Большое спасибо за подробный и понятный ответ! Дело в том что я далеко не специалист в FreeBSD, а когда сталкиваешься с подобными задачами, пытаясь их решить по своему разумению, во время поиска много информации пропускается (сам бы я не нашел), поэтому я подобным советам несказанно рад.
Хотел бы посоветоваться еще по поводу методов борьбы с "рушением" кэша в squid и по поводу систем подсчета траффика. Сейчас работает squid с почти "умолчальными" настройками, вот конфигурационный файл:
http_port 192.168.1.1:3128
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 15 MB
cache_dir ufs /usr/local/squid/cache 500 16 256
cache_store_log none
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_PORTS port 443 563
acl SAFE_PORTS port 80 23 21 20 70 210 280 591 777 9090
acl UNREG port 1025-65535
acl CONNECT method CONNECT
acl LAN src 192.168.1.0/25
acl porno url_regex "/usr/local/etc/squid/porno"
http_access deny LAN porno
http_access allow manager localhost
http_access deny manager
http_access allow SAFE_PORTS
http_access allow SSL_PORTS
http_access allow UNREG
http_access deny CONNECT !SSL_PORTS
http_access allow LAN
http_access deny all
visible_hostname ProxySquid
coredump_dir /usr/local/squid/cache
refresh_pattern -i \.png$ 4320 100% 4320 override-lastmod override-expire
refresh_pattern -i \.jpg$ 4320 100% 4320 override-lastmod override-expire
refresh_pattern -i \.jpeg$ 4320 100% 4320 override-lastmod override-expire
refresh_pattern -i \.gif$ 2500 100% 2500 override-lastmod override-expire
refresh_pattern -i \.pdf$ 14400 100% 14400 override-lastmod override-expire
refresh_pattern -i \.zip$ 14400 100% 14400 override-lastmod override-expire
refresh_pattern -i \.exe$ 14400 100% 14400 override-lastmod override-expire
refresh_pattern -i \.rar$ 15000 100% 15000 override-lastmod override-expire
refresh_pattern -i \.swf$ 2500 100% 2500 override-lastmod override-expire
refresh_pattern -i \.mid 25000 100% 25000 override-lastmod override-expire
refresh_pattern -i \.mp3 25000 100% 25000 override-lastmod override-expire
Кэш время от времени падает, вот вырезка из cache.log:
2006/06/06 09:23:18| Starting Squid Cache version 2.5.STABLE6 for i386-portbld-freebsd5.3...
2006/06/06 09:23:18| Process ID 492
2006/06/06 09:23:18| With 1792 file descriptors available
2006/06/06 09:23:18| DNS Socket created at 0.0.0.0, port 52597, FD 4
2006/06/06 09:23:18| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2006/06/06 09:23:18| Unlinkd pipe opened on FD 9
2006/06/06 09:23:18| Swap maxSize 512000 KB, estimated 39384 objects
2006/06/06 09:23:18| Target number of buckets: 1969
2006/06/06 09:23:18| Using 8192 Store buckets
2006/06/06 09:23:18| Max Mem size: 15360 KB
2006/06/06 09:23:18| Max Swap size: 512000 KB
2006/06/06 09:23:18| Store logging disabled
2006/06/06 09:23:18| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2006/06/06 09:23:18| Using Least Load store dir selection
2006/06/06 09:23:18| Set Current Directory to /usr/local/squid/cache
2006/06/06 09:23:18| Loaded Icons.
2006/06/06 09:23:18| Accepting HTTP connections at 192.168.1.1, port 3128, FD 10.
2006/06/06 09:23:18| WCCP Disabled.
2006/06/06 09:23:18| Ready to serve requests.
2006/06/06 09:23:19| Store rebuilding is 8.4% complete
2006/06/06 09:23:21| Done reading /usr/local/squid/cache swaplog (48912 entries)
2006/06/06 09:23:21| Finished rebuilding storage from disk.
2006/06/06 09:23:21| 45955 Entries scanned
2006/06/06 09:23:21| 0 Invalid entries.
2006/06/06 09:23:21| 0 With invalid flags.
2006/06/06 09:23:21| 45641 Objects loaded.
2006/06/06 09:23:21| 0 Objects expired.
2006/06/06 09:23:21| 305 Objects cancelled.
