Issues with Tproxy setup

trasor <trasor@xxxxxxxxx> · Tue, 24 Mar 2009 13:40:21 -0400

First let me apologize for the repost as not finding a place to post a 
reply.  Second there was a typo in my previous message, Amos pointed 
out, should have been iptables 1.4.0 with patch.  That said, I dumped 
the entire OS this morning for a clean start.  Downloaded, compiled, 
menuconfiged, installed and rebooted into new kernel-2.6.28.3.  From 
there I downloaded iptables-1.4.3 and installed.  Then I downloaded and 
installed squid-3.1.0.6 and configured with --enable-linux-netfilter.  
Created the iptables as per the Features/TPROXY document.  I also added 
the iprules information as specified.  At this point I am stuck.  For 
testing I have set my browser to use a proxy on port 3128 whereby it 
does contact the squid server and a 'tail -f /var/logs/access.log' does 
indeed some my PC accessing the cache server.  However, irregardless of 
what I look up, either squid crashes and has to be restarted or my 
connection timesout and says 'done' at bottom of page.  I am also seeing 
increments in the cache.log with a line that says 'assertion failed: 
store_swapout.cc:315 "mem->swapout.sio == self"'. I am including the 
squid.conf file, /boot/grub/menu.lst, /var/logs/access.log and 
/var/logs/cache.log incase they may be of use.

*squid.conf file:*

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src X.X.X.0/20
acl localnet src X.X.X.0/20   acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
http_port 3128
http_port 3129 tproxy
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320
coredump_dir /cache
cache_dir ufs /cache 100 16 256
access_log /var/logs/access.log squid
cache_log /var/logs/cache.log
cache_store_log /var/logs/store.log

*/boot/grub/menu.lst :
*
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.28.3)
  root (hd0,0)
  kernel /vmlinuz-2.6.28.3 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
  initrd /initrd-2.6.28.3.img
title Fedora (2.6.23.1-42.fc8)
  root (hd0,0)
  kernel /vmlinuz-2.6.23.1-42.fc8 ro root=/dev/VolGroup00/LogVol00 rhgb 
quiet
  initrd /initrd-2.6.23.1-42.fc8.img

*access.log:*

1237900215.662  22734 64.201.81.159 TCP_MISS/000 0 GET 
http://google.com/ - DIRECT/google.com -
1237900429.765  18014 64.201.81.159 TCP_MISS/000 0 GET 
http://google.com/ - DIRECT/google.com -
1237900664.685    385 64.201.81.159 TCP_MISS/200 3064 GET 
http://www.google.com/firefox? - DIRECT/74.125.113.104 text/html
1237900664.876     45 64.201.81.159 TCP_SWAPFAIL_MISS/304 248 GET 
http://www.google.com/images/firefox/gradsprite.png - 
DIRECT/74.125.113.104 -
1237900664.928     92 64.201.81.159 TCP_MISS/304 249 GET 
http://www.google.com/images/firefox/firefox.png - DIRECT/74.125.113.104 -
1237900664.939     92 64.201.81.159 TCP_SWAPFAIL_MISS/304 248 GET 
http://www.google.com/images/firefox/sprite.png - DIRECT/74.125.113.104 -
1237900664.963     58 64.201.81.159 TCP_MISS/304 227 GET 
http://www.google.com/extern_js/f/CgJlbhICdXMrMAo4DSwrMA44BCwrMBY4CCwrMBc4ASwrMBg4AywrMCU4yYgBLCswJzgALA/S2Es8Zeync8.js 
- DIRECT/74.125.113.104 text/html
1237900672.186    233 64.201.81.159 TCP_MISS/200 8964 GET 
http://www.google.com/search? - DIRECT/74.125.113.104 text/html
1237900679.219     64 64.201.81.159 TCP_MISS/000 0 GET 
http://www.google.com/url? - DIRECT/74.125.113.103 -
1237900683.492    135 64.201.81.159 TCP_MISS/404 1339 GET 
http://www.howtomakeatoga.info/favicon.ico - DIRECT/74.208.137.89 text/html
1237900688.191    286 64.201.81.159 TCP_MISS/301 503 GET http://msn.com/ 
- DIRECT/207.68.172.246 text/html
1237900688.644    448 64.201.81.159 TCP_MISS/200 16696 GET 
http://www.msn.com/ - DIRECT/207.68.173.76 text/html
1237901068.543    371 64.201.81.159 TCP_MISS/200 16718 GET 
http://www.msn.com/ - DIRECT/65.54.152.225 text/html
1237901083.356     99 64.201.81.159 TCP_MISS/200 3203 GET 
http://www.google.com/ - DIRECT/74.125.113.99 text/html
1237901731.309     99 64.201.81.159 TCP_MISS/200 3203 GET 
http://www.google.com/ - DIRECT/74.125.113.99 text/html
1237901740.610    106 64.201.81.159 TCP_MISS/200 3100 GET 
http://www.google.com/firefox? - DIRECT/74.125.113.99 text/html
1237901741.455     45 64.201.81.159 TCP_SWAPFAIL_MISS/304 272 GET 
http://www.google.com/images/firefox/gradsprite.png - 
DIRECT/74.125.113.99 -
1237901755.203     97 64.201.81.159 TCP_MISS/200 3119 GET 
http://www.google.com/firefox? - DIRECT/74.125.113.99 text/html
1237901755.268     45 64.201.81.159 TCP_SWAPFAIL_MISS/304 272 GET 
http://www.google.com/images/firefox/gradsprite.png - 
DIRECT/74.125.113.99 -
1237901755.314     90 64.201.81.159 TCP_MISS/304 271 GET 
http://www.google.com/images/firefox/tshirt2.png - DIRECT/74.125.113.99 -
1237901867.087  55950 64.201.81.159 TCP_MISS/000 0 GET 
http://www.google.com/ - DIRECT/www.google.com -
1237901874.916     97 64.201.81.159 TCP_MISS/200 3119 GET 
http://www.google.com/firefox? - DIRECT/74.125.113.99 text/html
1237901874.973     45 64.201.81.159 TCP_SWAPFAIL_MISS/304 272 GET 
http://www.google.com/images/firefox/gradsprite.png - 
DIRECT/74.125.113.99 -
1237901875.023     91 64.201.81.159 TCP_MISS/304 271 GET 
http://www.google.com/images/firefox/tshirt2.png - DIRECT/74.125.113.99 -
1237902391.158      0 222.215.230.49 TCP_DENIED/403 3479 GET 
http://pv.wantsfly.com/prx1.php? - NONE/- text/html

*cache.log:

*2009/03/24 10:31:05| Starting Squid Cache version 3.1.0.6 for 
x86_64-unknown-linux-gnu...
2009/03/24 10:31:05| Process ID 12472
2009/03/24 10:31:05| With 1024 file descriptors available
2009/03/24 10:31:05| Initializing IP Cache...
2009/03/24 10:31:05| DNS Socket created at [::], FD 7
2009/03/24 10:31:05| Adding domain lhtot.com from /etc/resolv.conf
2009/03/24 10:31:05| Adding nameserver x.x.x.x from /etc/resolv.conf  
---address removed
2009/03/24 10:31:05| Adding nameserver x.x.x.x from /etc/resolv.conf  
---address removed
2009/03/24 10:31:06| Unlinkd pipe opened on FD 12
2009/03/24 10:31:06| Swap maxSize 1024000 KB, estimated 78769 objects
2009/03/24 10:31:06| Target number of buckets: 3938
2009/03/24 10:31:06| Using 8192 Store buckets
2009/03/24 10:31:06| Max Mem  size: 262144 KB
2009/03/24 10:31:06| Max Swap size: 1024000 KB
2009/03/24 10:31:06| Version 1 of swap file without LFS support detected...
2009/03/24 10:31:06| Rebuilding storage in /cache (DIRTY)
2009/03/24 10:31:06| Using Least Load store dir selection
2009/03/24 10:31:06| Set Current Directory to /cache
2009/03/24 10:31:06| Loaded Icons.
2009/03/24 10:31:06| Accepting  HTTP connections at [::]:3128, FD 16.
2009/03/24 10:31:06| Accepting  spoofing HTTP connections at 
0.0.0.0:3129, FD 17.
2009/03/24 10:31:06| HTCP Disabled.
2009/03/24 10:31:06| Squid modules loaded: 0
2009/03/24 10:31:06| Ready to serve requests.
2009/03/24 10:31:06| Done reading /cache swaplog (3245 entries)
2009/03/24 10:31:06| Finished rebuilding storage from disk.
2009/03/24 10:31:06|      3227 Entries scanned
2009/03/24 10:31:06|         0 Invalid entries.
2009/03/24 10:31:06|         0 With invalid flags.
2009/03/24 10:31:06|      3209 Objects loaded.
2009/03/24 10:31:06|         0 Objects expired.
2009/03/24 10:31:06|        18 Objects cancelled.
2009/03/24 10:31:06|         0 Duplicate URLs purged.
2009/03/24 10:31:06|         0 Swapfile clashes avoided.
2009/03/24 10:31:06|   Took 0.02 seconds (172119.72 objects/sec).
2009/03/24 10:31:06| Beginning Validation Procedure
2009/03/24 10:31:06|   Completed Validation Procedure
2009/03/24 10:31:06|   Validated 6443 Entries
2009/03/24 10:31:06|   store_swap_size = 32364
2009/03/24 10:31:07| storeLateRelease: released 0 objects
2009/03/24 10:31:20| assertion failed: store_swapout.cc:315: 
"mem->swapout.sio == self"
2009/03/24 10:31:23| Starting Squid Cache version 3.1.0.6 for 
x86_64-unknown-linux-gnu...
2009/03/24 10:31:23| Process ID 12475
2009/03/24 10:31:23| With 1024 file descriptors available
2009/03/24 10:31:23| Initializing IP Cache...
2009/03/24 10:31:23| DNS Socket created at [::], FD 7
2009/03/24 10:31:23| Adding domain lhtot.com from /etc/resolv.conf
2009/03/24 10:31:23| Adding nameserver x.x.x.x from /etc/resolv.conf  
---address removed
2009/03/24 10:31:23| Adding nameserver x.x.x.x from /etc/resolv.conf  
---address removed
2009/03/24 10:31:23| Unlinkd pipe opened on FD 12
2009/03/24 10:31:23| Swap maxSize 1024000 KB, estimated 78769 objects
2009/03/24 10:31:23| Target number of buckets: 3938
2009/03/24 10:31:23| Using 8192 Store buckets
2009/03/24 10:31:23| Max Mem  size: 262144 KB
2009/03/24 10:31:23| Max Swap size: 1024000 KB
