Buenas saludos a todos; tengo poco tiempo probando el raptorcache, pero en mi caso requiero colocarlo como gateway de la red con dos interfaces de ret
ejem: eth0 para dar acceso a internet WAN y eth1 para la LAN ...
entiendo que tengo que instalar un servidor dhcp para trabajar con la LAN
y redirigir mediante iptables desde eth1 al puerto 3128 y emascarar la salida de eth0, pero no se noda o muy poco de estas herramientas :-X
he estado buscando en la web y en este mismo foro y he probado algunas configuraciones pero nada solo e logrado salir a internet si configuro el proxy en el navegador y no se realmente no he tratado de averiguar si esta cacheando por que no es lo que quiero tiene que ser transparente ....espero puedan ayudarme ::)..
/etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.10.2
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
gateway 192.168.10.1
dns-nameservers 8.8.8.8
dns-nameservers 8.8.4.4
auto eth1
iface eth1 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
/etc/dhcp/dhcpd.conf
subnet 10.0.0.0 netmask 255.255.255.0 {
interface eth1;
range 10.0.0.2 10.0.0.254;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "sdcache.os,com"; #(hostname)
option routers 192.168.10.1;
option broadcast-address 10.0.0.255;
default-lease-time 600;
max-lease-time 7200;
}
en /etc/default
INTERFACES="eth1"
el iptables esta así:
#!/bin/sh
### BEGIN INIT INFO
# Provides: iprules
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon.
### END INIT INFO
#
FWVER=0.76
#
echo "\n\nLoading simple iptables version $FWVER..\n"
#
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
#
ADP1="eth0"
ADP2="eth1"
IP1="192.168.10.0/24"
IP2="10.0.0.0/24"
echo "External Interface: $ADP1"
echo "Internal Interface: $ADP2"
echo "Internal IP: $IP1"
echo "External IP: $IP2"
#
case "$1" in
'start')
#Borrar cadenas anteriores
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
#Condiciones por defecto
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
#Aceptamos el localhost
iptables -A INPUT -i lo -j ACCEPT
#Aceptamos la red local
iptables -A INPUT -s $IP2 -i $ADP1 -j ACCEPT
#Empezamos a realizar el Puente desde lan
iptables -t nat -A POSTROUTING -o $ADP1 -j MASQUERADE
#Redireccionar al puerto 3128 y Enmascarar la salida a internet
iptables -t nat -A PREROUTING -s $IP2 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s $IP2 -o $ADP1 -j MASQUERADE
#Direccionamos el Puente a eth1
iptables -A INPUT -s $IP2 -i $ADP1 -j ACCEPT
#Habilitar ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " OK . Verifique que lo que se aplica con: iptables -L -n"
$IPTABLES -L -n
;;
'stop')
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
;;
'restart')
$0 stop
$0 start
;;
*)
echo "Usage: iprules [ start | stop | restart ]"
exit 1
esac
exit 0
/etc/squid3/squid.conf
#========================== Squid 3.x Conf ===========================#
#
# Opciones de SQUID 3.x
#----------------------------------------------------------------------
http_port 3128 intercept
visible_hostname sdcache.os.com
icp_port 0
#----------------------------------------------------------------------
error_directory /usr/share/squid3/errors/es-ve
#----------------------------------------------------------------------
acl denegados url_regex -i "/etc/squid3/denegados.lst"
#----------------------------------------------------------------------
# Servidor DNS y Politica de Cambios
#----------------------------------------------------------------------
dns_nameservers 8.8.8.8 8.8.4.4
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
#----------------------------------------------------------------------
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl CONNECT method CONNECT
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl SSL_ports port 443
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1863 # MSN
#acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
http_access allow manager localhost
http_access deny manager all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny denegados
