Configuração Básica do Squid Server - Problema do Gateway

Retirado do pós Squid Cache adaptador para o seu servidor.

Você precisa de toda a sua rede local para ir ao squid

# ACCESS CONTROLS
# -------------------------------------------

# Recommended minimum configuration:

# proxy (ip server)
acl yourserver src 172.16.10.3/32
http_access allow localhost
http_access allow yourserver
# Local network
acl localnet src 172.16.10.0/24

# DNS Ipv4
dns_v4_first on
# BLOCK IPv6
acl to_ipv6 dst ipv6
http_access deny to_ipv6 !all

acl CONNECT method CONNECT
acl SSL_ports port 443
acl SSL_ports port 5228     # mtalk.google.com
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access allow  yourserver manager
http_access deny manager

# DNS OPTIONS
dns_retransmit_interval 5 seconds
dns_timeout 30 seconds
dns_nameservers 8.8.8.8 8.8.4.4

# Default
ipcache_size 2048
ipcache_low 90
ipcache_high 95
fqdncache_size 4096

# HTTP OPTIONS
request_header_max_size 256 KB
ie_refresh on
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 0 seconds
positive_dns_ttl 6 hours
negative_dns_ttl 10 seconds
fqdncache_size 16384

# via off hidden localnet
via on

---------------------------------------------------------------- 
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS


----------------------------------------------------------------
# Localnet
http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all

# ICP-HTCP-CLR
# Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
# Allow HTCP queries from local networks only
htcp_access allow localnet
htcp_access deny all
reply_body_max_size 3072 MB

# NETWORK OPTIONS

# Squid Port (change for your port 8888)
http_port 3128

# Qos
qos_flows local-hit=0x30
qos_flows parent-hit=0x32

# Destination IP address matches the Host header domain or IP
#host_verify_strict on

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM

# CACHEPEER (change your port)
cache_peer 172.16.10.3 parent 3128 0 proxy-only no-digest no-delay no-netdb-exchange no-query no-tproxy
dead_peer_timeout 2 seconds
cache_peer_access 172.16.10.3 allow all

# 'cgi-bin' or '?' direct server
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# Cache (Choose the amount of memory you assign)
cache_mem 512 MB

# Object
#maximum_object_size_in_memory 1024 KB
maximum_object_size_in_memory 30 MB
# objects are purged from memory when memory space is needed
memory_replacement_policy heap GDSF
# Control
memory_cache_mode always

# DISK CACHE OPTIONS

# objects are evicted (replaced) when disk space is needed
cache_replacement_policy heap LFUDA

# Disk cache
# Example: 100 GB for 250 GB
cache_dir aufs /var/spool/squid 150000 16 256

# Ej: 200 Mb (maximum_object_size 20480 KB)
#minimum_object_size 4 KB
maximum_object_size 200 MB

# Squid vaciar la caché (1% de 100 GB)
cache_swap_low 95 
cache_swap_high 99

# LOGFILE OPTIONS

access_log daemon:/var/log/squid/access.log squid
access_log stdio:/var/log/squid/access.log squid
cache_access_log stdio:/var/log/squid/access.log
cache_store_log stdio:/var/log/squid/store.log
cache_store_log daemon:/var/log/squid/store.log

# sudo apt-get install logrotate 
# sudo squid -k rotate
logfile_rotate 7

# OPTIONS FOR TROUBLESHOOTING

#  Squid administrative logging file.
cache_log /var/log/squid/cache.log

# debug
debug_options ALL,1
#debug_options ALL,1 33,2 28,9

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS

# Pinger (sudo chmod 4755 /usr/lib/squid/pinger)
pinger_program /usr/lib/squid/pinger
pinger_enable off

# Range
range_offset_limit -1
minimum_expiry_time 60 seconds

# Timeouts
forward_timeout 4 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
read_timeout 15 minutes
write_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 60 seconds
client_lifetime 1 day
pconn_timeout 60 seconds
shutdown_lifetime 15 seconds
client_idle_pconn_timeout 2 minutes
half_closed_clients off

# MISCELLANEOUS
cache_effective_user proxy 
cache_effective_group proxy
# Hide squid inf
httpd_suppress_version_string on
# Name of proxy
visible_hostname proxyserver
# persistent
server_persistent_connections off
client_persistent_connections off
# Disable ICP (Inter-Cache Protocol) (default icp_port 3130)
icp_port 0
# Disable icmp
query_icmp off
# DIRECT    
always_direct allow yourserver 
always_direct allow localnet
always_direct allow localhost
never_direct allow CONNECT
never_direct allow all
# ram
memory_pools off
memory_pools_limit 512 MB
# hide internal ip
forwarded_for deleted
# validation 
offline_mode off
# File Descriptors (Bug)
#https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1390132
#max_filedescriptors 1024
max_filedesc 8192