Re: Squid stopped working after update.

[Chris Robertson <crobertson@xxxxxxx>]

MARK ADAMS wrote:
> Mandriva Linux 2007, Squid Cache: Version 2.6.STABLE1
>
>
> Here's an odd thing: I ran updates on my server after a rather lengthy 
> period of not updating -- I hate it when the lying bastage mirrors 
> stop working, but anyway...
>
> After this lengthy upgrade, Squid updated to ver. 2.6.STABLE1 and 
> stopped working.  The process was still up, but when I configured the 
> browser to use the proxy, it claimed it couldn't find the proxy I had 
> configured.

You might want to start by reading the 2.6 release notes.  
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE1-RELEASENOTES.html

> I looked at the config files and everything seemed okay.  I checked 
> the logs and it looked like there was a failure related to how it was 
> resolving http.  I'd like to be more articulate about that error, but 
> I punted and uninstalled/reinstalled squid and squidGuard from the 
> main_update repositories.
>
> The reinstall went okay and I've modified the new config files so that 
> Squid and squidGuard run and should be working fine (when did 
> squidGuard become a "url_rewriter_program"?), but now when I point a 
> browser to a website under the proxy, it just times out.

Times out how?  There are entries in the access.log...

> I've tried disabling IP tables on client and server, and disabling 
> squidGuard but nothing has helped.
>
> Here's the config:
>
> http_port 3128
> http_port 8080
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl Apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log /var/log/squid/access.log squid
> url_rewrite_program /usr/bin/squidGuard -d -c /etc/squid/squidGuard.conf
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern .               0       20%     4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443 563     # https, snews
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> acl mynetwork src 192.168.1.0/255.255.255.0
> acl alexa src "/etc/squid/bad_1s"
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow mynetwork
> acl our_networks src 192.168.1.0/24
> http_access allow our_networks

This is redundant.  You've already defined "mynetwork" as a src ACL of 
the same IP block.  I can't see it causing problems, but it's extraneous.

> http_access allow localhost

Even though the "http_access deny all" is implicit (given that your last 
http_access line is an allow) it's not a bad idea to make it explicit.

> http_reply_access allow all
> icp_access allow all
> cache_effective_user squid
> cache_effective_group squid
> visible_hostname shuttle.adams-lan.local
> deny_info ERR_CUSTOM_ACCESS_DENIED mynetwork

I don't think this will be used, as the mynetwork ACL is not used in a 
deny context.  Then again, without an explicit http_access deny all, 
that might just work.

> coredump_dir /var/spool/squid
>
> Logs don't seem to be showing much about squid that I can see:
SNIP

Squid logs nothing to syslog by default.

> # tail access.log
> 1175798813.718   1754 192.168.1.100 TCP_MISS/200 4806 GET 
> http://www.fulldls.com/rss.php - DIRECT/66.29.9.69 text/xml
> 1175798822.053   2088 192.168.1.100 TCP_MISS/200 10020 GET 
> http://www.squid-cache.org/mailing-lists.html - DIRECT/12.160.37.9 
> text/html
> 1175799083.226    498 192.168.1.100 TCP_MISS/302 785 GET 
> http://fxfeeds.mozilla.org/rss20.xml - DIRECT/63.245.209.21 text/html
> 1175799083.828    600 192.168.1.100 TCP_REFRESH_MISS/200 13460 GET 
> http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml 
> - DIRECT/212.58.240.130 application/xml
> 1175799295.144    419 192.168.1.100 TCP_MISS/200 5791 GET 
> http://login.yahoo.com/config/login? - DIRECT/209.191.92.114 text/html
> 1175799295.458    314 192.168.1.100 TCP_MISS/302 1185 POST 
> http://login.yahoo.com/config/login - DIRECT/209.191.92.114 text/html
> 1175799295.721    251 192.168.1.100 TCP_MISS/302 587 GET 
> http://mail.yahoo.com/ - DIRECT/209.191.92.114 text/html
> 1175799296.402    670 192.168.1.100 TCP_MISS/200 17262 GET 
> http://us.f318.mail.yahoo.com/ym/login? - DIRECT/68.142.207.12 text/html
> 1175799304.308  10845 192.168.1.100 TCP_MISS/200 4636 CONNECT 
> gmail.google.com:443 - DIRECT/64.233.163.107 -
> 1175799304.503  11041 192.168.1.100 TCP_MISS/200 5532 CONNECT 
> gmail.google.com:443 - DIRECT/64.233.163.107 -

Here's my confusion.  What IP address are you making your tests from?  
Obviously 192.168.1.100 is experiencing success using the proxy.

> # tail store.log

The Store log just shows what objects are being cached and purged.  
Nothing useful for this problem.

> # tail -n 25 cache.log
> 2007/04/05 08:39:58| Initialising SSL.
> 2007/04/05 08:39:58| parseEtcHosts: /etc/hosts: (13) Permission denied

Hmmm...  You might want to have a look at this.  Why is the hosts file 
not world readable?

> 2007/04/05 08:39:58| User-Agent logging is disabled.
> 2007/04/05 08:39:58| Referer logging is disabled.
> 2007/04/05 08:39:58| DNS Socket created at 0.0.0.0, port 1330, FD 8
> 2007/04/05 08:39:58| Adding domain adams-lan.local from /etc/resolv.conf
> 2007/04/05 08:39:58| Adding nameserver 205.171.2.65 from /etc/resolv.conf
> 2007/04/05 08:39:58| Adding nameserver 205.171.3.65 from /etc/resolv.conf
> 2007/04/05 08:39:58| Adding nameserver 192.168.1.105 from 
> /etc/resolv.conf
> 2007/04/05 08:39:58| Accepting proxy HTTP connections at 0.0.0.0, port 
> 3128, FD 9.
> 2007/04/05 08:39:58| Accepting proxy HTTP connections at 0.0.0.0, port 
> 8080, FD 10.
> 2007/04/05 08:39:58| Accepting ICP messages at 0.0.0.0, port 3130, FD 11.
> 2007/04/05 08:39:58| Accepting HTCP messages on port 4827, FD 12.
> 2007/04/05 08:39:58| Accepting SNMP messages on port 3401, FD 14.
> 2007/04/05 08:39:58| WCCP Disabled.
> 2007/04/05 08:39:58| Pinger socket opened on FD 15
> 2007/04/05 08:39:58| Loaded Icons.
> 2007/04/05 08:39:58| eventCleanup
> 2007/04/05 08:39:58| Ready to serve requests.
> 2007/04/05 09:00:24| icmpSend: send: (111) Connection refused
> 2007/04/05 09:00:24| Closing Pinger socket on FD 15
> 2007/04/05 09:22:44| NETDB state saved; 0 entries, 0 msec
> 2007/04/05 10:23:45| NETDB state saved; 0 entries, 0 msec
> 2007/04/05 11:34:43| NETDB state saved; 0 entries, 0 msec
> 2007/04/05 12:28:23| NETDB state saved; 0 entries, 0 msec
>
>
> Anybody know what is oing on here?

Given the evidence presented, not really.  The access log gives time in 
GMT and the cache log gives time in local time (without specifying what 
time zone is used) so there's really no correlating the two.  In any 
case, Squid appears to be starting, and is serving requests for the 
computer at 192.168.1.100.  Which indicates to me it's not a direct 
problem with Squid.

> Thanks.
>
> Mark

Chris