> Hi, > > and thanks for replying. > > > What's the output of "http_proxy=http://localhost:3128 wget -O > /dev/null > > -S http://www.google.fr/";? > ---------------------- > # http_proxy=http://localhost:3128 wget -O /dev/null -S > http://www.google.fr/ > --00:23:13-- http://www.google.fr/ > Resolving localhost... 127.0.0.1 > Connecting to localhost|127.0.0.1|:3128... connected. > Proxy request sent, awaiting response... > HTTP/1.0 503 Service Unavailable > Server: squid/2.6.STABLE6 > Date: Wed, 04 Mar 2009 23:23:13 GMT > Content-Type: text/html > Content-Length: 1137 > Expires: Wed, 04 Mar 2009 23:23:13 GMT > X-Squid-Error: ERR_DNS_FAIL 0 > X-Cache: MISS from gw-gridmip.cict.fr > X-Cache-Lookup: MISS from gw-gridmip.cict.fr:3128 > Via: 1.0 gw-gridmip.cict.fr:3128 (squid/2.6.STABLE6) > Proxy-Connection: close > 00:23:13 ERROR 503: Service Unavailable. > ---------------------- > > Actually, it seems that squid only takes the first DNS listed in > /etc/resolv.conf. If it fails, then > it does not contact the second one. wget does. > The first DNS listed is actually localhost, dedicated to the LAN. I should > configure it to forward > the requests that it cannot resolve to some masters and then send back the > answer. > I do not know yet how to do, but the important thing here is that it is no > squid problem. > > Thanks again for your tip. > > Philippe > Ah, that was fixed at some point. The current squid all use /etc/reoslv.conf a lot better. Amos > > Chris Robertson a écrit : >> Philippe Combes wrote: >>> Hi all, >>> >>> I am a newbie to squid. And I have struggled with its configuration >>> file for several days, until I got all the desired acl's correctly set. >>> Then I tried my configuration using wget and... 503. >>> I fell back to a minimal totally open configuration: >>> ---------------------- >>> http_port 3128 >>> emulate_httpd_log on >>> debug_options ALL,5 >>> negative_ttl 0 >>> >>> acl all src 0.0.0.0/0.0.0.0 >>> acl allsites dst 0.0.0.0/0.0.0.0 >>> acl localhost src 127.0.0.1/255.255.255.255 >>> acl to_localhost dst 127.0.0.0/8 >>> acl SSL_ports port 443 563 >>> acl Safe_ports port 80 20 21 443 563 70 210 1025-65535 >>> acl CONNECT method CONNECT >>> acl mysite src localhost 192.168.0.0/30 172.16.112.0/24 >>> >>> http_access allow CONNECT >>> http_access allow Safe_ports >>> http_access allow all >>> http_access allow allsites >>> http_reply_access allow all >>> >>> coredump_dir /var/spool/squid >>> ---------------------- >>> >>> But still, I get: >>> ---------------------- >>> # wget -O - http://www.google.fr/ > /dev/null >>> --22:29:34-- http://www.google.fr/ >>> Resolving www.google.fr... 74.125.39.147, 74.125.39.99, 74.125.39.103, >>> ... >>> Connecting to www.google.fr|74.125.39.147|:80... connected. >>> HTTP request sent, awaiting response... 200 OK >>> Length: unspecified [text/html] >>> Saving to: `STDOUT' >>> >>> [ <=> ] >>> 5,852 --.-K/s in 0.02s >>> >>> 22:29:35 (266 KB/s) - `-' saved [5852] >>> >>> ######## everything is OK so far >>> >>> # http_proxy=http://localhost:3128 wget -O - http://www.google.fr/ > >>> /dev/null >>> --22:30:31-- http://www.google.fr/ >>> Resolving localhost... 127.0.0.1 >>> Connecting to localhost|127.0.0.1|:3128... connected. >>> Proxy request sent, awaiting response... 