ob+pf+squid,透明代理页面打开反应慢?

tidezcy

openbsd3.9+pf+squid,透明代理的方式,打开新页面很慢,差不多要5s才能出来,但在浏览器填上代理后,打开新页面又是正常的,不知为什么? 请高人指点指点.

llzqq

多半是pf规则的问题

tidezcy

#pf.conf的内容就是这样的.

ext_if="vr0"
int_if="xl0"

tcp_services="{ 22, 113 }"
icmp_types="echoreq"

NETWORK_A="192.168.2.0/24"

priv_nets="{
  127.0.0.0/8,
  192.168.0.0/16,
  172.16.0.0/12,
  10.0.0.0/8
}"

# set optimization aggressive
set optimization conservative
set block-policy return
set loginterface $ext_if

scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"

rdr on $int_if proto tcp from any to any port www -> 127.0.0.1 port 3128

rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

nat on $ext_if from !($ext_if) -> ($ext_if:0)

block all
pass on lo0 all
anchor "ftp-proxy/*"

block drop in log quick on $ext_if from $priv_nets to any
block drop out log quick on $ext_if from any to $priv_nets

pass in log quick on $ext_if inet proto tcp from any to ($ext_if) port 22 flags S/SA keep state

pass in inet proto icmp all icmp-type echoreq keep state
pass out inet proto icmp all icmp-type echoreq keep state

pass in on $int_if from $int_if:network to any  keep state
pass out keep state

#pass out on $ext_if proto tcp from ($ext_if) to any modulate state flags S/SA
#pass out on $ext_if inet proto {udp,icmp} from ($ext_if) to any  keep state
#

zb77510

我搞的都是非常简单应用,感觉PF+openBSD3.9+squid速度还是非常快的!

我只用了一个keep state  到53