On 10/04/2012 10:21 p.m., Markus Moeller wrote:
Hi Amos,
These are my system settings:
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
Okay, that should be enough.
networking restarted after changing that?
ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0C:29:16:1F:37
inet addr:192.168.1.29 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47856 errors:0 dropped:0 overruns:0 frame:0
TX packets:43117 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5528524 (5.2 Mb) TX bytes:3213092 (3.0 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:183 errors:0 dropped:0 overruns:0 frame:0
TX packets:183 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11503 (11.2 Kb) TX bytes:11503 (11.2 Kb)
Good, I think.
and the log if I do not use ipv4 for the external helper:
2012/04/10 11:17:07| Starting Squid Cache version 3.1.16 for
x86_64-suse-linux-gnu...
2012/04/10 11:17:07| Process ID 17834
2012/04/10 11:17:07| With 4096 file descriptors available
2012/04/10 11:17:07| Initializing IP Cache...
2012/04/10 11:17:07| DNS Socket created at [::], FD 8
?? successful IPv6 socket creation.
2012/04/10 11:17:07| DNS Socket created at 0.0.0.0, FD 9
2012/04/10 11:17:07| Adding domain suse.home from /etc/resolv.conf
2012/04/10 11:17:07| Adding domain windows.home from /etc/resolv.conf
2012/04/10 11:17:07| Adding nameserver 192.168.1.8 from /etc/resolv.conf
2012/04/10 11:17:07| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2012/04/10 11:17:07| helperOpenServers: Starting 20/20
'negotiate_wrapper_auth' processes
2012/04/10 11:17:08| helperOpenServers: Starting 20/20 'ntlm_auth'
processes
2012/04/10 11:17:08| helperOpenServers: Starting 5/5
'ext_kerberos_ldap_group_acl' processes
2012/04/10 11:17:08| commBind: Cannot bind socket FD 90 to [::1]: (99)
Cannot assign requested address
2012/04/10 11:17:08| commBind: Cannot bind socket FD 91 to [::1]: (99)
Cannot assign requested address
?? but bind() fails when an opened IPv6 socket is used.
...
2012/04/10 11:17:08| WARNING: Cannot run
'/opt/squid-3.2/lib/ext_kerberos_ldap_group_acl' process.
2012/04/10 11:17:08| User-Agent logging is disabled.
2012/04/10 11:17:08| Referer logging is disabled.
2012/04/10 11:17:08| Unlinkd pipe opened on FD 104
2012/04/10 11:17:08| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2012/04/10 11:17:08| Store logging disabled
2012/04/10 11:17:08| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2012/04/10 11:17:08| Target number of buckets: 1008
2012/04/10 11:17:08| Using 8192 Store buckets
2012/04/10 11:17:08| Max Mem size: 262144 KB
2012/04/10 11:17:08| Max Swap size: 0 KB
2012/04/10 11:17:08| Using Least Load store dir selection
2012/04/10 11:17:08| Set Current Directory to /var/cache/squid
2012/04/10 11:17:09| Loaded Icons.
2012/04/10 11:17:09| Accepting HTTP connections at [::]:3128, FD 105.
?? and more successulf IPv6 socket() and listen() calls.
2012/04/10 11:17:09| HTCP Disabled.
2012/04/10 11:17:09| Squid plugin modules loaded: 0
2012/04/10 11:17:09| Adaptation support is off.
2012/04/10 11:17:09| Ready to serve requests.
With ipv4 as helper option it works:
2012/04/09 19:14:24| Starting Squid Cache version 3.1.16 for
x86_64-suse-linux-gnu...
2012/04/09 19:14:24| Process ID 15049
2012/04/09 19:14:24| With 4096 file descriptors available
2012/04/09 19:14:24| Initializing IP Cache...
2012/04/09 19:14:24| DNS Socket created at [::], FD 8
2012/04/09 19:14:24| DNS Socket created at 0.0.0.0, FD 9
2012/04/09 19:14:24| Adding domain suse.home from /etc/resolv.conf
2012/04/09 19:14:24| Adding domain windows.home from /etc/resolv.conf
2012/04/09 19:14:24| Adding nameserver 192.168.1.8 from /etc/resolv.conf
2012/04/09 19:14:24| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2012/04/09 19:14:24| helperOpenServers: Starting 20/20
'negotiate_wrapper_auth' processes
2012/04/09 19:14:24| helperOpenServers: Starting 20/20 'ntlm_auth'
processes
2012/04/09 19:14:25| helperOpenServers: Starting 5/5
'ext_kerberos_ldap_group_acl' processes
2012/04/09 19:14:25| User-Agent logging is disabled.
