Hi all,
I'm having an issue with the squid server I setup on Openbsd 4.2-stable.
Clients are coming on 10.X.X.X (virtual IP) port 8080 and requests are
made to parent proxy server from 10.X.X.Y to 10.2.5.1 port 8080
As you can see below (cache.log) I got a lot of "TCP connection to
parent proxy server failed"...
For sure, the parent is listening on port 8080.
I deactivated the firewall rules to check whether it was the one
"dropping" the connections but i got the same results... tcp
connection failed...
Let me know if you need further details / explanations ... in the
meantime do you have any ideas on what's going on ?
Thanks,
Regards,
Josh
# squid -v
Squid Cache: Version 2.6.STABLE13
configure options: '--datadir=/usr/local/share/squid'
'--localstatedir=/var/squid' '--disable-linux-netfilter'
'--disable-linux-tproxy' '--disable-epoll' '--enable-arp-acl'
'--enable-async-io' '--enable-auth=basic digest ntlm'
'--enable-basic-auth-helpers=NCSA YP'
'--enable-digest-auth-helpers=password' '--enable-cache-digests'
'--enable-large-cache-files' '--enable-carp' '--enable-delay-pools'
'--enable-external-acl-helpers=ip_user session unix_group
wbinfo_group' '--enable-htcp' '--enable-ntlm-auth-helpers=SMB'
'--enable-referer-log' '--enable-removal-policies=lru heap'
'--enable-snmp' '--enable-ssl' '--enable-storeio=ufs aufs coss diskd
null' '--enable-underscores' '--enable-useragent-log'
'--enable-wccpv2' '--with-aio' '--with-large-files' '--with-pthreads'
'--with-maxfd=32768' 'CPPFLAGS=-I/usr/local/include'
'LDFLAGS=-L/usr/local/lib' 'CFLAGS=-DNUMTHREADS=128'
'--prefix=/usr/local' '--sysconfdir=/etc' '--mandir=/usr/local/man'
'--infodir=/usr/local/info' 'CC=cc'
# cat /etc/squid/squid.conf
http_port 8080
icp_port 0
cache_peer 10.2.5.1 parent 8080 0 default no-query no-digest no-netdb-exchange
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 640 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
maximum_object_size_in_memory 16 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /var/squid/cache 60000 16 256
access_log /var/squid/logs/access.log squid
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
half_closed_clients off
shutdown_lifetime 5 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 554
acl Safe_ports port 1755
acl purge method PURGE
acl CONNECT method CONNECT
acl snmppublic snmp_community public
acl corpnet dstdomain .corp.local
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow CONNECT SSL_ports
http_access allow Safe_ports
http_access deny all
httpd_suppress_version_string on
visible_hostname proxy
memory_pools off
log_icp_queries off
client_db off
buffered_logs on
never_direct deny corpnet
never_direct allow all
coredump_dir /var/squid/logs
pipeline_prefetch on
cache.log:
---- snip ----
2008/04/01 17:47:46| Starting Squid Cache version 2.6.STABLE13 for
x86_64-unknown-openbsd4.2...
2008/04/01 17:47:46| Process ID 23178
2008/04/01 17:47:46| With 32768 file descriptors available
2008/04/01 17:47:46| Using kqueue for the IO loop
2008/04/01 17:47:46| DNS Socket created at 0.0.0.0, port 11217, FD 8
2008/04/01 17:47:46| Adding nameserver 10.5.1.1 from /etc/resolv.conf
2008/04/01 17:47:46| Adding nameserver 10.1.9.5 from /etc/resolv.conf
2008/04/01 17:47:46| Adding nameserver 10.1.15.15 from /etc/resolv.conf
2008/04/01 17:47:46| User-Agent logging is disabled.
2008/04/01 17:47:46| Referer logging is disabled.
2008/04/01 17:47:46| Unlinkd pipe opened on FD 13
2008/04/01 17:47:46| Swap maxSize 61440000 KB, estimated 4726153 objects
2008/04/01 17:47:46| Target number of buckets: 236307
2008/04/01 17:47:46| Using 262144 Store buckets
2008/04/01 17:47:46| Max Mem size: 655360 KB
2008/04/01 17:47:46| Max Swap size: 61440000 KB
2008/04/01 17:47:46| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2008/04/01 17:47:46| Rebuilding storage in /var/squid/cache (DIRTY)
2008/04/01 17:47:46| Using Least Load store dir selection
2008/04/01 17:47:46| Set Current Directory to /var/squid/logs
2008/04/01 17:47:46| Loaded Icons.
