Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ada apa dg lusca saya?

    Scheduled Pinned Locked Moved Indonesian
    7 Posts 2 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      agismaniax
      last edited by

      om-om semua, mau tanya dong.
      saya sudah set lusca, squidGuard dan lightsquid di pfSense 2.0-RC3. seting transparent proxy di squid dan limitasi waktu dan url di squidguard. user akses ke internet fine-fine saja. tapi trafik WAN saya kemakan banyak padahal trafik LAN-nya gak sebesar WAN. detailnya bisa lihat di attachment.
      ada apa dg lusca saya?  ??? ??? ???

      bw-01.png adalah IIX.
      bw-02.png adalah International.
      traffic-01.png_thumb
      traffic-01.png
      services-02.png
      services-02.png_thumb
      client-list-01.png
      client-list-01.png_thumb
      utilization-01.png
      utilization-01.png_thumb
      cache-info-01.png
      cache-info-01.png_thumb
      cache-info-02.png
      cache-info-02.png_thumb
      bw-01.png
      bw-01.png_thumb
      bw-02.png
      bw-02.png_thumb

      1 Reply Last reply Reply Quote 0
      • A
        agismaniax
        last edited by

        UPDATE:
        menggunakan RRDgraph built-in pfSense.
        trafik incoming ke WAN interface jauh lebih besar dibanding outgoing from LAN interface.

        squid.conf:

        
# Do not edit manually !
http_port 172.16.1.254:3128 transparent 
http_port 127.0.0.1:80 transparent 
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname firewall2.xxx.co.id
cache_mgr admin@xxx.co.id
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
logfile_rotate 15
shutdown_lifetime 0 seconds
# Allow local network(s) on interface(s)
acl localnet src  172.16.0.0/255.255.0.0
forwarded_for transparent
httpd_suppress_version_string on
uri_whitespace strip
dns_nameservers 202.159.32.2 202.159.33.2 202.158.3.7 202.169.33.220 

cache_mem 128 MB
maximum_object_size_in_memory 4 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

cache_dir aufs /var/squid/cache 50000 16 256
minimum_object_size 2 KB
maximum_object_size 128 MB
offline_mode off
cache_swap_low 90
cache_swap_high 95
acl donotcache dstdomain '/var/squid/acl/donotcache.acl'
cache deny donotcache
# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 1025-65535
acl sslports port 443 563 8080
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl partialcontent_req req_header Range .*
#acl dynamic urlpath_regex cgi-bin ?
include /usr/local/etc/squid/include.conf
#cache deny dynamic
http_access allow manager localhost

# Allow external cache managers
acl ext_manager_1 src 192.168.1.1 
http_access allow manager ext_manager_1

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min 32 KB
quick_abort_max 128 KB
quick_abort_pct 75
range_offset_limit 0 MB
request_body_max_size 0 allow all
reply_body_max_size 0 deny all

delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i '/var/squid/acl/throttle_exts.acl'
delay_access 1 allow throttle_exts
delay_access 1 deny all

# Custom options
refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avg.com/.*.(bin) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)symantecliveupdate.com/.*.(zip|exe|jdb|xdb) 43200 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avast.com/.*.(vpu|vpaa|vpx) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avira.de/.*.(vdf|ivdf|zip) 4320 100% 43200 reload-into-ims
refresh_pattern ([^.]+.|)adobe.com/.*.(exe|msi) 4320 100% 43200 reload-into-ims
range_offset_limit -1

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

# Allow local network(s) on interface(s)
http_access allow localnet

# Default block all to be sure
http_access deny all

        squidguard.conf:

        
# ============================================================
# SquidGuard configuration file
# This file generated automaticly with SquidGuard configurator
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

# 
time OFFICE_HOUR {
	weekly mon 08:15-11:45
	weekly mon 13:15-17:15
	weekly tue 08:15-11:45
	weekly tue 13:15-17:15
	weekly wed 08:15-11:45
	weekly wed 13:15-17:15
	weekly thu 08:15-11:45
	weekly thu 13:15-17:15
	weekly fri 08:15-11:30
	weekly fri 13:15-17:15
	weekly sat 08:15-11:15
}