2009/03/24 10:31:23| Version 1 of swap file without LFS support detected...
2009/03/24 10:31:23| Rebuilding storage in /cache (DIRTY)
2009/03/24 10:31:23| Using Least Load store dir selection
2009/03/24 10:31:23| Set Current Directory to /cache
2009/03/24 10:31:23| Loaded Icons.
2009/03/24 10:31:23| Accepting  HTTP connections at [::]:3128, FD 16.
2009/03/24 10:31:23| Accepting  spoofing HTTP connections at 
0.0.0.0:3129, FD 17.
2009/03/24 10:31:23| HTCP Disabled.
2009/03/24 10:31:23| Squid modules loaded: 0
2009/03/24 10:31:23| Ready to serve requests.
2009/03/24 10:31:23| Done reading /cache swaplog (3245 entries)
2009/03/24 10:31:23| Finished rebuilding storage from disk.
2009/03/24 10:31:23|      3227 Entries scanned
2009/03/24 10:31:23|         0 Invalid entries.
2009/03/24 10:31:23|         0 With invalid flags.
2009/03/24 10:31:23|      3209 Objects loaded.
2009/03/24 10:31:23|         0 Objects expired.
2009/03/24 10:31:23|        18 Objects cancelled.
2009/03/24 10:31:23|         0 Duplicate URLs purged.
2009/03/24 10:31:23|         0 Swapfile clashes avoided.
2009/03/24 10:31:23|   Took 0.02 seconds (174383.22 objects/sec).
2009/03/24 10:31:23| Beginning Validation Procedure
2009/03/24 10:31:23|   Completed Validation Procedure
2009/03/24 10:31:23|   Validated 6443 Entries
2009/03/24 10:31:23|   store_swap_size = 32364
2009/03/24 10:31:24| storeLateRelease: released 0 objects
2009/03/24 10:31:24| assertion failed: store_swapout.cc:315: 
"mem->swapout.sio == self"
2009/03/24 10:31:27| Starting Squid Cache version 3.1.0.6 for 
x86_64-unknown-linux-gnu...
2009/03/24 10:31:27| Process ID 12479
2009/03/24 10:31:27| With 1024 file descriptors available
2009/03/24 10:31:27| Initializing IP Cache...
2009/03/24 10:31:27| DNS Socket created at [::], FD 7
2009/03/24 10:31:27| Adding domain lhtot.com from /etc/resolv.conf
2009/03/24 10:31:27| Adding nameserver x.x.x.x from /etc/resolv.conf  
---address removed
2009/03/24 10:31:27| Adding nameserver x.x.x.x from /etc/resolv.conf  
---address removed
2009/03/24 10:31:27| Unlinkd pipe opened on FD 12
2009/03/24 10:31:27| Swap maxSize 1024000 KB, estimated 78769 objects
2009/03/24 10:31:27| Target number of buckets: 3938
2009/03/24 10:31:27| Using 8192 Store buckets
2009/03/24 10:31:27| Max Mem  size: 262144 KB
2009/03/24 10:31:27| Max Swap size: 1024000 KB
2009/03/24 10:31:27| Version 1 of swap file without LFS support detected...
2009/03/24 10:31:27| Rebuilding storage in /cache (DIRTY)
2009/03/24 10:31:27| Using Least Load store dir selection
2009/03/24 10:31:27| Set Current Directory to /cache
2009/03/24 10:31:27| Loaded Icons.
2009/03/24 10:31:27| Accepting  HTTP connections at [::]:3128, FD 16.
2009/03/24 10:31:27| Accepting  spoofing HTTP connections at 
0.0.0.0:3129, FD 17.
2009/03/24 10:31:27| HTCP Disabled.
2009/03/24 10:31:27| Squid modules loaded: 0
2009/03/24 10:31:27| Ready to serve requests.
2009/03/24 10:31:27| Done reading /cache swaplog (3245 entries)
2009/03/24 10:31:27| Finished rebuilding storage from disk.
2009/03/24 10:31:27|      3227 Entries scanned
2009/03/24 10:31:27|         0 Invalid entries.
2009/03/24 10:31:27|         0 With invalid flags.*

*
I appreciate any help.

Tom