Problema no Squid3 internet lenta ou não navega

ewise · 14 de Agosto de 2014, 19:40

Oi pessoal,

Estou passando por um problema aqui na rede com 10 PCs. A internet fica muito lento nos PCs que as vezes nem navega. Quando do um ping do PC cliente para fora tem vários pacotes perdidos e as vezes nem pinga. Segue abaixo todas as configurações. Quando pingo para 192.168.1.50 pinga que é uma beleza.

Squid3

http_port 3128 transparent
visible_hostname srv-le

################# Configurações de memória e disco ##################

# Memoria cache
cache_mem 1024 MB

memory_pools on
memory_pools_limit 512 MB

maximum_object_size_in_memory 1024 KB

maximum_object_size 500 MB
minimum_object_size 0 KB

cache_swap_low 85
cache_swap_high 90

cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF

cache_dir aufs /var/spool/squid3 4096 64 256

########################### Diretórios de log #########################

cache_access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_store_log /var/log/squid3/store.log

######################## Configurações diversas ######################

error_directory /usr/share/squid3/errors/pt-br

## ACLS
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 389 # phpldapadmin
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop3
acl CONNECT method CONNECT

########################## DECLARANDO AS ACLs #############################

# Liberar Update Microsoft
acl microsoft url_regex "/etc/squid3/ms-update"

# Bloqueio de sites
acl bloqueado url_regex "/etc/squid3/bloqueado"

# Bloqueio de extensões
acl download url_regex -i "/etc/squid3/download"

# Bloqueio do MSN
acl msn dst 207.46.110.0/24 207.46.104.0/24 64.4.13.0/24
acl bloqmessenger url_regex www.e-messenger.net webmessenger.msn.com

############################ ATIVANDO AS ACLs ##############################

http_access allow microsoft
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny bloqueado
http_access deny download
http_access deny msn
http_access deny bloqmessenger

# Configuração CGI e refresh pattern
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440

dhcpd.conf

authoritative;
default-lease-time 600;
max-lease-time 7200;

option routers 192.168.1.50;
option domain-name-servers 8.8.8.8, 8.8.4.4;

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.120;
}

Interfaces

auto lo
iface lo inet loopback

### Interface eth0 conectada ao modem
auto eth0
iface eth0 inet dhcp

### Interface eth1 conectada ao roteador/switch
auto eth1
iface eth1 inet static
address 192.168.1.50
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255

/etc/rc.local

modprobe iptable_nat
modprobe ipt_string
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -I FORWARD -m string --algo bm --string "facebook.com" -j DROP
iptables -I FORWARD -m string --algo bm --string "twitter.com" -j DROP

zekkerj · 18 de Agosto de 2014, 13:49

Olá ewise,

Ping não passa pelo Squid. Provavelmente vc tem algum outro problema... já verificou se não tem algum cliente comendo sua banda com torrents, downloads grandes, etc?

ewise · 22 de Agosto de 2014, 19:18

Coloquei o DNS fixo no modem e voltou a funcionar. Obrigado zekkerj!