I run a Squid 3 server that is acting as a web filter. It worked fine on Etch. The system stopped working properly due to two of the three SATA cables being bad. Before I figured that out, I tried doing updates. Since Etch updates were no longer available, I did a distupgrade to Lenny. Immediately, Squid stopped working properly. It would take up to two and a half minutes for it to respond to a web request and add it to the access.log. This was using the same configuration file that it was using before the update. After I found the hardware problem, I did a clean install of Lenny. I used the basic squid.conf like I did on the previous system, only changing it to add my ACLs and because it wasn't saving an access.log to the default location unless I uncommented the path directive. Now, it won't respond to a request at all. Forwarding is enabled and the firewall seems to be set up correctly. I also specified the listening address with http_port ipaddress:3128. This is Squid Version 3.0.STABLE8. Here is my firewall configuration followed by my squid.conf: # Generated by iptables-save v1.4.2 on Tue Aug 3 12:15:22 2010 *nat :PREROUTING ACCEPT [1069181:101812985] :POSTROUTING ACCEPT [5783:405174] :OUTPUT ACCEPT [11868:1177883] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 COMMIT # Completed on Tue Aug 3 12:15:22 2010 # Generated by iptables-save v1.4.2 on Tue Aug 3 12:15:22 2010 *filter :INPUT DROP [966:104230] :FORWARD DROP [604:51901] :OUTPUT DROP [7:852] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -m limit --limit 49/min -j LOG --log-prefix "iptables DENY: " --log-level 7 -A INPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 3128 -j ACCEPT -A OUTPUT -p tcp -m tcp -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --dport 67 -j ACCEPT -A OUTPUT -p udp -m udp --dport 631 -j ACCEPT COMMIT acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl god src "/etc/squid3/god" acl tomdean src "/etc/squid3/tomdean" acl tomdeansites dstdomain "/etc/squid3/tomdeansites" acl adpsubnet src 206.94.237.160/27 acl mgr src "/etc/squid3/mgr" acl limited src "/etc/squid3/limited" acl good dstdomain "/etc/squid3/good.hosts" acl bad dstdomain "/etc/squid3/bad.hosts" acl badip dst "/etc/squid3/bad.ip" acl goodip dst "/etc/squid3/good.ip" acl idiot src "/etc/squid3/idiot" acl nickl src 192.168.1.182 acl gregsommers src 192.168.1.170 acl proxies url_regex -i "/etc/squid3/proxies" http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access allow adpsubnet http_access allow god http_access deny idiot http_access allow good http_access allow goodip http_access allow mgr http_access allow tomdean tomdeansites http_access allow limited good http_access deny proxies http_access deny limited http_access deny bad http_access allow all http_access allow localhost http_access deny all icp_access deny all htcp_access deny all http_port 192.168.1.206:3128 hierarchy_stoplist cgi-bin ? access_log /var/log/squid3/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 icp_port 3130 coredump_dir /var/spool/squid3 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid3-not-working-after-update-or-reinstall-tp2312182p2312182.html Sent from the Squid - Users mailing list archive at Nabble.com.