503 Service Unavailable >>> 22:30:31 ERROR 503: Service Unavailable. >>> ---------------------- >>> >>> Obviously, it is bound to squid. I run CentOS on x86_64 architecture. >>> I do not join the log files here, because I found them not very >>> helpful, only logging that there was an 503, without giving more >>> information about it. >>> I really do not know what to try now, and any clue would be very >>> welcome and helpful. >> >> What's the output of "cat /selinux/enforce"? > > No such file :) > > >> What's the output of "http_proxy=http://localhost:3128 wget -O /dev/null >> -S http://www.google.fr/";? > # http_proxy=http://localhost:3128 wget -O /dev/null -S > http://www.google.fr/ > --00:23:13-- http://www.google.fr/ > Resolving localhost... 127.0.0.1 > Connecting to localhost|127.0.0.1|:3128... connected. > Proxy request sent, awaiting response... > HTTP/1.0 503 Service Unavailable > Server: squid/2.6.STABLE6 > Date: Wed, 04 Mar 2009 23:23:13 GMT > Content-Type: text/html > Content-Length: 1137 > Expires: Wed, 04 Mar 2009 23:23:13 GMT > X-Squid-Error: ERR_DNS_FAIL 0 > X-Cache: MISS from gw-gridmip.cict.fr > X-Cache-Lookup: MISS from gw-gridmip.cict.fr:3128 > Via: 1.0 gw-gridmip.cict.fr:3128 (squid/2.6.STABLE6) > Proxy-Connection: close > 00:23:13 ERROR 503: Service Unavailable. > > >> >> Also you might want to change your debug options to "ALL,1 5,5" to just >> get verbose logging related to the socket operations. The debug logging >> will appear in the cache_log. > > I increased the debug logging level as you suggested and, because of the > output above, I added: > dns_nameservers 127.0.0.1 > for the nameserver of the squid host is also a DNS. Same error. > I isolated the part in cache.log that seems to be related to the request > above (before and after > having added the dns_nameserver, it is the same, for /etc/resolv.conf > points at 127.0.0.1 too): > -------------- > 2009/03/05 00:23:12| commSetSelect: FD 10 type 1 > 2009/03/05 00:23:12| comm_add_close_handler: FD 12, handler=0x42948f, > data=0x140a6858 > 2009/03/05 00:23:12| commSetTimeout: FD 12 timeout 300 > 2009/03/05 00:23:12| commSetSelect: FD 12 type 1 > 2009/03/05 00:23:12| comm_accept: FD 10: (11) Resource temporarily > unavailable > 2009/03/05 00:23:13| comm_select: timeout 194 > 2009/03/05 00:23:13| commSetTimeout: FD 12 timeout 86400 > 2009/03/05 00:23:13| comm_open: FD 13 is a new socket > 2009/03/05 00:23:13| comm_add_close_handler: FD 13, handler=0x434d26, > data=0x140a7278 > 2009/03/05 00:23:13| commSetTimeout: FD 13 timeout 60 > 2009/03/05 00:23:13| commConnectStart: FD 13, www.google.fr:80 > 2009/03/05 00:23:13| comm_add_close_handler: FD 13, handler=0x42ac97, > data=0x140a6b58 > 2009/03/05 00:23:13| commSetSelect: FD 5 type 1 > 2009/03/05 00:23:13| commSetSelect: FD 12 type 1 > 2009/03/05 00:23:13| comm_select: timeout 194 > 2009/03/05 00:23:13| commConnectDnsHandle: Unknown host: www.google.fr > 2009/03/05 00:23:13| comm_remove_close_handler: FD 13, handler=0x42ac97, > data=0x140a6b58 > 2009/03/05 00:23:13| commSetTimeout: FD 13 timeout -1 > 2009/03/05 00:23:13| commConnectFree: FD 13 > 2009/03/05 00:23:13| comm_close: FD 13 > 2009/03/05 00:23:13| commCallCloseHandlers: FD 13 > 2009/03/05 00:23:13| commCallCloseHandlers: ch->handler=0x434d26 > 2009/03/05 00:23:13| comm_write: FD 12: sz 1524: hndl 0x424c00: data > 0x1412e0c8. > 2009/03/05 00:23:13| commSetSelect: FD 12 type 2 > 2009/03/05 00:23:13| comm_select: timeout 193 > 2009/03/05 00:23:13| commHandleWrite: FD 12: off 0, sz 1524. > 2009/03/05 00:23:13| commHandleWrite: write() returns 1524 > 2009/03/05 00:23:13| comm_close: FD 12 > 2009/03/05 00:23:13| commCallCloseHandlers: FD 12 > 2009/03/05 00:23:13| commCallCloseHandlers: ch->handler=0x42948f > ---------------- > >> >>> >>> >>> Thanks in advance, >>> >>> Philippe >> >> Chris >
