+ Responder ao Tópico



  1. #1

    Padrão proxy transparente no star-os.

    é o seguinte ele fica muito lento ... as paginas que estão em cache é muito rapido mais as que nao estão demora mais de 15 segundos para começar a carregar.. se a pagina for exemplo www.uai.com.br\algumacoisa e dentro dela.. tiver um link www.uai.com.br\outracoisa funciona blz ... mais ser for maisumacoisa.uai.com.br demora mais de 15 segundos para começar a abrir .. ou seja.. não dá...

    minha configuração é a seguinte....
    Athon xp 2000
    1024 MB DDR
    HD Do Proxy 40GB

    internet = eth0 ( 10.0.2.18 )
    clientes = Wlan1 192.168.253.0/24
    clientes = Wlan2 192.168.254.0/24


    no firewalll coloquei as seguintes linhas:

    forward tcp to 10.0.2.18 8080 from 192.168.254.0/24 to any 80 out via $net
    forward tcp to 10.0.2.18 8080 from 192.168.253.0/24 to any 80 out via $net

    Minhas configurações do proxy:

    # Caching proxy configuration.
    # The defaults in this file should be enough for a fully operational proxy
    # with no changes nessesary outside of the 'Access Control List' items
    # below.

    # The port the proxy will operate on. It is advisable to firewall access to
    # this port from the Internet as to prevent it from being used as a SPAM
    # gateway.
    http_port 8080

    # Change this to be unique between proxy servers, if using more than one.
    visible_hostname proxy

    cache_mem 512 MB
    maximum_object_size 100MB

    #minimum_object_size 0 KB
    # maximum_object_size_in_memory 128 KB
    # cache_swap_low 512
    # cache_swap_high 512
    # dns_children 5
    # dns_retransmit_interval 5 seconds
    # dns_timeout 5 minutes

    # connect_timeout 2 minutes
    # peer_connect_timeout 30 seconds

    ## ENABLE TRANSPARENT PROXY SUPPORT
    #############################################
    cache_mgr webmaster
    httpd_accel_port 80
    httpd_accel_host virtual
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on

    hierarchy_stoplist cgi-bin ?
    ftp_user proxy@

    #### DISABLE CACHING OF CGI-BIN OBJECTS
    #############################################
    # TAG: no_cache
    # A list of ACL elements which, if matched, cause the reply to
    # immediately removed from the cache. In other words, use this
    # to force certain objects to never be cached.
    #
    # You must use the word 'DENY' to indicate the ACL names which should
    # NOT be cached.

    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY

    #### ACCESS CONTROL LISTS
    #############################################
    # TAG: acl
    # Defining an Access List
    #
    # acl aclname acltype string1 ...
    #
    # acltype is one of src dst srcdomain dstdomain url_pattern
    # urlpath_pattern time port proto method browser user
    #
    # By default, regular expressions are CASE-SENSITIVE. To make
    # them case-insensitive, use the -i option.
    #
    # acl aclname src ip-address/netmask ... (clients IP address)
    # acl aclname src addr1-addr2/netmask ... (range of addresses)
    # acl aclname dst ip-address/netmask ... (URL host's IP address)
    # acl aclname myip ip-address/netmask ... (local socket IP address)
    #
    # acl aclname srcdomain .foo.com ... # reverse lookup, client IP
    # acl aclname dstdomain .foo.com ... # Destination server from URL
    # acl aclname srcdom_regex [-i] xxx ... # regex matching client name
    # acl aclname dstdom_regex [-i] xxx ... # regex matching server
    # # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
    # # based URL is used. The name "none" is used if the reverse lookup
    # # fails.
    #
    # acl aclname time [day-abbrevs] [h1:m1-h2:m2]
    # day-abbrevs:
    # S - Sunday
    # M - Monday
    # T - Tuesday
    # W - Wednesday
    # H - Thursday
    # F - Friday
    # A - Saturday
    # h1:m1 must be less than h2:m2
    #
    # acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL
    # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path
    # acl aclname port 80 70 21 ...
    # acl aclname port 0-1024 ... # ranges allowed
    # acl aclname myport 3128 ... # (local socket TCP port)
    # acl aclname proto HTTP FTP ...
    # acl aclname method GET POST ...
    # acl aclname browser [-i] regexp
    # # pattern match on User-Agent header
    # acl aclname ident username ...
    # acl aclname ident_regex [-i] pattern ...
    # # string match on ident output.
    # # use REQUIRED to accept any non-null ident.
    # acl aclname src_as number ...
    # acl aclname dst_as number ...
    # # Except for access control, AS numbers can be used for
    # # routing of requests to specific caches. Here's an
    # # example for routing all requests for AS#1241 and only
    # # those to mycache.mydomain.net:
    # # acl asexample dst_as 1241
    # # cache_peer_access mycache.mydomain.net allow asexample
    # # cache_peer_access mycache_mydomain.net deny all
    #
    # acl aclname proxy_auth username ...
    # acl aclname proxy_auth_regex [-i] pattern ...
    # # list of valid usernames
    # # use REQUIRED to accept any valid username.
    # #
    # # NOTE: when a Proxy-Authentication header is sent but it is not
    # # needed during ACL checking the username is NOT logged
    # # in access.log.
    # #
    # # NOTE: proxy_auth requires a EXTERNAL authentication program
    # # to check username/password combinations (see
    # # authenticate_program).
    # #
    # # WARNING: proxy_auth can't be used in a transparent proxy. It
    # # collides with any authentication done by origin servers. It may
    # # seem like it works at first, but it doesn't.
    #
    # acl aclname snmp_community string ...
    # # A community string to limit access to your SNMP Agent
    # # Example:
    # #
    # # acl snmppublic snmp_community public
    #
    # acl aclname maxconn number
    # # This will be matched when the client's IP address has
    # # more than <number> HTTP connections established.
    #
    # acl req_mime_type mime-type1 ...
    # # regex match agains the mime type of the request generated
    # # by the client. Can be used to detect file upload or some
    # # types HTTP tunelling requests.
    # # NOTE: This does NOT match the reply. You cannot use this
    # # to match the returned file type.
    #

