mark=Navegacao-Pacotes \
limit-at=128000 queue=default priority=8 max-limit=100000000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="2 - Messenger" parent=QOS packet-mark=Messenger-Pacotes \
limit-at=128000 queue=default priority=2 max-limit=4000000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="5 - P2P" parent=QOS packet-mark=P2P-Pacotes limit-at=200000 \
queue=default priority=5 max-limit=200000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="3 - ICMP" parent=QOS packet-mark=ICMP-Pacotes limit-at=128000 \
queue=default priority=1 max-limit=250000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="4 - UDP" parent=QOS packet-mark=UDP-Pacotes limit-at=128000 \
queue=default priority=3 max-limit=1000000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Cache Full Squid-Debian" parent=global-out \
packet-mark=squid-packet-HIT limit-at=0 queue=default priority=8 \
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ ip pool
add name="dhcp_pool2" ranges=192.168.10.20-192.168.10.254
/ ip dns
set primary-dns=200.204.0.10 secondary-dns=200.204.0.138 \
allow-remote-requests=yes cache-size=10240KiB cache-max-ttl=1w
/ ip address
add address=10.0.0.138/24 network=10.0.0.0 broadcast=10.0.0.255 \
interface=internet comment="" disabled=yes
add address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255 \
interface=clientes comment="" disabled=no
add address=15.15.0.1/30 network=15.15.0.0 broadcast=15.15.0.3 interface=proxy \
comment="" disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" \
transparent-proxy=yes parent-proxy=15.15.0.2:5128 \
cache-administrator="webmaster" max-object-size=1KiB cache-drive=system \
max-cache-size=none max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
add src-address=192.168.10.0/24 action=allow comment="Acesso a rede " \
disabled=no
add action=deny comment="" disabled=no
add url="http://www.speedyzone/wsc/" action=deny comment="" disabled=no
add url="http://speedyzone/wsc/" action=deny comment="" disabled=no
add url="http://www.speedy.zone/wsc/" action=deny comment="" disabled=no
add url="speedy.zone/wsc/" action=deny comment="" disabled=no
add url="http://200.171.222.97/wsc/" action=deny comment="" disabled=no
/ ip web-proxy cache
add url=":cgi-bin \\?" action=deny comment="don't cache dynamic http pages" \
disabled=no
add url="https://" action=deny comment="don't cache dynamic https pages" \
disabled=no
obrigado a todos q me ajudaram.
e me ajudam...
muto obrigado a todos... sem vc´s naum teria conseguido fazer nda..
muito obrigado a todos ...
eu tava pensando c eu colocar o debian no switch ele vai funcionar em paralelo ???
internet
!
!
roteador
!
!
Mkt
!
!
switch ------ Debian
!
!
clientes
assim funciona ou ele naum vai localizar o mkt ??
entuam galera minha regras q postei anteriormente ta certinha ???
eu sinto e ele ta dando umas travadas.....
preciso de ajuda..
obrigado a todos q me ajudaram agradeço muito
Obrigado
alguma ideia galera ????
me ajudem por favor..