# 
src LOCALHOST {
	ip     127.0.0.1
	ip     172.16.1.254
}

# 
src SERVER_GGW {
	ip     172.16.1.30-172.16.1.39
	ip     172.16.1.40-172.16.1.49
}

# 
src INT_OFFICE_TIME {
	ip     172.16.1.101-172.16.1.220
	ip     172.16.4.101-172.16.4.240
	ip     172.16.8.0/24
}

# 
src INT_FB_TW {
	ip     172.16.0.0/16
}

# 
dest FB_TW_GAMES {
	domainlist FB_TW_GAMES/domains
	urllist FB_TW_GAMES/urls
	log block.log
}

# 
dest XXX_WHITELIST {
	domainlist XXX_WHITELIST/domains
	expressionlist XXX_WHITELIST/expressions
	urllist XXX_WHITELIST/urls
	log block.log
}

# 
dest GGW_WHITELIST {
	domainlist GGW_WHITELIST/domains
	expressionlist GGW_WHITELIST/expressions
	urllist GGW_WHITELIST/urls
	log block.log
}

# 
dest XXX_BLACKLIST {
	domainlist XXX_BLACKLIST/domains
}

# 
rew safesearch {
	s@(google..*/search?.*q=.*)@&safe=active@i
	s@(google..*/images.*q=.*)@&safe=active@i
	s@(google..*/groups.*q=.*)@&safe=active@i
	s@(google..*/news.*q=.*)@&safe=active@i
	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
	s@(search.live..*/.*q=.*)@&adlt=strict@i
	s@(search.msn..*/.*q=.*)@&adlt=strict@i
	s@(.bing..*/.*q=.*)@&adlt=strict@i
	log block.log
}

# 
acl  {
	# 
	LOCALHOST  {
		pass all
	}
	# 
	SERVER_GGW  {
		pass GGW_WHITELIST !FB_TW_GAMES !XXX_WHITELIST !XXX_BLACKLIST none
		redirect http://172.16.1.254:8080/sgerror.php?url=403%20Anda%20hanya%20diperbolehkan%20mengakses%20website%20tertentu%20yang%20sudah%20diset%20oleh%20Administrator%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
	}
	# 
	INT_OFFICE_TIME  within OFFICE_HOUR {
		pass XXX_WHITELIST none
		redirect http://172.16.1.254:8080/sgerror.php?url=403%20Anda%20hanya%20diperbolehkan%20mengakses%20website%20tertentu%20yang%20sudah%20diset%20oleh%20Administrator%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		rewrite safesearch
		} else {
		pass all
		redirect http://172.16.1.254:8080/sgerror.php?url=403%20Anda%20hanya%20diperbolehkan%20mengakses%20website%20tertentu%20yang%20sudah%20diset%20oleh%20Administrator%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		rewrite safesearch
	}
	# 
	INT_FB_TW  within OFFICE_HOUR {
		pass !FB_TW_GAMES !XXX_BLACKLIST all
		redirect http://172.16.1.254:8080/sgerror.php?url=403%20Dilarang%20mengakses%20facebook%2C%20twitter%2C%20video%20streaming%20dan%20games%20online%20pada%20saat%20jam%20kerja%20%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		} else {
		pass !XXX_BLACKLIST all
		redirect http://172.16.1.254:8080/sgerror.php?url=403%20Dilarang%20mengakses%20facebook%2C%20twitter%2C%20video%20streaming%20dan%20games%20online%20pada%20saat%20jam%20kerja%20%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
	}
	# 
	default  {
		pass none
		redirect http://172.16.1.254:8080/sgerror.php?url=403%20Mohon%20maaf%2C%20koneksi%20internet%20sedang%20dalam%20perbaikan.&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		log block.log
	}
}

        bw-wan-01.png
        bw-wan-01.png_thumb
        bw-lan-01.png
        bw-lan-01.png_thumb