#----------------------------------------------------------------------
coredump_dir /var/spool/squid3
#----------------------------------------------------------------------
# Memoria reservada para cache
# Se recomienda que dedique aprox. 5MB de RAM por cada 1GB asignado a cache_dir
#----------------------------------------------------------------------
cache_mem 512 MB
#----------------------------------------------------------------------
# Maximo tamaño de archivo en cache de memoria
#----------------------------------------------------------------------
maximum_object_size_in_memory 128 KB
#----------------------------------------------------------------------
# Maximo y minimo tamaño de archivos cache en el Disco duro
#----------------------------------------------------------------------
maximum_object_size 30 MB
minimum_object_size 4 KB
#----------------------------------------------------------------------
# Sustituir archivos de cache cuando llegue a 96%
#----------------------------------------------------------------------
cache_swap_low 92
cache_swap_high 96
#----------------------------------------------------------------------
# Total de espacio en HD a ser usado por el cache, numero de carpetas,
# numero de subcarpetas en cache
# 100000 = 100 GB
#----------------------------------------------------------------------
cache_dir aufs /var/spool/squid3/cache1 100000 16 256
#----------------------------------------------------------------------
# Estandar de actualización de cache
# 1 mes = 10080 mins, 1 dia = 1440 mins
#----------------------------------------------------------------------
refresh_pattern -i \.jpg$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.gif$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.png$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.jpeg$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.bmp$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.tif$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.tiff$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.swf$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.html$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.htm$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.shtml$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.shtm$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.nub$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.exe$ 14400 80% 43200
refresh_pattern -i \.zip$ 14400 80% 43200
refresh_pattern -i \.mov$ 14400 80% 43200
refresh_pattern -i \.mpe?g?$ 14400 80% 43200
refresh_pattern -i \.avi$ 14400 80% 43200
refresh_pattern -i \.qtm?$ 14400 80% 43200
refresh_pattern -i \.viv$ 14400 80% 43200
refresh_pattern -i \.wav$ 14400 80% 43200
refresh_pattern -i \.aiff?$ 14400 80% 43200
refresh_pattern -i \.au$ 14400 80% 43200
refresh_pattern -i \.ram?$ 14400 80% 43200
refresh_pattern -i \.snd$ 14400 80% 43200
refresh_pattern -i \.mid$ 14400 80% 43200
refresh_pattern -i \.mp2$ 14400 80% 43200
refresh_pattern -i \.mp3$ 14400 80% 43200
refresh_pattern -i \.sit$ 14400 80% 43200
refresh_pattern -i \.zip$ 14400 80% 43200
refresh_pattern -i \.hqx$ 14400 80% 43200
refresh_pattern -i \.arj$ 14400 80% 43200
refresh_pattern -i \.lzh$ 14400 80% 43200
refresh_pattern -i \.lha$ 14400 80% 43200
refresh_pattern -i \.cab$ 14400 80% 43200
refresh_pattern -i \.rar$ 14400 80% 43200
refresh_pattern -i \.tar$ 14400 80% 43200
refresh_pattern -i \.gz$ 14400 80% 43200
refresh_pattern -i \.z$ 14400 80% 43200
refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.txt$ 14400 80% 43200
refresh_pattern -i \.pdf$ 14400 80% 43200
refresh_pattern -i \.doc$ 14400 80% 43200
refresh_pattern -i \.odt$ 14400 80% 43200
refresh_pattern -i \.ods$ 14400 80% 43200
refresh_pattern -i \.odp$ 14400 80% 43200
refresh_pattern -i \.rtf$ 14400 80% 43200
refresh_pattern -i \.tex$ 14400 80% 43200
refresh_pattern -i \.latex$ 14400 80% 43200
refresh_pattern -i \.class$ 14400 80% 43200
refresh_pattern -i \.js$ 14400 80% 43200
refresh_pattern -i \.ico$ 14400 80% 43200
