[RESOLVED]direct internet access(outbound nat) too slow
-
Hello everyone,
PF verison 1.2.3Before installing SQUID+SQUIDGUARD we were using outbound nat for users internet access,
after installing SQUID+SQUIDGUARD most of users are using proxy service with user and password(non transparent) with great successBut now we got another problem .We have users which have to direct access to internet as old times (without squid+squidguard).
They access internet, but slowly .Nothing changed in configuration ,only squid+squidguard installed.
any experience about this subject?any idea?
-
very slow access is usually a sign of misconfigured proxies. double check that you have the proper configuration. not sure if squidguard acts as a separate proxy from squid. If so, make sure you have forwarding proxy properly set up.
-
This is my squid.conf
Users who are using non transparent proxy surfing very well,any problem.
But direct access users have speed problem when accessing web sites,any idea?
/usr/local/etc/squid/squid.conf
Do not edit manually !
http_port 192.168.0.1:8080
icp_port 0pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/Turkish
icon_directory /usr/local/etc/squid/icons
visible_hostname proxy.local
cache_mgr XXX@xxx.com
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
logfile_rotate 30
shutdown_lifetime 3 secondsAllow local network(s) on interface(s)
acl localnet src 192.168.0.0/255.255.255.0
uri_whitespace stripcache_mem 512 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /var/squid/cache 10000 16 256
minimum_object_size 0 KB
maximum_object_size 512000 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95No redirector configured
Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl allowed_subnets src 192.168.0.0/24 192.168.50.0/24
acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
cache deny dynamic
http_access allow manager localhosthttp_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslportsAlways allow localhost connections
http_access allow localhost
quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allThese hosts do not have any restrictions
http_access allow unrestricted_hosts
auth_param basic program /usr/local/libexec/squid/ncsa_auth /var/etc/squid.passwd
auth_param basic children 5
auth_param basic realm Please enter your credentials to access the proxy
auth_param basic credentialsttl 10 minutes
acl password proxy_auth REQUIRED
http_access allow unrestricted_hosts
http_access allow password localnet
http_access allow password allowed_subnetsCustom options
http_port 192.168.50.1:8080
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3Default block all to be sure
http_access deny all
-
Problem solved by addding local direct access ip addresses to services>proxy server>access control>Unrestricted IPs