2006/06/06 09:23:21| 952 Duplicate URLs purged.
2006/06/06 09:23:21| 4 Swapfile clashes avoided.
2006/06/06 09:23:21| Took 2.2 seconds (20570.4 objects/sec).
2006/06/06 09:23:21| Beginning Validation Procedure
2006/06/06 09:23:21| Completed Validation Procedure
2006/06/06 09:23:21| Validated 44692 Entries
2006/06/06 09:23:21| store_swap_size = 482630k
2006/06/06 09:23:21| storeLateRelease: released 0 objects
2006/06/06 09:32:58| WARNING: 1 swapin MD5 mismatches
2006/06/06 16:14:34| WARNING: 10 swapin MD5 mismatches
2006/06/07 08:40:08| Starting Squid Cache version 2.5.STABLE6 for i386-portbld-freebsd5.3...
2006/06/07 08:40:08| Process ID 462
2006/06/07 08:40:08| With 1792 file descriptors available
2006/06/07 08:40:08| DNS Socket created at 0.0.0.0, port 52597, FD 4
2006/06/07 08:40:08| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2006/06/07 08:40:08| Unlinkd pipe opened on FD 9
2006/06/07 08:40:08| Swap maxSize 512000 KB, estimated 39384 objects
2006/06/07 08:40:08| Target number of buckets: 1969
2006/06/07 08:40:08| Using 8192 Store buckets
2006/06/07 08:40:08| Max Mem size: 15360 KB
2006/06/07 08:40:08| Max Swap size: 512000 KB
2006/06/07 08:40:08| Store logging disabled
2006/06/07 08:40:08| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2006/06/07 08:40:08| Using Least Load store dir selection
2006/06/07 08:40:08| Set Current Directory to /usr/local/squid/cache
2006/06/07 08:40:08| Loaded Icons.
2006/06/07 08:40:08| Accepting HTTP connections at 192.168.1.1, port 3128, FD 10.
2006/06/07 08:40:08| WCCP Disabled.
2006/06/07 08:40:08| Ready to serve requests.
2006/06/07 08:40:09| Store rebuilding is 7.0% complete
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001520
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001DDE
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001DDF
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001DE3
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001DF4
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001DF7
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001DF9
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001E02
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001E03
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001E06
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00001E08
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 000043CD
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 000043CE
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 000043CF
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 000043D0
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00009953
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00009B79
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00009D41
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00009D42
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00009D43
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00009D44
2006/06/07 08:40:10| WARNING: newer swaplog entry for dirno 0, fileno 00009D45
2006/06/07 08:40:10| Done reading /usr/local/squid/cache swaplog (58737 entries)
2006/06/07 08:40:10| Finished rebuilding storage from disk.
2006/06/07 08:40:10| 50431 Entries scanned
2006/06/07 08:40:10| 0 Invalid entries.
2006/06/07 08:40:10| 0 With invalid flags.
2006/06/07 08:40:10| 49049 Objects loaded.
2006/06/07 08:40:10| 0 Objects expired.
2006/06/07 08:40:10| 240 Objects cancelled.
2006/06/07 08:40:10| 1559 Duplicate URLs purged.
2006/06/07 08:40:10| 1140 Swapfile clashes avoided.
2006/06/07 08:40:10| Took 2.2 seconds (22074.7 objects/sec).
2006/06/07 08:40:10| Beginning Validation Procedure
2006/06/07 08:40:10| Completed Validation Procedure
2006/06/07 08:40:10| Validated 47492 Entries
2006/06/07 08:40:10| store_swap_size = 512310k
2006/06/07 08:40:11| storeLateRelease: released 0 objects
2006/06/07 08:50:04| WARNING: 1 swapin MD5 mismatches
2006/06/07 10:23:57| sslReadServer: FD 14: read failure: (54) Connection reset by peer
2006/06/07 10:23:57| sslReadServer: FD 32: read failure: (54) Connection reset by peer
2006/06/07 10:23:57| sslReadServer: FD 30: read failure: (54) Connection reset by peer
2006/06/07 10:24:37| sslReadServer: FD 17: read failure: (54) Connection reset by peer
2006/06/07 10:24:42| sslReadServer: FD 14: read failure: (54) Connection reset by peer
2006/06/07 12:02:56| sslReadServer: FD 17: read failure: (54) Connection reset by peer
2006/06/07 13:07:22| WARNING: 10 swapin MD5 mismatches
2006/06/07 19:12:34| urlParse: Illegal character in hostname 'hest.ru]'
2006/06/07 19:12:34| urlParse: Illegal character in hostname 'hest.ru]'
2006/06/08 09:10:30| Starting Squid Cache version 2.5.STABLE6 for i386-portbld-freebsd5.3...