refresh_pattern -i \.css$ 10 20% 4320
#----------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
#----------------------------------------------------------------------
# Log de acessos por el cache o para SARG
#----------------------------------------------------------------------
logfile_rotate 7
access_log /var/log/squid3/access.log
access_log /var/log/squid3/error.log
cache_store_log none
#----------------------------------------------------------------------
# Otras configuraciones
#----------------------------------------------------------------------
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
log_fqdn off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
max_filedescriptors 65536
cache_effective_user proxy
cache_effective_group proxy
#----------------------------------------------------------------------
# Manteniendo objetos recientes y pequeños en memoria
#----------------------------------------------------------------------
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
#----------------------------------------------------------------------
# Sitios que se les niega el cache
#----------------------------------------------------------------------
acl nocache dstdomain .4shared.com .youtube.com .windowsupdate.com .gl$
no_cache deny nocache
#----------------------------------------------------------------------
# Negar cache para archivos con extension .asx e .asf |streaming|
#----------------------------------------------------------------------
acl asx url_regex -i \.asx$
cache deny asx
acl asf url_regex -i \.asf$
cache deny asf
#----------------------------------------------------------------------
acl raptor_lst url_regex -i "/etc/raptor/raptor.lst"
cache deny raptor_lst
cache_peer 192.168.10.2 parent 8080 0 proxy-only no-digest
dead_peer_timeout 2 seconds
cache_peer_access 192.168.10.2 allow raptor_lst
cache_peer_access 192.168.10.2 deny all
#----------------------------------------------------------------------
# Qos_Flows
# -----------------------------------------------------------------------------
qos_flows local-hit=0x30
qos_flows parent-hit=0x32
qos_flows disable-preserve-miss
#----------------------------------------------------------------------
*******************
la salida del iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 10.0.0.0/24 0.0.0.0/0
ACCEPT all -- 10.0.0.0/24 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
****************
la salida de route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default . 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
****************
la salida de domain santefedigital.net
search santefedigital.net
nameserver 192.168.10.1
ejem: eth0 para dar acceso a internet WAN y eth1 para la LAN ...
entiendo que tengo que instalar un servidor dhcp para trabajar con la LAN
y redirigir mediante iptables desde eth1 al puerto 3128 y emascarar la salida de eth0, pero no se noda o muy poco de estas herramientas :-X
he estado buscando en la web y en este mismo foro y he probado algunas configuraciones pero nada solo e logrado salir a internet si configuro el proxy en el navegador y no se realmente no he tratado de averiguar si esta cacheando por que no es lo que quiero tiene que ser transparente ....espero puedan ayudarme ::)..
/etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.10.2
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
gateway 192.168.10.1
dns-nameservers 8.8.8.8
dns-nameservers 8.8.4.4
auto eth1
iface eth1 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
/etc/dhcp/dhcpd.conf
subnet 10.0.0.0 netmask 255.255.255.0 {
interface eth1;
range 10.0.0.2 10.0.0.254;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "sdcache.os,com"; #(hostname)
option routers 192.168.10.1;
option broadcast-address 10.0.0.255;
default-lease-time 600;
max-lease-time 7200;
}
en /etc/default
INTERFACES="eth1"
el iptables esta así:
#!/bin/sh
### BEGIN INIT INFO
# Provides: iprules
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon.
