Re: [squid-users] acl definitions and delay_pools

Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> Please post in plain-text. HTML is a bit hard to read...

A little hard to read?!! I'd say, even I couldn't read it, and I sent it! :-) So
sorry folks. I use Pegasus email and the client is supposed to be set to
send in plain text only. No idea why it came up with all that HTML. Forgive
me if it happens again. I sent the following:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

At the risk of the list beating me with a stick, I cannot otherwise find an
answer to what I am doing and whether my config will work.

I have an aggregated 20mb (2 x 10mb) which is feeding to a SmoothWall
firewall. It is working nicely, but I need to kill off some leaching, and the best
option is delay_pools.

I've tried a number of different combinations and think I've hit on the proper
configuration, but would like confirmation or a kick in the butt and an answer
to what I'm doing wrong.

I have 1 subnet (same netmask) which I've split into three IP pools with
DHCPd static assignments. The set x.x.3.1 through x.x.3.79 are the "fast"
pool, set x.x.3.80 through x.x.3.120 are the "medium" pool and the x.x.3.200
through x.x.3.250 is for leachers and hackers (dynamic assigned).

The config which I hope will work follows. It seems no one is using the
bandwidth right now (Friday, I guess) and have late results which are
positive from someone in the "fast" pool. So, does the following acl and
delay pool definitions look OK?? (Thanks in advance; Kevin):

acl fast src 192.168.3.1-192.168.3.79/255.255.255.0
acl medium src 192.168.3.80-192.168.3.120/255.255.255.0
acl slow src 192.168.3.200-192.168.3.250/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0

acl SSL_ports port 445 443 441 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # smoothwall http
acl Safe_ports port 21 # ftp
acl Safe_ports port 445 443 441 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all

################################################################################
# delay_pools config
################################################################################

# define 3 class 2 pools
delay_pools 3

# fast follows the rules of pool 1
delay_class 1 2
delay_access 1 allow fast
delay_access 1 deny all
delay_parameters 1 -1/-1 250000/60000000

# medium follows the rules of pool 2
delay_class 2 2
delay_access 2 allow medium
delay_access 2 deny all
delay_parameters 2 -1/-1 125000/30000000

# slow follows the rules of pool 3
delay_class 3 2
delay_access 3 allow slow
delay_access 3 deny all
delay_parameters 3 -1/-1 8000/8000

# everyone's bucket starts out full
delay_initial_bucket_level 100

v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v

Beausejour news - http://beausejour.yia.ca/
~~~~~~~
Uvea tech news and forums - http://tech.uveais.ca/
~~~~~~~
Beausejour LUG - http://bjlug.yia.ca/
Received on Fri Sep 21 2007 - 18:24:55 MDT