Search squid archive

Re: running out of filedescriptors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Landy Landy wrote:
Hello.

This morning we didn't have internet. Checked squid's cache.log and found:

2010/01/26 09:10:07| client_side.cc(2843) WARNING! Your cache is running out of filedescriptors
2010/01/26 09:10:23| client_side.cc(2843) WARNING! Your cache is running out of filedescriptors
2010/01/26 09:10:39| client_side.cc(2843) WARNING! Your cache is running out of filedescriptors
2010/01/26 09:10:55| client_side.cc(2843) WARNING! Your cache is running out of filedescriptors
2010/01/26 09:11:11| client_side.cc(2843) WARNING! Your cache is running out of filedescriptors
2010/01/26 09:11:24| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (2) No such file or directory

The others advice about file descriptors and ulimit is spot-on. So go with that.

You have another issue which is causing problems though. The SO_ORIGINAL_DST is caused by normal proxy HTTP traffic arriving at a 'transparent' intercept port. There is a lot of kernel and Squid processing done uselessly for these requests. You are using 3128 for interception. If its _is_ a real NAT failure on transparent traffic they will end up with an error page and you have some serous issues with the NAT table filling up to deal with.


The thing to know about transparent ports is that they should be private between the in-box firewall doing NAT and Squid. No other software should be able to send packets there. Squid can happily run 3128 as normal, and another random port firewalled from general access for gettging the NAT intercepted packets.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
  Current Beta Squid 3.1.0.15

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux