On Sun, 06 Dec 2009 23:08:28 +0500, "Asim Ahmed @ Folio3" <aahmed@xxxxxxxxxx> wrote: > Hi, > > I am facing a wierd problem with my squid setup. I've installed squid on > a Dual Core machine with 2 GB of RAM and plenty of HDD space available. > > Problem: When users try to open different websites (specially on bbc > domain and on many other sites) they encountered following error: But > when i try this URL form a different gateway that does not run squid, > page opens successfully. I am running shorewall on this server for > NATTING/Firewalling and REDIREC-ting port 80 traffic to squid as > follows: (squid running on port 4040) and I've opened port 4040 on > systems firewall. > > #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL > # PORT(S) DEST > ACCEPT $FW net tcp www > REDIRECT loc 4040 tcp www - > FWIW, I can't see any reason why it's failing other than a regular old network connection fail. > ERROR > The requested URL could not be retrieved > -------------------------------------------------------------------------------- > The following error was encountered while trying to retrieve the URL: > http://news.bbc.co.uk/1/hi/world/asia-pacific/8397717.stm > > Connection to 212.58.226.142 failed. > > The system returned: (111) Connection refused > > The remote host or network may be down. Please try the request again. > > Your cache administrator is root. > -------------------------------------------------------------------------------- > Generated Sun, 06 Dec 2009 17:51:35 GMT by LIANA (squid/3.0.STABLE20) > > My squid.conf is as follows: > =================== > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl folio3Network src 192.168.4.0/24 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > acl super_users src "/etc/squid/f3_acls/super_users.acl" > acl gerrys_users src "/etc/squid/f3_acls/gerrys_groups.acl" > acl netsat_users src "/etc/squid/f3_acls/netsat_groups.acl" > acl managers src "/etc/squid/f3_acls/managers.acl" > acl blocked_sites dstdomain "/etc/squid/f3_acls/blocked_sites.acl" > acl blocked_request_mt req_mime_type -i > "/etc/squid/f3_acls/blocked_mimetypes.acl" > acl blocked_reply_mt rep_mime_type -i > "/etc/squid/f3_acls/blocked_mimetypes.acl" > acl gaming_sites dstdomain "/etc/squid/f3_acls/gaming_sites.acl" > acl server_machines src "/etc/squid/f3_acls/server_machines.acl" > acl working_hours time MTWHF 09:00-12:30 > acl working_hours time MTWHF 14:00-18:30 > acl gaming_hours time MTWHF 21:00-23:59 > acl gaming_hours time MTWHF 01:00-07:00 > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow super_users > http_access deny working_hours blocked_sites > http_access deny working_hours blocked_request_mt > http_access deny !gaming_hours gaming_sites > http_access allow managers > http_access allow gerrys_users > http_access allow server_machines > http_access allow localhost > http_access deny all > http_reply_access deny working_hours blocked_reply_mt > icp_access allow folio3Network > icp_access deny all > htcp_access allow folio3Network > htcp_access deny all > http_port 4040 transparent > hierarchy_stoplist cgi-bin ? > cache_dir aufs /var/spool/squid 10240 16 256 > access_log /var/log/squid/access.log squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern (cgi-bin|\?) 0 0% 0 Missing '/'s (/cgi-bin/|\?) > refresh_pattern . 0 20% 4320 > visible_hostname LIANA > icp_port 3130 > coredump_dir /var/spool/squid > > Any idea what might be going wrong? Some times I suspect it could be a > DNS issue but then why every thing works fine if I turn off squid and > browse through shorewall only?
