Ola
Sou iniciante em Linux depois que instalei e direcionei a minha internet para trabalhar com o squid no Red Hat 9 ficou muito lenta.
Já fazem 3 semanas que estou tentando resolver este problema e não consigo. :toim:
Vou tentar remover o Squid e instalar novamente.
O que vcs acham?
Pode ser a Solução
Tenho um AMD 600mhz com 256Mb de ram e um HD de 10Gb
Vou postar meu Iptable e meu squid.conf para analise.
Obrigado
Marcelo PC
_____________________________________________________________
IPTABLE
#!/bin/bash
VERSAO="1.2"
ULTALT="09/2005"
#--------------------------------------------------------------
#Inicializando
#--------------------------------------------------------------
echo -e "\n\nCarregando IPTABLES Firewall $VERSAO de $ULTALT"
echo "---------------------------------------------------------"
echo "- LIBERANDO ACESSO AO FTP"
modprobe ip_nat_ftp
#--------------------------------------------------------------
# Ajustando maos
#--------------------------------------------------------------
#rmmod ipchains
#modprobe iptable_nat
#insmod ip_conntrack_ftp
#insmod ip_nat_ftp
#--------------------------------------------------------------
# Declaracao de Variaveis
#--------------------------------------------------------------
# Portas Altas
#
HIGHPORTS="1024:65535"
#
# Interface e endereco de loopback
#
LOOPBACKIF="lo"
LOOPBACKIP="172.0.0.1"
#
# Configuracao da Interface Externa
#
EXTIF="eth0"
EXTIP="200.161.5.156"
EXTBROAD="200.161.5.255"
EXTGW="200.161.5.129"
#
# Configuraçãda Interface Interna 1.
#
INTIF="eth1"
INTIP="192.168.0.1"
INTLAN="192.168.0.0/24"
#
# IP e mascara para todos os enderecos internet
#
UNIVERSE="0.0.0.0/0"
#
# Mascara de IP para todas as transmissoes de broadcast
#
BROADCAST="255.255.255.255"
echo " - Configurar politicas padrao para REJECT"
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
echo " - Descartar todas as regras antigas"
#
/sbin/iptables -F
/sbin/iptables -t nat -F
#-------------------------------------------------------------------
# Habilita Forwarding e Masquerading TCP/IP a partir da rede interna
#-------------------------------------------------------------------
echo " - Habilitando IP forwarding."
echo "1" > /proc/sys/net/ipv4/ip_forward
#-------------------------------------------------------------------
# Liberando as portas 5000 ate 5100
#-------------------------------------------------------------------
/sbin/iptables -A INPUT -p udp --dport 5000:5100 -j ACCEPT
#-------------------------------------------------------------------
# Abrindo acesso para a rede interna
#-------------------------------------------------------------------
echo " - Abrindo acesso para rede interna"
/sbin/iptables -A FORWARD -s $INTLAN -d $UNIVERSE -j ACCEPT
/sbin/iptables -A FORWARD -s $UNIVERSE -d $INTLAN -j ACCEPT
/sbin/iptables -A INPUT -s $INTLAN -d $INTIP -j ACCEPT
# Masquerade da rede interna 1 na interface local para internet.
#
echo " - Habilitando IP Masquerading na rede interna 1 para internet."
/sbin/iptables -t nat -A POSTROUTING -s $INTLAN -o $EXTIF -j MASQUERADE
#abre portas altas para reply em tcp e udp
echo " - Abrindo portas altas para reply em tcp e em udp"
/sbin/iptables -A INPUT -p tcp -s $UNIVERSE -d $EXTIP -j ACCEPT ! --syn --dport $HIGHPORTS
/sbin/iptables -A INPUT -p udp -s $UNIVERSE -d $EXTIP -j ACCEPT --dport $HIGHPORTS
echo "- ROTEANDO PARA PORTA 3128"
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
#Final
#
echo "----------------------------------------------------"
echo -e "IPTABLES Firewall $VERSAO $ULTALT implementado.\n"
_____________________________________________________________
SQUID.CONF
http_port 192.168.0.1:3128
#acl QUERY urlpath_regex cgi-bin \?
#no_cache deny QUERY
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
client_netmask 255.255.255.0
# maximum_object_size_in_memory 8 KB
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95
# fqdncache_size 1024
# cache_replacement_policy lru
# memory_replacement_policy lru
cache_dir ufs /var/spool/squid/ 128 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
# emulate_httpd_log off
# pid_filename /var/run/squid.pid
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to deny
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default:
http_access allow all
request_body_max_size 0
visible_hostname proxy