        1 Reply Last reply Reply Quote 0
        • S
          serangku
          last edited by

          coba dibeber dimari squid.conf nya
          om terawang itu berasal dari sana …

          nilai byte bit menjadi negatif itu pasti ada sebabnya
          kalau tidak salah ada catatan web yg menjelaskan itu
          di forum ini pernah ada linknya ...

          request diselesaikan sampai tuntas padahal request tsb sudah di abort atau cancel
          duh ... susah banget nulis maksud yg dikepala
          kira2 begitu lah  ;D

          1 Reply Last reply Reply Quote 0
          • A
            agismaniax
            last edited by

            kalau ndak salah nilai min itu maksudnya adalah http request dari client diselesaikan oleh si squid, padahal si client sudah cancel httpd request.
            apakah hal ini disebabkan oleh squidguard? soalnya ada limitasi waktu browsing utk user biasa.
            kalau dilihat tren-nya, memang lebih banyak squid http request mulai jam 8 sampai jam 5 sore dibanding client http request.
            ada saran? soalnya bikin b/w jadi habis padahal niat awalnya mau dihemat oleh si lusca.

            @serangku:

            coba dibeber dimari squid.conf nya
            om terawang itu berasal dari sana …

            nilai byte bit menjadi negatif itu pasti ada sebabnya
            kalau tidak salah ada catatan web yg menjelaskan itu
            di forum ini pernah ada linknya ...

            request diselesaikan sampai tuntas padahal request tsb sudah di abort atau cancel
            duh ... susah banget nulis maksud yg dikepala
            kira2 begitu lah  ;D

            1 Reply Last reply Reply Quote 0
            • A
              agismaniax
              last edited by

              tadi squid.conf dituning di bagian quick_abort:

              quick_abort_min 8 KB
quick_abort_max 16 KB
quick_abort_pct 95
range_offset_limit 0 MB
request_body_max_size 0 allow all
reply_body_max_size 0 deny all

              dan setelah dicek dengan seksama, ada satu PC yg donlot windows update.

              1310456149.769  13304 172.16.4.244 TCP_MISS/206 500 GET http://au.download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976933-x64-neutral_8a7fcdd8a721b2549af52ee4662418ad54928856.psf - DIRECT/65.54.82.138 application/octet-stream
1310456159.490   9715 172.16.4.244 TCP_MISS/206 1139 GET http://au.download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976933-x64-neutral_8a7fcdd8a721b2549af52ee4662418ad54928856.psf - DIRECT/65.54.82.143 application/octet-stream
1310456170.478  10982 172.16.4.244 TCP_MISS/206 443 GET http://au.download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976933-x64-neutral_8a7fcdd8a721b2549af52ee4662418ad54928856.psf - DIRECT/65.54.82.138 application/octet-stream
1310456470.506 299559 172.16.4.244 TCP_MISS/206 447 GET http://au.download.windowsupdate.com/msdownload/update/software/ftpk/2010/10/wlsetup-all_ce5287396485f886a3051ac552cbdb2f08681033.exe - DIRECT/65.54.82.143 application/octet-stream

              hal ini mungkin berhubungan dg opsi refresh patern pada squid.conf.

              refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims

              kira-kira harus tuning dimana lagi yah?

              1 Reply Last reply Reply Quote 0
              • A
                agismaniax
                last edited by

                menggali lebih dalam lagi dari squid.conf, ternyata ada fitur ini: range_offset_limit.
                http://www.squid-cache.org/Versions/v2/2.7/cfgman/range_offset_limit.html

                referensinya: http://wiki.squid-cache.org/SquidFaq/InnerWorkings#Why_do_I_see_negative_byte_hit_ratio.3F

                seting awal adalah -1. skrg dijadiin 0 saja.
                tinggal lihat hasilnya beberapa hari ke depan.  ;)

                1 Reply Last reply Reply Quote 0
                • S
                  serangku
                  last edited by

                  SEEEPPPPP …

                  ;) ;D

                  -1 vs 0

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.