2008/04/01 17:47:47| Accepting proxy HTTP connections at 0.0.0.0, port
8080, FD 17.
2008/04/01 17:47:47| Accepting HTCP messages on port 4827, FD 18.
2008/04/01 17:47:47| Accepting SNMP messages on port 3401, FD 19.
2008/04/01 17:47:47| WCCP Disabled.
2008/04/01 17:47:47| Configuring Parent 10.2.5.1/8080/0
2008/04/01 17:47:47| Ready to serve requests.
2008/04/01 17:47:47| Store rebuilding is 10.6% complete
2008/04/01 17:47:47| Done reading /var/squid/cache swaplog (40652 entries)
2008/04/01 17:47:47| Finished rebuilding storage from disk.
2008/04/01 17:47:47| 38942 Entries scanned
2008/04/01 17:47:47| 0 Invalid entries.
2008/04/01 17:47:47| 0 With invalid flags.
2008/04/01 17:47:47| 38942 Objects loaded.
2008/04/01 17:47:47| 0 Objects expired.
2008/04/01 17:47:47| 1710 Objects cancelled.
2008/04/01 17:47:47| 0 Duplicate URLs purged.
2008/04/01 17:47:47| 0 Swapfile clashes avoided.
2008/04/01 17:47:47| Took 0.8 seconds (49269.1 objects/sec).
2008/04/01 17:47:47| Beginning Validation Procedure
2008/04/01 17:47:47| Completed Validation Procedure
2008/04/01 17:47:47| Validated 37232 Entries
2008/04/01 17:47:47| store_swap_size = 436234k
2008/04/01 17:47:47| storeLateRelease: released 0 objects
2008/04/01 18:40:17| TCP connection to 10.22.52.1/8080 failed
2008/04/01 18:40:22| TCP connection to 10.22.52.1/8080 failed
2008/04/01 18:40:24| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:40:32| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:40:38| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:40:39| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:40:39| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:40:40| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:40:47| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:40:50| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:33| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:34| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:35| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:35| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:45| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:45| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:48| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:49| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:41:53| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:42:02| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:42:04| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:42:24| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:42:40| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:42:42| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:42:47| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:43:02| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:43:04| TCP connection to 10.2.5.1/8080 failed
2008/04/01 18:43:20| TCP connection to 10.2.5.1/8080 failed
------ snip ------
# cat /etc/pf.conf
ext_if="em0"
int_if="em1"
vip_ip="10.x.x.x/32"
tcp_services_general="{ 22 443 8080 }"
tcp_services_vip="{ 8080 }"
icmp_types="echoreq"
set limit { states 65536, src-nodes 65536, frags 32768, tables 10000,
table-entries 500000 }
set block-policy drop
set loginterface $ext_if
set require-order yes
set skip on lo
scrub all
rdr on $ext_if proto tcp to port www -> $ext_if port 8080
block all
pass out quick on $ext_if proto { udp icmp } all keep state
pass out quick on $ext_if proto tcp all modulate state
pass quick on $int_if
pass quick on $ext_if proto carp keep state
antispoof quick for { lo $int_if $ext_if }
pass in quick on $ext_if inet proto tcp from any to $ext_if \
port $tcp_services_general modulate state
pass in quick on $ext_if inet proto tcp from any to $vip_ip \
port $tcp_services_vip modulate state
pass in inet proto icmp all icmp-type $icmp_types keep state
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33168
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:63:48:cc
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 10.x.x.y netmask 0xffffff00 broadcast 10.x.x.255
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:63:48:cd
media: Ethernet autoselect (none)
status: no carrier
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
enc0: flags=0<> mtu 1536
pfsync0: flags=41<UP,RUNNING> mtu 1460
pfsync: syncdev: em1 syncpeer: 224.0.0.240 maxupd: 128
groups: carp pfsync
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33168
groups: pflog
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 0
groups: carp
inet 10.x.x.x netmask 0xffffff00 broadcast 10.x.x.255
