Vaughan Roberts wrote:
Hi, I have been using squid for about 4-5 months successfully on a RedHat 7.1 box which acts as the nat router / firewall between the I-net and my LAN. A couple of days ago I decided to upgrade to Fedora Core4. I have now got most things working, but the browers on my LAN clients are not able to access web-sites. I can ping the web-sites, but the browers are doing nothing. At first I thought it was a DNS problem, but tcpdump indicates that is working fine and if I use IP numbers for the web-sites they still don't respond. I have copied over my squid.conf and iptables setting from 7.1 and successfully set up the cache directories but I am getting nothing in access.log or store.log. Can anybody see what I am doing wrong, or knows of any utilities that could clarify what the issue is? Here is a decommented copy of the squid.conf file I am using. http_port 3128 icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB cache_dir ufs /var/spool/squid 100 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid debug_options ALL,1 33,2 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/255.0.0.0 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 8080 # http #2 acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 3128 # squid (is this needed, maybe as I don't allow 1025-65535 below) acl Safe_ports port 5050:5055 # bpalogin acl Safe_ports port 123 # ntp acl Safe_ports port 280 # http-mgmt acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost acl mylan src 192.168.1.0/255.255.255.224 http_access allow mylan http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all cache_mgr root cache_effective_user squid cache_effective_group squid httpd_accel_port 80 httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on memory_pools on memory_pools_limit 10 MB cachemgr_passwd disable all coredump_dir /var/spool/squid Here is what is in my cache.log 2005/06/26 21:12:28| Starting Squid Cache version 2.5.STABLE9 for i386-redhat-linux-gnu... 2005/06/26 21:12:28| Process ID 7346 2005/06/26 21:12:28| With 1024 file descriptors available 2005/06/26 21:12:28| DNS Socket created at 0.0.0.0, port 32825, FD 5 2005/06/26 21:12:28| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2005/06/26 21:12:28| Adding nameserver 144.140.70.16 from /etc/resolv.conf 2005/06/26 21:12:28| Adding nameserver 144.140.71.29 from /etc/resolv.conf 2005/06/26 21:12:28| Adding nameserver 144.140.70.15 from /etc/resolv.conf 2005/06/26 21:12:28| User-Agent logging is disabled. 2005/06/26 21:12:28| Referer logging is disabled. 2005/06/26 21:12:28| Unlinkd pipe opened on FD 10 2005/06/26 21:12:28| Swap maxSize 102400 KB, estimated 7876 objects 2005/06/26 21:12:28| Target number of buckets: 393 2005/06/26 21:12:28| Using 8192 Store buckets 2005/06/26 21:12:28| Max Mem size: 32768 KB 2005/06/26 21:12:28| Max Swap size: 102400 KB 2005/06/26 21:12:28| Rebuilding storage in /var/spool/squid (CLEAN) 2005/06/26 21:12:28| Using Least Load store dir selection 2005/06/26 21:12:28| Set Current Directory to /var/spool/squid 2005/06/26 21:12:28| Loaded Icons. 2005/06/26 21:12:29| Accepting HTTP connections at 0.0.0.0, port 3128, FD 12. 2005/06/26 21:12:29| WCCP Disabled. 2005/06/26 21:12:29| Ready to serve requests. 2005/06/26 21:12:29| Done reading /var/spool/squid swaplog (0 entries) 2005/06/26 21:12:29| Finished rebuilding storage from disk. 2005/06/26 21:12:29| 0 Entries scanned 2005/06/26 21:12:29| 0 Invalid entries. 2005/06/26 21:12:29| 0 With invalid flags. 2005/06/26 21:12:29| 0 Objects loaded. 2005/06/26 21:12:29| 0 Objects expired. 2005/06/26 21:12:29| 0 Objects cancelled. 2005/06/26 21:12:29| 0 Duplicate URLs purged. 2005/06/26 21:12:29| 0 Swapfile clashes avoided. 2005/06/26 21:12:29| Took 0.3 seconds ( 0.0 objects/sec). 2005/06/26 21:12:29| Beginning Validation Procedure 2005/06/26 21:12:29| Completed Validation Procedure 2005/06/26 21:12:29| Validated 0 Entries 2005/06/26 21:12:29| store_swap_size = 0k 2005/06/26 21:12:30| storeLateRelease: released 0 objects Best regards, Vaughan Mobile: 0412 122 362
Maybe does SElinux active in the new server FC4.? Emilio C.