Ada apa dg lusca saya?
-
om-om semua, mau tanya dong.
saya sudah set lusca, squidGuard dan lightsquid di pfSense 2.0-RC3. seting transparent proxy di squid dan limitasi waktu dan url di squidguard. user akses ke internet fine-fine saja. tapi trafik WAN saya kemakan banyak padahal trafik LAN-nya gak sebesar WAN. detailnya bisa lihat di attachment.
ada apa dg lusca saya? ??? ??? ???bw-01.png adalah IIX.
bw-02.png adalah International.
-
UPDATE:
menggunakan RRDgraph built-in pfSense.
trafik incoming ke WAN interface jauh lebih besar dibanding outgoing from LAN interface.squid.conf:
# Do not edit manually ! http_port 172.16.1.254:3128 transparent http_port 127.0.0.1:80 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/English icon_directory /usr/local/etc/squid/icons visible_hostname firewall2.xxx.co.id cache_mgr admin@xxx.co.id access_log /var/squid/log/access.log cache_log /var/squid/log/cache.log cache_store_log none logfile_rotate 15 shutdown_lifetime 0 seconds # Allow local network(s) on interface(s) acl localnet src 172.16.0.0/255.255.0.0 forwarded_for transparent httpd_suppress_version_string on uri_whitespace strip dns_nameservers 202.159.32.2 202.159.33.2 202.158.3.7 202.169.33.220 cache_mem 128 MB maximum_object_size_in_memory 4 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /var/squid/cache 50000 16 256 minimum_object_size 2 KB maximum_object_size 128 MB offline_mode off cache_swap_low 90 cache_swap_high 95 acl donotcache dstdomain '/var/squid/acl/donotcache.acl' cache deny donotcache # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 1025-65535 acl sslports port 443 563 8080 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl partialcontent_req req_header Range .* #acl dynamic urlpath_regex cgi-bin ? include /usr/local/etc/squid/include.conf #cache deny dynamic http_access allow manager localhost # Allow external cache managers acl ext_manager_1 src 192.168.1.1 http_access allow manager ext_manager_1 http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost quick_abort_min 32 KB quick_abort_max 128 KB quick_abort_pct 75 range_offset_limit 0 MB request_body_max_size 0 allow all reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 # Throttle extensions matched in the url acl throttle_exts urlpath_regex -i '/var/squid/acl/throttle_exts.acl' delay_access 1 allow throttle_exts delay_access 1 deny all # Custom options refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims refresh_pattern ([^.]+.|)avg.com/.*.(bin) 4320 100% 43200 reload-into-ims refresh_pattern ([^.]+.|)symantecliveupdate.com/.*.(zip|exe|jdb|xdb) 43200 100% 43200 reload-into-ims refresh_pattern ([^.]+.|)avast.com/.*.(vpu|vpaa|vpx) 4320 100% 43200 reload-into-ims refresh_pattern ([^.]+.|)avira.de/.*.(vdf|ivdf|zip) 4320 100% 43200 reload-into-ims refresh_pattern ([^.]+.|)adobe.com/.*.(exe|msi) 4320 100% 43200 reload-into-ims range_offset_limit -1 redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf redirector_bypass on redirect_children 3 # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny all
squidguard.conf:
# ============================================================ # SquidGuard configuration file # This file generated automaticly with SquidGuard configurator # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ logdir /var/squidGuard/log dbhome /var/db/squidGuard # time OFFICE_HOUR { weekly mon 08:15-11:45 weekly mon 13:15-17:15 weekly tue 08:15-11:45 weekly tue 13:15-17:15 weekly wed 08:15-11:45 weekly wed 13:15-17:15 weekly thu 08:15-11:45 weekly thu 13:15-17:15 weekly fri 08:15-11:30 weekly fri 13:15-17:15 weekly sat 08:15-11:15 } # src LOCALHOST { ip 127.0.0.1 ip 172.16.1.254 } # src SERVER_GGW { ip 172.16.1.30-172.16.1.39 ip 172.16.1.40-172.16.1.49 } # src INT_OFFICE_TIME { ip 172.16.1.101-172.16.1.220 ip 172.16.4.101-172.16.4.240 ip 172.16.8.0/24 } # src INT_FB_TW { ip 172.16.0.0/16 } # dest FB_TW_GAMES { domainlist FB_TW_GAMES/domains urllist FB_TW_GAMES/urls log block.log } # dest XXX_WHITELIST { domainlist XXX_WHITELIST/domains expressionlist XXX_WHITELIST/expressions urllist XXX_WHITELIST/urls log block.log } # dest GGW_WHITELIST { domainlist GGW_WHITELIST/domains expressionlist GGW_WHITELIST/expressions urllist GGW_WHITELIST/urls log block.log } # dest XXX_BLACKLIST { domainlist XXX_BLACKLIST/domains } # rew safesearch { s@(google..*/search?.*q=.*)@&safe=active@i s@(google..*/images.*q=.*)@&safe=active@i s@(google..*/groups.*q=.*)@&safe=active@i s@(google..*/news.*q=.*)@&safe=active@i s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i s@(search.live..*/.*q=.*)@&adlt=strict@i s@(search.msn..*/.*q=.*)@&adlt=strict@i s@(.bing..*/.*q=.