Re: Squid not working for me

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Dave Coventry wrote:
> I cannot get squid to work on Ubuntu 7.10.
>
> I have a DHCP server (IP 192.168.60.254, named 'Base') set uo on the
> Ubuntu box which is correctly allocating IPs in the range
> 192.168.60.100-192.168.60.199 on eth1.
>
> I have eth0 connecting to my router/ADSL Modem and acquiring an IP through DHCP.
>
> I have a laptop running XP (Home) connected to eth1 which reports the
> following in response to 'ipconfig'
>
> IP Address ..........192.168.60.199
> Default Gateway....192.168.60.254
>
> My Squid /etc/squid/squid.conf is as follows:
>
> ############### squid.conf #####################
> http_port 3128 transparent

To operate transparent you need:
- squid built with --enable-linux-netfilter on ubuntu
- iptables setup with REDIRECT or DNAT properly


> http_port 192.168.60:80 vhost vport=8080

So this is a webserver accelerator too?
Think about adding defaultsite= option to cope with the many broken web 
clients that may be accessing your server.

This port is also the cause of your problem. You are running squid as a 
non-privileged user. To access a special port <1024 you MUST run squid 
as root and let it drop down to unprivileged by itself at the right times.

> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> access_log /var/log/squid/access.log squid
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern .               0       20%     4320
> acl all src 0.0.0.0/0.0.0.0
> acl IQNetwork src 192.168.60.0/255.255.255.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl SSL_ports port 563 # snews
> acl SSL_ports port 873 # rsync
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 631 # cups
> acl Safe_ports port 873 # rsync
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
>
> http_access allow IQNetwork

This might be better after some initial CONNECT etc. protection.

> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access deny all
> icp_access allow all
> cache_effective_user squid
> cache_effective_group squid
> visible_hostname Base
> ############ end of squid.conf ##################
>
> My /var/log/squid/cache.log looks like this:
>
> ################ cache.log ##################
> 2008/01/04 20:13:48| Starting Squid Cache version 2.6.STABLE14 for
> i386-debian-linux-gnu...
> 2008/01/04 20:13:48| Process ID 8698
> 2008/01/04 20:13:48| With 1024 file descriptors available
> 2008/01/04 20:13:48| Using epoll for the IO loop
> 2008/01/04 20:13:48| DNS Socket created at 0.0.0.0, port 32868, FD 6
> 2008/01/04 20:13:48| Adding nameserver 192.168.1.254 from /etc/resolv.conf
> 2008/01/04 20:13:48| User-Agent logging is disabled.
> 2008/01/04 20:13:48| Referer logging is disabled.
> 2008/01/04 20:13:48| Unlinkd pipe opened on FD 11
> 2008/01/04 20:13:48| Swap maxSize 102400 KB, estimated 7876 objects
> 2008/01/04 20:13:48| Target number of buckets: 393
> 2008/01/04 20:13:48| Using 8192 Store buckets
> 2008/01/04 20:13:48| Max Mem  size: 8192 KB
> 2008/01/04 20:13:48| Max Swap size: 102400 KB
> 2008/01/04 20:13:48| Local cache digest enabled; rebuild/rewrite every
> 3600/3600 sec
> 2008/01/04 20:13:48| Rebuilding storage in /var/spool/squid (CLEAN)
> 2008/01/04 20:13:48| Using Least Load store dir selection
> 2008/01/04 20:13:48| Current Directory is /
> 2008/01/04 20:13:48| Loaded Icons.
> 2008/01/04 20:13:48| Accepting transparently proxied HTTP connections
> at 0.0.0.0, port 3128, FD 13.
> 2008/01/04 20:13:48| commBind: Cannot bind socket FD 14 to
> 192.168.0.60:80: (99) Cannot assign requested address
> 2008/01/04 20:13:48| Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
> 2008/01/04 20:13:48| HTCP Disabled.
> 2008/01/04 20:13:48| WCCP Disabled.
> 2008/01/04 20:13:48| Ready to serve requests.
> 2008/01/04 20:13:48| Done reading /var/spool/squid swaplog (0 entries)
> 2008/01/04 20:13:48| Finished rebuilding storage from disk.
> 2008/01/04 20:13:48|         0 Entries scanned
> 2008/01/04 20:13:48|         0 Invalid entries.
> 2008/01/04 20:13:48|         0 With invalid flags.
> 2008/01/04 20:13:48|         0 Objects loaded.
> 2008/01/04 20:13:48|         0 Objects expired.
> 2008/01/04 20:13:48|         0 Objects cancelled.
> 2008/01/04 20:13:48|         0 Duplicate URLs purged.
> 2008/01/04 20:13:48|         0 Swapfile clashes avoided.
> 2008/01/04 20:13:48|   Took 0.3 seconds (   0.0 objects/sec).
> 2008/01/04 20:13:48| Beginning Validation Procedure
> 2008/01/04 20:13:48|   Completed Validation Procedure
> 2008/01/04 20:13:48|   Validated 0 Entries
> 2008/01/04 20:13:48|   store_swap_size = 0k
> 2008/01/04 20:13:49| storeLateRelease: released 0 objects
> 2008/01/04 21:09:28| Preparing for shutdown after 0 requests
> 2008/01/04 21:09:28| Waiting 30 seconds for active connections to finish
> 2008/01/04 21:09:28| FD 13 Closing HTTP connection
> 2008/01/04 21:09:28| Shutting down...
> 2008/01/04 21:09:28| FD 14 Closing ICP connection
> 2008/01/04 21:09:28| Closing unlinkd pipe on FD 11
> 2008/01/04 21:09:28| storeDirWriteCleanLogs: Starting...
> 2008/01/04 21:09:28|   Finished.  Wrote 0 entries.
> 2008/01/04 21:09:28|   Took 0.0 seconds (   0.0 entries/sec).
> CPU Usage: 0.016 seconds = 0.008 user + 0.008 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 0
> Memory usage for squid via mallinfo():
>        total space in arena:    2104 KB
>        Ordinary blocks:         2001 KB      8 blks
>        Small blocks:               0 KB      0 blks
>        Holding blocks:           240 KB      1 blks
>        Free Small blocks:          0 KB
>        Free Ordinary blocks:     102 KB
>        Total in use:            2241 KB 96%
>        Total free:               102 KB 4%
> 2008/01/04 21:09:28| Squid Cache (Version 2.6.STABLE14): Exiting normally.
> ##############end of cache.log #################
>
> My Laptop cannot access the Internet, it just says "Server not found"
>
> I have turned my firewall off with 'iptables -F'
>
> On the Ubuntu box (Base), it will connect but occasionally it too says
> "Server not found", however this is usually resolved on clicking the
> "Try Again" button.
>
> Can anyone advise me?


--
Please use Squid 2.6STABLE17 or 3.0STABLE1.
There are serious security advisories out on all earlier releases.