Hi,
I am facing a wierd problem with my squid setup. I've installed squid on
a Dual Core machine with 2 GB of RAM and plenty of HDD space available.
Problem: When users try to open different websites (specially on bbc
domain and on many other sites) they encountered following error: But
when i try this URL form a different gateway that does not run squid,
page opens successfully. I am running shorewall on this server for
NATTING/Firewalling and REDIREC-ting port 80 traffic to squid as
follows: (squid running on port 4040) and I've opened port 4040 on
systems firewall.
#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT(S) DEST
ACCEPT $FW net tcp www
REDIRECT loc 4040 tcp www -
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
The following error was encountered while trying to retrieve the URL:
http://news.bbc.co.uk/1/hi/world/asia-pacific/8397717.stm
Connection to 212.58.226.142 failed.
The system returned: (111) Connection refused
The remote host or network may be down. Please try the request again.
Your cache administrator is root.
--------------------------------------------------------------------------------
Generated Sun, 06 Dec 2009 17:51:35 GMT by LIANA (squid/3.0.STABLE20)
My squid.conf is as follows:
===================
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl folio3Network src 192.168.4.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl super_users src "/etc/squid/f3_acls/super_users.acl"
acl gerrys_users src "/etc/squid/f3_acls/gerrys_groups.acl"
acl netsat_users src "/etc/squid/f3_acls/netsat_groups.acl"
acl managers src "/etc/squid/f3_acls/managers.acl"
acl blocked_sites dstdomain "/etc/squid/f3_acls/blocked_sites.acl"
acl blocked_request_mt req_mime_type -i
"/etc/squid/f3_acls/blocked_mimetypes.acl"
acl blocked_reply_mt rep_mime_type -i
"/etc/squid/f3_acls/blocked_mimetypes.acl"
acl gaming_sites dstdomain "/etc/squid/f3_acls/gaming_sites.acl"
acl server_machines src "/etc/squid/f3_acls/server_machines.acl"
acl working_hours time MTWHF 09:00-12:30
acl working_hours time MTWHF 14:00-18:30
acl gaming_hours time MTWHF 21:00-23:59
acl gaming_hours time MTWHF 01:00-07:00
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow super_users
http_access deny working_hours blocked_sites
http_access deny working_hours blocked_request_mt
http_access deny !gaming_hours gaming_sites
http_access allow managers
http_access allow gerrys_users
http_access allow server_machines
http_access allow localhost
http_access deny all
http_reply_access deny working_hours blocked_reply_mt
icp_access allow folio3Network
icp_access deny all
htcp_access allow folio3Network
htcp_access deny all
http_port 4040 transparent
hierarchy_stoplist cgi-bin ?
cache_dir aufs /var/spool/squid 10240 16 256
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname LIANA
icp_port 3130
coredump_dir /var/spool/squid
Any idea what might be going wrong? Some times I suspect it could be a
DNS issue but then why every thing works fine if I turn off squid and
browse through shorewall only?
--
Regards,
Asim Ahmed Khan
IT Manager,
Folio3 (Pvt.) Ltd. www.folio3.com
Direct: 92-21-4323721-4 Ext 110
Email: aahmed@xxxxxxxxxx