### END INIT INFO
#
FWVER=0.76
#
echo "\n\nLoading simple iptables version $FWVER..\n"
#
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
#
ADP1="eth0"
ADP2="eth1"
IP1="192.168.10.0/24"
IP2="10.0.0.0/24"
echo "External Interface: $ADP1"
echo "Internal Interface: $ADP2"
echo "Internal IP: $IP1"
echo "External IP: $IP2"
#
case "$1" in
'start')
#Borrar cadenas anteriores
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
#Condiciones por defecto
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
#Aceptamos el localhost
iptables -A INPUT -i lo -j ACCEPT
#Aceptamos la red local
iptables -A INPUT -s $IP2 -i $ADP1 -j ACCEPT
#Empezamos a realizar el Puente desde lan
iptables -t nat -A POSTROUTING -o $ADP1 -j MASQUERADE
#Redireccionar al puerto 3128 y Enmascarar la salida a internet
iptables -t nat -A PREROUTING -s $IP2 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s $IP2 -o $ADP1 -j MASQUERADE
#Direccionamos el Puente a eth1
iptables -A INPUT -s $IP2 -i $ADP1 -j ACCEPT
#Habilitar ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " OK . Verifique que lo que se aplica con: iptables -L -n"
$IPTABLES -L -n
;;
'stop')
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
;;
'restart')
$0 stop
$0 start
;;
*)
echo "Usage: iprules [ start | stop | restart ]"
exit 1
esac
exit 0
/etc/squid3/squid.conf
#========================== Squid 3.x Conf ===========================#
#
# Opciones de SQUID 3.x
#----------------------------------------------------------------------
http_port 3128 intercept
visible_hostname sdcache.os.com
icp_port 0
#----------------------------------------------------------------------
error_directory /usr/share/squid3/errors/es-ve
#----------------------------------------------------------------------
acl denegados url_regex -i "/etc/squid3/denegados.lst"
#----------------------------------------------------------------------
# Servidor DNS y Politica de Cambios
#----------------------------------------------------------------------
dns_nameservers 8.8.8.8 8.8.4.4
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
#----------------------------------------------------------------------
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl CONNECT method CONNECT
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl SSL_ports port 443
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1863 # MSN
#acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
http_access allow manager localhost
http_access deny manager all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny denegados
#----------------------------------------------------------------------
coredump_dir /var/spool/squid3
#----------------------------------------------------------------------
# Memoria reservada para cache
# Se recomienda que dedique aprox. 5MB de RAM por cada 1GB asignado a cache_dir
#----------------------------------------------------------------------
cache_mem 512 MB
#----------------------------------------------------------------------
# Maximo tamaño de archivo en cache de memoria
#----------------------------------------------------------------------
maximum_object_size_in_memory 128 KB
#----------------------------------------------------------------------
# Maximo y minimo tamaño de archivos cache en el Disco duro
#----------------------------------------------------------------------
maximum_object_size 30 MB
minimum_object_size 4 KB
#----------------------------------------------------------------------
# Sustituir archivos de cache cuando llegue a 96%
#----------------------------------------------------------------------
cache_swap_low 92
cache_swap_high 96
#----------------------------------------------------------------------
# Total de espacio en HD a ser usado por el cache, numero de carpetas,
# numero de subcarpetas en cache
# 100000 = 100 GB
#----------------------------------------------------------------------
cache_dir aufs /var/spool/squid3/cache1 100000 16 256
#----------------------------------------------------------------------
# Estandar de actualización de cache
# 1 mes = 10080 mins, 1 dia = 1440 mins
#----------------------------------------------------------------------
refresh_pattern -i \.jpg$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.gif$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.png$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.jpeg$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.bmp$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.tif$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.tiff$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.swf$ 14400 80% 43200 reload-into-ims