*)@&adlt=strict@i log block.log } # acl { # LOCALHOST { pass all } # SERVER_GGW { pass GGW_WHITELIST !FB_TW_GAMES !XXX_WHITELIST !XXX_BLACKLIST none redirect http://172.16.1.254:8080/sgerror.php?url=403%20Anda%20hanya%20diperbolehkan%20mengakses%20website%20tertentu%20yang%20sudah%20diset%20oleh%20Administrator%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u } # INT_OFFICE_TIME within OFFICE_HOUR { pass XXX_WHITELIST none redirect http://172.16.1.254:8080/sgerror.php?url=403%20Anda%20hanya%20diperbolehkan%20mengakses%20website%20tertentu%20yang%20sudah%20diset%20oleh%20Administrator%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u rewrite safesearch } else { pass all redirect http://172.16.1.254:8080/sgerror.php?url=403%20Anda%20hanya%20diperbolehkan%20mengakses%20website%20tertentu%20yang%20sudah%20diset%20oleh%20Administrator%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u rewrite safesearch } # INT_FB_TW within OFFICE_HOUR { pass !FB_TW_GAMES !XXX_BLACKLIST all redirect http://172.16.1.254:8080/sgerror.php?url=403%20Dilarang%20mengakses%20facebook%2C%20twitter%2C%20video%20streaming%20dan%20games%20online%20pada%20saat%20jam%20kerja%20%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u } else { pass !XXX_BLACKLIST all redirect http://172.16.1.254:8080/sgerror.php?url=403%20Dilarang%20mengakses%20facebook%2C%20twitter%2C%20video%20streaming%20dan%20games%20online%20pada%20saat%20jam%20kerja%20%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u } # default { pass none redirect http://172.16.1.254:8080/sgerror.php?url=403%20Mohon%20maaf%2C%20koneksi%20internet%20sedang%20dalam%20perbaikan.&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } }
-
coba dibeber dimari squid.conf nya
om terawang itu berasal dari sana …nilai byte bit menjadi negatif itu pasti ada sebabnya
kalau tidak salah ada catatan web yg menjelaskan itu
di forum ini pernah ada linknya ...request diselesaikan sampai tuntas padahal request tsb sudah di abort atau cancel
duh ... susah banget nulis maksud yg dikepala
kira2 begitu lah ;D -
kalau ndak salah nilai min itu maksudnya adalah http request dari client diselesaikan oleh si squid, padahal si client sudah cancel httpd request.
apakah hal ini disebabkan oleh squidguard? soalnya ada limitasi waktu browsing utk user biasa.
kalau dilihat tren-nya, memang lebih banyak squid http request mulai jam 8 sampai jam 5 sore dibanding client http request.
ada saran? soalnya bikin b/w jadi habis padahal niat awalnya mau dihemat oleh si lusca.coba dibeber dimari squid.conf nya
om terawang itu berasal dari sana …nilai byte bit menjadi negatif itu pasti ada sebabnya
kalau tidak salah ada catatan web yg menjelaskan itu
di forum ini pernah ada linknya ...request diselesaikan sampai tuntas padahal request tsb sudah di abort atau cancel
duh ... susah banget nulis maksud yg dikepala
kira2 begitu lah ;D -
tadi squid.conf dituning di bagian quick_abort:
quick_abort_min 8 KB quick_abort_max 16 KB quick_abort_pct 95 range_offset_limit 0 MB request_body_max_size 0 allow all reply_body_max_size 0 deny all
dan setelah dicek dengan seksama, ada satu PC yg donlot windows update.
1310456149.769 13304 172.16.4.244 TCP_MISS/206 500 GET http://au.download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976933-x64-neutral_8a7fcdd8a721b2549af52ee4662418ad54928856.psf - DIRECT/65.54.82.138 application/octet-stream 1310456159.490 9715 172.16.4.244 TCP_MISS/206 1139 GET http://au.download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976933-x64-neutral_8a7fcdd8a721b2549af52ee4662418ad54928856.psf - DIRECT/65.54.82.143 application/octet-stream 1310456170.478 10982 172.16.4.244 TCP_MISS/206 443 GET http://au.download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976933-x64-neutral_8a7fcdd8a721b2549af52ee4662418ad54928856.psf - DIRECT/65.54.82.138 application/octet-stream 1310456470.506 299559 172.16.4.244 TCP_MISS/206 447 GET http://au.download.windowsupdate.com/msdownload/update/software/ftpk/2010/10/wlsetup-all_ce5287396485f886a3051ac552cbdb2f08681033.exe - DIRECT/65.54.82.143 application/octet-stream
hal ini mungkin berhubungan dg opsi refresh patern pada squid.conf.
refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims
kira-kira harus tuning dimana lagi yah?
-
menggali lebih dalam lagi dari squid.conf, ternyata ada fitur ini: range_offset_limit.
http://www.squid-cache.org/Versions/v2/2.7/cfgman/range_offset_limit.htmlreferensinya: http://wiki.squid-cache.org/SquidFaq/InnerWorkings#Why_do_I_see_negative_byte_hit_ratio.3F
seting awal adalah -1. skrg dijadiin 0 saja.
tinggal lihat hasilnya beberapa hari ke depan. ;) -
SEEEPPPPP …
;) ;D
-1 vs 0