2006/06/08 09:10:30| Process ID 519
2006/06/08 09:10:30| With 1792 file descriptors available
2006/06/08 09:10:30| DNS Socket created at 0.0.0.0, port 52597, FD 4
2006/06/08 09:10:30| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2006/06/08 09:10:30| Unlinkd pipe opened on FD 9
2006/06/08 09:10:30| Swap maxSize 512000 KB, estimated 39384 objects
2006/06/08 09:10:30| Target number of buckets: 1969
2006/06/08 09:10:30| Using 8192 Store buckets
2006/06/08 09:10:30| Max Mem size: 15360 KB
2006/06/08 09:10:30| Max Swap size: 512000 KB
2006/06/08 09:10:30| Store logging disabled
2006/06/08 09:10:30| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2006/06/08 09:10:30| Using Least Load store dir selection
2006/06/08 09:10:30| Set Current Directory to /usr/local/squid/cache
2006/06/08 09:10:30| Loaded Icons.
2006/06/08 09:10:30| Accepting HTTP connections at 192.168.1.1, port 3128, FD 10.
2006/06/08 09:10:30| WCCP Disabled.
2006/06/08 09:10:30| Ready to serve requests.
2006/06/08 09:10:31| Store rebuilding is 6.4% complete
2006/06/08 09:10:32| WARNING: newer swaplog entry for dirno 0, fileno 000014C7
2006/06/08 09:10:32| WARNING: newer swaplog entry for dirno 0, fileno 0000001B
2006/06/08 09:10:32| WARNING: newer swaplog entry for dirno 0, fileno 00001DDF
2006/06/08 09:10:32| WARNING: newer swaplog entry for dirno 0, fileno 00001DE7
(И еще много подобных строк подобного рода)
2006/06/08 09:10:32| Done reading /usr/local/squid/cache swaplog (64022 entries)
2006/06/08 09:10:32| Finished rebuilding storage from disk.
2006/06/08 09:10:32| 53945 Entries scanned
2006/06/08 09:10:32| 0 Invalid entries.
2006/06/08 09:10:32| 0 With invalid flags.
2006/06/08 09:10:32| 51939 Objects loaded.
2006/06/08 09:10:32| 0 Objects expired.
2006/06/08 09:10:32| 422 Objects cancelled.
2006/06/08 09:10:32| 2774 Duplicate URLs purged.
2006/06/08 09:10:32| 1575 Swapfile clashes avoided.
2006/06/08 09:10:32| Took 2.3 seconds (22544.2 objects/sec).
2006/06/08 09:10:32| Beginning Validation Procedure
2006/06/08 09:10:32| Completed Validation Procedure
2006/06/08 09:10:32| Validated 49164 Entries
2006/06/08 09:10:32| store_swap_size = 523000k
2006/06/08 09:10:33| storeLateRelease: released 0 objects
2006/06/08 09:10:34| WARNING: Disk space over limit: 513234 KB > 512000 KB
2006/06/08 09:35:02| WARNING: 1 swapin MD5 mismatches
2006/06/08 11:39:56| sslReadServer: FD 15: read failure: (54) Connection reset by peer
2006/06/08 12:02:57| WARNING: 10 swapin MD5 mismatches
Из данных сообщений я понимаю, что слетает кэш, squid его восстанавливает, а он опять слетает! Что с этим можно сделать и с чем это связано?
И второе: нужно считать траффик, делать отчеты.
Я поступил вот каким образом:
Так как во внутренней сети домен и почти все в домене, на windows машине поставил squid-NT и настроил его так, чтобы он обращался к данному прокси (NT-шный прокси поставил, чтобы было удобнее пользователей из домена регистрировать в access.log), потом некоторые сервисы работают не через прокси, а через НАТ (клиент-банки, почта), потому решил еще воспользоваться связкой ipfw+ipa, читаю документацию, но что-то не очень врубаюсь. Есть алтернативные, попроще, способы?