2012/04/09 19:14:25| Referer logging is disabled.
2012/04/09 19:14:25| Unlinkd pipe opened on FD 104
2012/04/09 19:14:25| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2012/04/09 19:14:25| Store logging disabled
2012/04/09 19:14:25| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2012/04/09 19:14:25| Target number of buckets: 1008
2012/04/09 19:14:25| Using 8192 Store buckets
2012/04/09 19:14:25| Max Mem size: 262144 KB
2012/04/09 19:14:25| Max Swap size: 0 KB
2012/04/09 19:14:25| Using Least Load store dir selection
2012/04/09 19:14:25| Set Current Directory to /var/cache/squid
2012/04/09 19:14:25| Loaded Icons.
2012/04/09 19:14:25| Accepting HTTP connections at [::]:3128, FD 105.
2012/04/09 19:14:25| HTCP Disabled.
2012/04/09 19:14:25| Squid plugin modules loaded: 0
2012/04/09 19:14:25| Adaptation support is off.
2012/04/09 19:14:25| Ready to serve requests.
netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:6011 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:42285 127.0.0.1:44467 ESTABLISHED
tcp 0 0 127.0.0.1:48228 127.0.0.1:57780 ESTABLISHED
tcp 0 0 127.0.0.1:44467 127.0.0.1:42285 ESTABLISHED
tcp 0 0 192.168.1.29:22 192.168.1.8:52765 ESTABLISHED
tcp 0 0 127.0.0.1:35310 127.0.0.1:52240 ESTABLISHED
tcp 0 0 127.0.0.1:37647 127.0.0.1:49651 ESTABLISHED
tcp 0 0 192.168.1.29:59581 192.168.1.12:445 ESTABLISHED
tcp 0 0 127.0.0.1:41867 127.0.0.1:50921 ESTABLISHED
tcp 0 0 192.168.1.29:22 192.168.1.8:49435 ESTABLISHED
tcp 0 0 127.0.0.1:57780 127.0.0.1:48228 ESTABLISHED
tcp 0 0 127.0.0.1:52240 127.0.0.1:35310 ESTABLISHED
tcp 0 0 127.0.0.1:50921 127.0.0.1:41867 ESTABLISHED
tcp 0 0 192.168.1.29:22 192.168.1.8:49474 ESTABLISHED
tcp 0 0 127.0.0.1:49651 127.0.0.1:37647 ESTABLISHED
tcp 0 0 :::3128 :::*
LISTEN
tcp 0 0 :::445 :::*
LISTEN
tcp 0 0 :::139 :::*
LISTEN
Looks like Squid is not alone in this.
Markus
"Amos Jeffries" <squid3@xxxxxxxxxxxxx> wrote in message
news:4F83B2D8.9050607@xxxxxxxxxxxxx...
On 10/04/2012 1:11 a.m., Markus Moeller wrote:
But it should be possible to determine that automatically (e.g. if the
bind on ::1 fails try ipv4) shouldn' it ?
Yes. The socket handling is a bit strange in 3.1 though. Failover does
not work on helpers. Mostly because its an internal channel, Squid is
running the app at both ends, both are opening localhost / ::1.
Going back and reading your report after some sleep, it would seem you
did not fully disable IPv6 or restart Squid after changing such
fundamental detail. The Squid startup sequence probes to determine
whether an IPv6 stack is present, and what type. The "localhost" default
values depend on those probes results, with ::1 preferred if available.
Amos
Thank you
Markus
"Amos Jeffries" <squid3@xxxxxxxxxxxxx> wrote in message
news:4F82CD96.8060708@xxxxxxxxxxxxx...
On 7/04/2012 12:08 p.m., Markus Moeller wrote:
It looks like to be an ipv6 problem. I disabled ipv6 on my OpenSuse,
but squid wants to bind on ::1 (ipv6 localhost) which fails.
Is this a bug ?
In the documentation yes. It has been fixed and will say the correct
ipv4/ipv6 default in later confg manuals.
You need to specify the "ipv4" option to get Squid to contect helpers
on IPv4-only TCP sockets.
Amos