[squid-users] subnet forward

Antony Stone Antony.Stone at squid.open.source.it
Wed Sep 7 13:20:11 UTC 2016 

On Wednesday 07 September 2016 at 15:05:25, Pol Hallen wrote:

> I've a small lan:
> 
> dsl<-WAN_NIC0_192.168.5.0/30->lan1_192.168.10.0/24 (NIC1)<-->switch+AP
>                                lan2_192.168.1.0/24 (NIC2)<--->switch+AP
> 
> I've squid server v.3.1.20 on 192.168.1.20
> 
> from 192.168.1.0/24 network squid works perfectly :-))) from
> 192.168.10.0/24 network squid works but: is very very very slow...
> 
> I've check firewall and routing, dns and ping and seem ok

Where's the firewall?

Show us the routing table on 192.168.1.20, and show us the routing table on 
the machine above with three network cards.  Also please tell us the IP 
addresses on its three interfaces.

Show us any NAT rules you have on that machine.

> maximum_object_size 5 Gb
> cache_dir ufs /data/vmware/squid-cache 30720 16 256
> cache_mem 4096 MB
> 
> minimum_object_size 0
> maximum_object_size_in_memory 512 Kb
> cache_replacement_policy heap GDSF
> 
> cache_swap_low 85
> cache_swap_high 90
> 
> half_closed_clients off
> 
> hosts_file /etc/hosts
> memory_pools off
> client_db off
> dns_nameservers 127.0.0.1
> 
> via off
> forwarded_for off
> httpd_suppress_version_string off
> follow_x_forwarded_for deny all
> #visible_hostname sign.bunker.org
> 
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
> override-expire ignore-no-cache ignore-no-store ignore-private
> refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90%
> 432000 override-expire ignore-no-cache ignore-no-store ignore-private
> refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$
> 10080 90% 43200 override-expire ignore-no-cache ignore-no-store
> ignore-private
> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
> refresh_pattern . 0 40% 40320
> 
> refresh_pattern -i movies.com/.* 10080 90% 43200
> refresh_pattern (/cgi-bin/|\?) 0 0% 0

What?  No http_access rules or ACLs?


Antony.

-- 
Wanted: telepath.   You know where to apply.

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list