Sorry, the squid config carriage return were gone. Here is a more readable format of my config: Config: ======= acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl to_localhost dst ::1/128 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl Irc_ports port 6666-6669 # JHH -- Added acl Msn_ports port 1863 # JHH -- Added acl SSL_ports port 6666-6669 # JHH -- Added (IRC via http proxy) acl SSL_ports port 443 3511 1863 # JHH -- Added acl Safe_ports port 80 81 # http -- JHH added port 81 acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir ufs /var/spool/squid 1000 16 256 access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_mgr webmaster@xxxxxxxxxxx visible_hostname pegasus.houtsma.net icp_port 3130 always_direct allow all coredump_dir /var/spool/squid Op 9-3-2010 16:58, Jan Houtsma schreef: > Hi, > > Squid has always been working fine. All websites, except Google, still > work fine! As far as i know nothing changed on my part, except the > weekly Fedora updates. > > My internal users get this "(101) Network is unreachable" error message > when they go through the proxy. My iptables allows ALL outgoing > connections. > When they hit "Reload" or ^R the page loads fine. But after a while when > they go to google again they get the same error. Hit ^R and it works again. > When bypassing the proxy, the connection also works fine! > > Only with Google! Other websites work fine! > > When i jump to the squid server and issue a wget to > http://www.google.com with and without the proxy i get following results: > > WITH PROXY: > =========== > > [16:28:root@pegasus /var/log/squid]# http_proxy=http://localhost:3128 > wget -O /dev/null -S http://www.google.com > --2010-03-09 16:28:38-- http://www.google.com/ > Resolving localhost... ::1, 127.0.0.1 > Connecting to localhost|::1|:3128... connected. > Proxy request sent, awaiting response... > HTTP/1.0 503 Service Unavailable > Server: squid/3.1.0.17 > Mime-Version: 1.0 > Date: Tue, 09 Mar 2010 15:28:38 GMT > Content-Type: text/html > Content-Length: 3103 > X-Squid-Error: ERR_CONNECT_FAIL 101 > Vary: Accept-Language > Content-Language: en > X-Cache: MISS from pegasus.houtsma.net > X-Cache-Lookup: MISS from pegasus.houtsma.net:3128 > Via: 1.0 pegasus.houtsma.net (squid/3.1.0.17) > Proxy-Connection: close > 2010-03-09 16:28:38 ERROR 503: Service Unavailable. > > WITHOUT PROXY (DIRECT): > ====================== > > [16:28:root@pegasus /var/log/squid]# wget -O /dev/null -S > http://www.google.com > --2010-03-09 16:29:04-- http://www.google.com/ > Resolving www.google.com... 209.85.227.99, 209.85.227.103, > 209.85.227.104, ... > Connecting to www.google.com|209.85.227.99|:80... connected. > HTTP request sent, awaiting response... > HTTP/1.0 302 Found > Location: http://www.google.nl/ > Cache-Control: private > Content-Type: text/html; charset=UTF-8 > Set-Cookie: > PREF=ID=1bfd77348d3a379c:TM=1268148544:LM=1268148544:S=_nDFRJT7tp3qefl9; > expires=Thu, 08-Mar-2012 15:29:04 GMT; path=/; domain=.google.com > Set-Cookie: > NID=32=fAAVBBp0z3d7aMi1hZkzW3VQyGznOU4d3zdyqSdImAbpj-Y4y00_itgmLmg6xUxTCkhIY7cxYTJL9S15aosMYDcFAj6xXCUnCizMTLQ0_ThrCpYf9gxfV7IjOH_NK_ZG; > expires=Wed, 08-Sep-2010 15:29:04 GMT; path=/; domain=.google.com; HttpOnly > Date: Tue, 09 Mar 2010 15:29:04 GMT > Server: gws > Content-Length: 218 > X-XSS-Protection: 0 > Connection: Keep-Alive > ..... > > > I am out of ideas! Any help is appreciated! > > -- Jan Houtsma PGP Key ID: 0x68D146B5 http://www.houtsma.net/key.asc PGP > Fingerprint: DF5C AE86 323D 8029 DF47 EEB8 FB71 080A 68D1 46B5 Config: > ======= acl manager proto cache_object acl localhost src 127.0.0.1/32 > acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl to_localhost dst ::1/128 acl localnet src 10.0.0.0/8 # RFC1918 > possible internal network acl localnet src 172.16.0.0/12 # RFC1918 > possible internal network acl localnet src 192.168.0.0/16 # RFC1918 > possible internal network acl localnet src fc00::/7 # RFC 4193 local > private network range acl localnet src fe80::/10 # RFC 4291 link-local > (directly plugged) machines acl Irc_ports port 6666-6669 # JHH -- Added > acl Msn_ports port 1863 # JHH -- Added acl SSL_ports port 6666-6669 # > JHH -- Added (IRC via http proxy) acl SSL_ports port 443 3511 1863 # JHH > -- Added acl Safe_ports port 80 81 # http -- JHH added port 81 acl > Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports > port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port > 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl > Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl > Safe_ports port 777 # multiling http acl CONNECT method CONNECT > http_access allow manager localhost http_access deny manager http_access > deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow > localhost http_access allow localnet http_access deny all icp_access > allow localnet icp_access deny all htcp_access allow localnet > htcp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? > cache_dir ufs /var/spool/squid 1000 16 256 access_log > /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) > 0 0% 0 refresh_pattern . 0 20% 4320 cache_mgr webmaster@xxxxxxxxxxx > visible_hostname pegasus.houtsma.net icp_port 3130 always_direct allow > all coredump_dir /var/spool/squid >
