Primero que todo si me Sale SQUID funcionando.
Pero, es como si las pc's no pasaran por el squid, pongo algunas paginas en prohibidos y igual puedo acceder a ellas.
este es mi squid.conf
- Código: Selecionar todos
acl all src 192.168.0.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl pc_blanca src "/argentobr/squid/pc_blanca"
acl pc_negra src "/argentobr/squid/pc_negra"
acl NO_cache dstdomain -i "/argentobr/squid/no_cache"
acl sitios_prohibidos url_regex -i "/argentobr/squid/sitios_prohibidos"
acl sitios_inocentes url_regex -i "/argentobr/squid/sitios_inocentes"
acl lista_extensiones urlpath_regex -i "/argentobr/squid/lista_extensiones"
#server_persistent_connections off
#tcp_outgoing_address 192.168.1.20 localnet
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
##########################
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny NO_cache
no_cache deny QUERY
acl normal_service_net src 192.168.1.46
acl good_service_net src 192.168.1.47
tcp_outgoing_tos 0x00 normal_service_net
tcp_outgoing_tos 0x08 good_service_net
http_access allow pc_negra sitios_inocentes
http_access allow pc_negra !sitios_prohibidos
http_access deny pc_negra
http_access allow pc_blanca
#http_access allow localnet
http_access deny all
icp_access allow pc_blanca
icp_access deny all
http_port 8080 transparent
cache_mem 128 MB
maximum_object_size_in_memory 64 KB
cache_replacement_policy heap LFUDA
cache_dir aufs /partition/cache 24000 16 256
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 20480 KB
cache_swap_low 90
cache_swap_high 95
max_stale 4 week
update_headers on
## Videos de Youtube ##
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
quick_abort_min -1 KB
acl youtube dstdomain .youtube.com
acl youtube dstdomain .googlevideo.com
acl youtube dstdomain .video.google.com
acl youtube dstdomain .llnwd.net
acl youtube dstdomain .dailymotion.com
acl youtube dstdomain .pornotube.com
cache allow youtube
## FLAGS para aumentar el uso del cache ###
#
refresh_pattern -i \.doubleclick\.net 1440 40% 20160
refresh_pattern -i \.benchmark\.kelkoo\.net: 1440 40% 20160
refresh_pattern -i \.googleadservices\.com 1440 40% 20160
refresh_pattern \.google\.pe\/search$ 30 40% 20160
refresh_pattern -i \.do? 3000 80% 432000 override-expire
refresh_pattern -i \.do$ 3000 80% 432000 override-expire
refresh_pattern -i \.do 3000 80% 432000
refresh_pattern -i \.jsp? 3000 80% 432000 override-expire
refresh_pattern -i \.jsp$ 3000 80% 432000 override-expire
refresh_pattern -i \.jsp 3000 80% 432000 override-expire
#
## Salvar actualizaciones de WINDOWS XP, NOD32, Gunbound y Rakion ##
refresh_pattern .windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern .download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern .au.download.windowsupdate.com/msdownload/update/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern .download.windowsupdate.com/msdownload/update/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern .au.download.windowsupdate.com/msdownload/update/software/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern .eset.com/.*\.(rar|nup|ver) 4320 100% 43200 reload-into-ims
refresh_pattern .gunbound.softnyx-latino.net/.*\.(exe|xfs|gme) 4320 100% 43200 reload-into-ims
#
# Java
refresh_pattern \.class$ 2880 60% 28800
#
# Imagenes
refresh_pattern \.gif$ 2880 80% 28800
refresh_pattern \.jpg$ 2880 80% 28800
refresh_pattern \.jpeg$ 2880 80% 28800
refresh_pattern \.png$ 2880 80% 28800
refresh_pattern \.bmp$ 2880 80% 28800
refresh_pattern \.tif$ 2880 80% 28800
refresh_pattern \.tiff$ 2880 80% 28800
refresh_pattern \.xbm$ 2880 80% 28800
#
# Animaciones
refresh_pattern \.mov$ 2880 80% 28800
refresh_pattern \.avi$ 2880 80% 28800
refresh_pattern \.mpg$ 2880 80% 28800
refresh_pattern \.swf$ 2880 80% 28800
refresh_pattern \.flv$ 2880 80% 28800
#
# Audio
refresh_pattern \.wav$ 2880 80% 28800
refresh_pattern \.au$ 2880 80% 28800
refresh_pattern \.mid$ 2880 80% 28800
refresh_pattern \.mp3$ 2880 80% 28800
#
# Archivos comprimidos
refresh_pattern \.zip$ 2880 50% 28800
refresh_pattern \.cab$ 2880 50% 28800
refresh_pattern \.gz$ 2880 50% 28800
refresh_pattern \.arj$ 2880 50% 28800
refresh_pattern \.lha$ 2880 50% 28800
refresh_pattern \.lzh$ 2880 50% 28800
refresh_pattern \.rar$ 2880 50% 28800
refresh_pattern \.tgz$ 2880 50% 28800
refresh_pattern \.tar$ 2880 50% 28800
refresh_pattern \.Z$ 2880 50% 28800
#
# Documentos
refresh_pattern \.pdf$ 2880 60% 28800
refresh_pattern \.rtf$ 2880 60% 28800
refresh_pattern \.doc$ 2880 60% 28800
refresh_pattern \.wp$ 2880 60% 28800
refresh_pattern \.wp5$ 2880 60% 28800
refresh_pattern \.ps$ 2880 60% 28800
refresh_pattern \.prn$ 2880 60% 28800
#
#Fin
refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml)$ 1440 80% 999999
refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png)$ 1440 80% 999999 ignore-reload
refresh_pattern -i ^http://.*\(ace|adt|arj|asf|avi|bin|bz2|bzip|cab|dat|dll|doc|dot|exe|fla|flv|gz|iso|lha|log|lzh|mdb|mid|mov|mp3|mpeg|mpg|msi|mso|ogg|pps|ppt|rar|rm|rtf|shs|src|sys|swf|tgz|tif|ttf|wav|wma|wri|wmv|vpu|vpaa|vqf|vob|zip)$ 43200 100% 999999 ignore-reload
#
access_log /partition/squidlog/access.log squid
cache_log /partition/squidlog/cache.log
cache_store_log /partition/squidlog/store.log
logfile_rotate 1
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#windows update
#refresh_pattern .windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#
cache_effective_user nobody
#dns_nameservers 10.0.0.1 192.172.0.4
error_directory /partition/squid/share/errors/Spanish
check_hostnames off
hosts_file /etc/hosts
memory_pools off
memory_pools_limit 5 MB
############################# DELAY POOLS #########################
### Zero Penalty Hits ###
server_persistent_connections off
zph_mode tos
zph_local 0x10
#
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_parameters 1 -1/-1 20480/1048576
delay_parameters 2 -1/-1 21504/2097152
acl lan src 192.168.1.0/24
acl extdown urlpath_regex -i \.(iso|cab|dll|exe|arj|rar|tar|zip|7z|lzh|lha|png|bmp|mp3|mpga|wav|ra|ram|rm|mov|movie|mpeg|mpg|mpe|wmv|avi|rpm|gz|bz2|deb|ogg|ppt|swf|flv|flash)$
delay_access 1 allow lan
delay_access 2 allow extdown
delay_access 2 deny all
#
#delay_pools 1 #1
#delay_class 1 2 #1 2
#delay_parameters 1 -1/-1 20000/20000
#acl descargas urlpath_regex -i /.(iso|cab|dll|exe|arj|rar|tar|zip|7z|lzh|lha|png|bmp|mp3|mpga|wav|ra|ram|rm|mov|movie|mpeg|mpg|mpe|wmv|avi|rpm|gz|bz2|deb|ogg|ppt|swf|flv|flash)$
#delay_access 1 allow descargas
# snmp_access allow snmppublic localhost
# snmp_access deny all
#
#Default:
# snmp_access deny all
# TAG: tcp_outgoing_tos
# Allows you to select a TOS/Diffserv value to mark outgoing
# connections with, based on the username or source address
# making the request.
#
# tcp_outgoing_tos ds-field [!]aclname ...
#
# Example where normal_service_net uses the TOS value 0x00
# and good_service_net uses 0x20
#
# acl normal_service_net src 10.0.0.0/255.255.255.0
# acl good_service_net src 10.0.1.0/255.255.255.0
# tcp_outgoing_tos 0x00 normal_service_net
# tcp_outgoing_tos 0x20 good_service_net
#
# TOS/DSCP values really only have local significance - so you should
# know what you're specifying. For more information, see RFC2474 and
# RFC3260.
#
# The TOS/DSCP byte must be exactly that - a octet value 0 - 255, or
# "default" to use whatever default your host has. Note that in
# practice often only values 0 - 63 is usable as the two highest bits
# have been redefined for use by ECN (RFC3168).
#
# Processing proceeds in the order specified, and stops at first fully
# matching line.
#
# Note: The use of this directive using client dependent ACLs is
# incompatible with the use of server side persistent connections. To
# ensure correct results it is best to set server_persisten_connections
# to off when using this directive in such configurations.
#
#Default:
# none
# TAG: tcp_outgoing_address
# Allows you to map requests to different outgoing IP addresses
# based on the username or source address of the user making
# the request.
#
# tcp_outgoing_address ipaddr [[!]aclname] ...
#
# Example where requests from 10.0.0.0/24 will be forwarded
# with source address 10.1.0.1, 10.0.2.0/24 forwarded with
# source address 10.1.0.2 and the rest will be forwarded with
# source address 10.1.0.3.
#
# acl normal_service_net src 10.0.0.0/24
# acl good_service_net src 10.0.1.0/24 10.0.2.0/24
# tcp_outgoing_address 10.1.0.1 normal_service_net
# tcp_outgoing_address 10.1.0.2 good_service_net
# tcp_outgoing_address 10.1.0.3
#
# Processing proceeds in the order specified, and stops at first fully
# matching line.
#
# Note: The use of this directive using client dependent ACLs is
# incompatible with the use of server side persistent connections. To
# ensure correct results it is best to set server_persistent_connections
# to off when using this directive in such configurations.
#
#Default:
# none
# TAG: zph_mode
# This option enables packet level marking of HIT/MISS responses,
# either using IP TOS or socket priority.
# off Feature disabled
# tos Set the IP TOS/Diffserv field
# priority Set the socket priority (may get mapped to TOS by OS,
# otherwise only usable in local rulesets)
# option Embed the mark in an IP option field. See also
# zph_option.
#
# See also tcp_outgoing_tos for details/requirements about TOS usage.
#
#Default:
#zph_mode on
# TAG: zph_local
# Allows you to select a TOS/Diffserv/Priority value to mark local hits.
# Default: 0 (disabled).
#
#Default:
# zph_local 0
# TAG: zph_sibling
# Allows you to select a TOS/Diffserv/Priority value to mark sibling hits.
# Default: 0 (disabled).
#
#Default:
# zph_sibling 0
# TAG: zph_parent
# Allows you to select a TOS/Diffserv/Priority value to mark parent hits.
# Default: 0 (disabled).
#
#Default:
# zph_parent 0
# TAG: zph_option
# The IP option to use when zph_mode is set to "option". Defaults to
# 136 which is officially registered as "SATNET Stream ID".
#
#Default:
# zph_option 136
# TAG: emulate_httpd_log on|off
# The Cache can emulate the log file format which many 'httpd'
# programs use. To disable/enable this emulation, set
# emulate_httpd_log to 'off' or 'on'. The default
# is to use the native log format since it includes useful
# information Squid-specific log analyzers use.
#
#Default:
# emulate_httpd_log off
# TAG: log_ip_on_direct on|off
# Log the destination IP address in the hierarchy log tag when going
# direct. Earlier Squid versions logged the hostname here. If you
# prefer the old way set this to off.
#
#Default:
# log_ip_on_direct on
# TAG: mail_program
# Email program used to send mail if the cache dies.
# The default is "mail". The specified program must comply
# with the standard Unix mail syntax:
# mail-program recipient < mailfile
#
# Optional command line options can be specified.
#
#Default:
# mail_program mail
el class.conf del QOS lo tengo asi
- Código: Selecionar todos
#
enqueue_class_wan WAN_0 300 2000 2000 1800 2000 #define velocidades a una clase
enqueue_wan_id WAN_0 300
#definimos backbones
enqueue_parent 4 40000 40000 #lan
#enqueue_parent 2 3500 3500 #cerquita
#enqueue_parent 3 1800 1800 #no tan cerquita
enqueue_simple_class 4 48 75 256 400 1300 parent_match_yes 1000 5000 1000 5000 variable_qos_yes
enqueue_simple_id 4 48 192.168.0.4 bind_yes squid_yes zph_yes 0x10 mac_no
enqueue_simple_class 4 49 75 256 400 1300 parent_match_yes 1000 5000 1000 5000 variable_qos_yes
enqueue_simple_id 4 49 192.168.0.5 bind_yes squid_yes zph_yes 0x10 mac_no
enqueue_simple_class 4 49 75 256 256 700 parent_match_yes 1000 5000 1000 5000 variable_qos_yes
enqueue_simple_id 4 49 192.168.0.6 bind_yes squid_yes zph_yes 0x10 mac_no
enqueue_simple_class 4 50 75 256 256 700 parent_match_yes 1000 500 1000 5000 variable_qos_yes
enqueue_simple_id 4 50 192.168.0.7 bind_yes squid_yes zph_yes 0x10 mac_no
#
dummytransp_ip 192.168.0.0/24
#
y pues es como si el SQUID no me cacheara ningun archivo ya que la particion del cache siempre esta en 0%
- Código: Selecionar todos
Mostrando valores generales del disco
Filesystem Size Used Available Use% Mounted on
rootfs 246.7M 14.1M 232.6M 6% /
/dev/hda2 1.8G 71.4M 1.7G 4% /hdb
/dev/hda5 3.7G 33.5M 3.4G 1% /hdb/syslog
/dev/hda3 23.8G 36.2M 23.8G 0% /hdb/cache
/dev/hda6 3.7G 32.3M 3.4G 1% /hdb/squidlog
/dev/hda3 23.8G 36.2M 23.8G 0% /hdb/ftp
/dev/hda5 3.7G 33.5M 3.4G 1% /hdb/sarg
Analisis terminado.
igual en los reportes del sarg lo unico que me sale es esto
y bueno esto no se si esta bien o no, pero cuando trato de acceder a 192.168.0.1:8080 me encuentro con esto
por favor espero me puedan ayudar, el QOS si me anda bien.
pero el problema es con el SQUID . GRACIAS