    # Examples:
    # acl myexample dst_as 1241
    # acl password proxy_auth REQUIRED
    # acl fileupload req_mime_type -i ^multipart/form-data$

    # Recommended minimum configuration:
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl Relay_Email port 25 # SMTP (used by bulk emailers)
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    #### ACCESS CONTROLS
    #############################################
    # TAG: http_access
    # Allowing or Denying access based on defined access lists
    #
    # Access to the HTTP port:
    # http_access allow|deny [!]aclname ...
    #
    # NOTE on default values:
    #
    # If there are no "access" lines present, the default is to deny
    # the request.
    #
    # If none of the "access" lines cause a match, the default is the
    # opposite of the last line in the list. If the last line was
    # deny, then the default is allow. Conversely, if the last line
    # is allow, the default will be deny. For these reasons, it is a
    # good idea to have an "deny all" or "allow all" entry at the end
    # of your access lists to avoid potential confusion.

    # Deny those who wish to use the proxy as an email gateway
    http_access deny Relay_Email

    http_access allow manager localhost
    http_access deny manager

    # Deny requests to unknown ports
    http_access deny !Safe_ports

    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports

    # Replace the 'http_access allow all' with your own http_access statements
    # for the subnets you wish to grant access. (default is to allow all)
    http_access allow all
    http_access deny all
    icp_access deny all

    #### INTERNET EXPLORER 5.5 REFRESH FIX
    #############################################
    # TAG: ie_refresh on|off
    # Microsoft Internet Explorer up until version 5.5 Service
    # Pack 1 has an issue with transparent proxies, wherein it
    # is impossible to force a refresh. Turning this on provides
    # a partial fix to the problem, by causing all IMS-REFRESH
    # requests from older IE versions to check the origin server
    # for fresh content. This reduces hit ratio by some amount
    # (~10% in my experience), but allows users to actually get
    # fresh content when they want it. Note that because Squid
    # cannot tell if the user is using 5.5 or 5.5SP1, the behavior
    # of 5.5 is unchanged from old versions of Squid (i.e. a
    # forced refresh is impossible). Newer versions of IE will,
    # hopefully, continue to have the new behavior and will be
    # handled based on that assumption. This option defaults to
    # the old Squid behavior, which is better for hit ratios but
    # worse for clients using IE, if they need to be able to
    # force fresh content.

    ie_refresh on

    ############################################################################
    # The entries below must remain unaltered or the proxy will not
    # operate properly.
    cache_dir ufs /hdd/squid/cache 1024 64 256
    cache_access_log /hdd/squid/logs/access.log
    cache_log /hdd/squid/logs/cache.log
    cache_store_log /hdd/squid/logs/store.log
    pid_filename /hdd/squid/logs/squid.pid
    cache_effective_user nobody
    cache_effective_group nobody
    ############################################################################

    Por Favor Gente alguém me salve .....

  2. #2
    Visitante

    Padrão proxy transparente no star-os.

    ninguem conseguiu fazer isso no star os?