Oi pessoal,
Estou passando por um problema aqui na rede com 10 PCs. A internet fica muito lento nos PCs que as vezes nem navega. Quando do um ping do PC cliente para fora tem vários pacotes perdidos e as vezes nem pinga. Segue abaixo todas as configurações. Quando pingo para 192.168.1.50 pinga que é uma beleza.
Squid3http_port 3128 transparent
visible_hostname srv-le
################# Configurações de memória e disco ##################
# Memoria cache
cache_mem 1024 MB
memory_pools on
memory_pools_limit 512 MB
maximum_object_size_in_memory 1024 KB
maximum_object_size 500 MB
minimum_object_size 0 KB
cache_swap_low 85
cache_swap_high 90
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid3 4096 64 256
########################### Diretórios de log #########################
cache_access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_store_log /var/log/squid3/store.log
######################## Configurações diversas ######################
error_directory /usr/share/squid3/errors/pt-br
## ACLS
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 389 # phpldapadmin
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop3
acl CONNECT method CONNECT
########################## DECLARANDO AS ACLs #############################
# Liberar Update Microsoft
acl microsoft url_regex "/etc/squid3/ms-update"
# Bloqueio de sites
acl bloqueado url_regex "/etc/squid3/bloqueado"
# Bloqueio de extensões
acl download url_regex -i "/etc/squid3/download"
# Bloqueio do MSN
acl msn dst 207.46.110.0/24 207.46.104.0/24 64.4.13.0/24
acl bloqmessenger url_regex
www.e-messenger.net webmessenger.msn.com
############################ ATIVANDO AS ACLs ##############################
http_access allow microsoft
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny bloqueado
http_access deny download
http_access deny msn
http_access deny bloqmessenger
# Configuração CGI e refresh pattern
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
dhcpd.confauthoritative;
default-lease-time 600;
max-lease-time 7200;
option routers 192.168.1.50;
option domain-name-servers 8.8.8.8, 8.8.4.4;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.120;
}
Interfacesauto lo
iface lo inet loopback
### Interface eth0 conectada ao modem
auto eth0
iface eth0 inet dhcp
### Interface eth1 conectada ao roteador/switch
auto eth1
iface eth1 inet static
address 192.168.1.50
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
/etc/rc.localmodprobe iptable_nat
modprobe ipt_string
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -m string --algo bm --string "facebook.com" -j DROP
iptables -I FORWARD -m string --algo bm --string "twitter.com" -j DROP