refresh_pattern -i \.html$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.htm$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.shtml$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.shtm$ 10 20% 4320 reload-into-ims
refresh_pattern -i \.nub$ 2880 80% 21600 reload-into-ims
refresh_pattern -i \.exe$ 14400 80% 43200
refresh_pattern -i \.zip$ 14400 80% 43200
refresh_pattern -i \.mov$ 14400 80% 43200
refresh_pattern -i \.mpe?g?$ 14400 80% 43200
refresh_pattern -i \.avi$ 14400 80% 43200
refresh_pattern -i \.qtm?$ 14400 80% 43200
refresh_pattern -i \.viv$ 14400 80% 43200
refresh_pattern -i \.wav$ 14400 80% 43200
refresh_pattern -i \.aiff?$ 14400 80% 43200
refresh_pattern -i \.au$ 14400 80% 43200
refresh_pattern -i \.ram?$ 14400 80% 43200
refresh_pattern -i \.snd$ 14400 80% 43200
refresh_pattern -i \.mid$ 14400 80% 43200
refresh_pattern -i \.mp2$ 14400 80% 43200
refresh_pattern -i \.mp3$ 14400 80% 43200
refresh_pattern -i \.sit$ 14400 80% 43200
refresh_pattern -i \.zip$ 14400 80% 43200
refresh_pattern -i \.hqx$ 14400 80% 43200
refresh_pattern -i \.arj$ 14400 80% 43200
refresh_pattern -i \.lzh$ 14400 80% 43200
refresh_pattern -i \.lha$ 14400 80% 43200
refresh_pattern -i \.cab$ 14400 80% 43200
refresh_pattern -i \.rar$ 14400 80% 43200
refresh_pattern -i \.tar$ 14400 80% 43200
refresh_pattern -i \.gz$ 14400 80% 43200
refresh_pattern -i \.z$ 14400 80% 43200
refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.txt$ 14400 80% 43200
refresh_pattern -i \.pdf$ 14400 80% 43200
refresh_pattern -i \.doc$ 14400 80% 43200
refresh_pattern -i \.odt$ 14400 80% 43200
refresh_pattern -i \.ods$ 14400 80% 43200
refresh_pattern -i \.odp$ 14400 80% 43200
refresh_pattern -i \.rtf$ 14400 80% 43200
refresh_pattern -i \.tex$ 14400 80% 43200
refresh_pattern -i \.latex$ 14400 80% 43200
refresh_pattern -i \.class$ 14400 80% 43200
refresh_pattern -i \.js$ 14400 80% 43200
refresh_pattern -i \.ico$ 14400 80% 43200
refresh_pattern -i \.css$ 10 20% 4320
#----------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
#----------------------------------------------------------------------
# Log de acessos por el cache o para SARG
#----------------------------------------------------------------------
logfile_rotate 7
access_log /var/log/squid3/access.log
access_log /var/log/squid3/error.log
cache_store_log none
#----------------------------------------------------------------------
# Otras configuraciones
#----------------------------------------------------------------------
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
log_fqdn off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
max_filedescriptors 65536
cache_effective_user proxy
cache_effective_group proxy
#----------------------------------------------------------------------
# Manteniendo objetos recientes y pequeños en memoria
#----------------------------------------------------------------------
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
#----------------------------------------------------------------------
# Sitios que se les niega el cache
#----------------------------------------------------------------------
acl nocache dstdomain .4shared.com .youtube.com .windowsupdate.com .gl$
no_cache deny nocache
#----------------------------------------------------------------------
# Negar cache para archivos con extension .asx e .asf |streaming|
#----------------------------------------------------------------------
acl asx url_regex -i \.asx$
cache deny asx
acl asf url_regex -i \.asf$
cache deny asf
#----------------------------------------------------------------------
acl raptor_lst url_regex -i "/etc/raptor/raptor.lst"
cache deny raptor_lst
cache_peer 192.168.10.2 parent 8080 0 proxy-only no-digest
dead_peer_timeout 2 seconds
cache_peer_access 192.168.10.2 allow raptor_lst
cache_peer_access 192.168.10.2 deny all
#----------------------------------------------------------------------
# Qos_Flows
# -----------------------------------------------------------------------------
qos_flows local-hit=0x30
qos_flows parent-hit=0x32
qos_flows disable-preserve-miss
#----------------------------------------------------------------------
*******************
la salida del iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 10.0.0.0/24 0.0.0.0/0
ACCEPT all -- 10.0.0.0/24 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
****************
la salida de route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default . 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.10.0 * 255.255.255.0 U 0 0 0 eth0
****************
la salida de domain santefedigital.net
search santefedigital.net
nameserver 192.168.10.1