On 8/10/2013 2:10 p.m., Gregory K. Spranger wrote:
hi there .. here are my details:
squid/OS details
squid 3.3.9 compiled from source with:
./configure --prefix=/usr \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--bindir=/usr/sbin \
--libexecdir=/usr/lib/squid \
--localstatedir=/var/run/squid \
--sysconfdir=/etc/squid \
--with-default-user=squid \
--with-logdir=/var/log/squid \
--enable-ssl \
--with-openssl=/usr/include/openssl/ \
--enable-linux-netfilter
using OS
Linux version 2.6.18-348.1.1.el5
(mockbuild@xxxxxxxxxxxxxxxxxxxxxxxxxxxx) (gcc version 4.1.2 20080704
(Red Hat 4.1.2-54)) #1 SMP F
ri Dec 14 05:25:59 EST 2012
my squid.conf is very simple
debug_options ALL,6
ssl_bump client-first all
sslproxy_cert_error allow all
#sslproxy_cert_adapt setCommonName ssl::certDomainMismatch
https_port 3130 transparent ssl-bump
cert=/etc/squid/certs/squid-proxy.crt
key=/etc/squid/certs/squid-proxy.key
http_port 3128 transparent
access_log /var/log/squid/access.log squid
always_direct allow all
cache deny all
acl http proto http
acl https proto https
acl port_80 port 80
acl port_443 port 443
acl allowed_sites dstdomain "/etc/squid/allowed_domains"
http_access allow http port_80 allowed_sites
http_access allow https port_443 allowed_sites
http_access deny all
visible_hostname localhost
but this is the error i am getting:
2013/10/07 20:50:00.237 kid1| tools.cc(619) leave_suid: leave_suid:
PID 17862 giving up root, becoming 'squid'
2013/10/07 20:50:00.238 kid1| StartListening.cc(55) StartListening:
opened listen local=0.0.0.0:3128 remote=[::] FD 11 flags=41
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(85) ScheduleCall:
StartListening.cc(56) will call
clientListenerConnectionOpened(local=0.0.0.0:3128 remote=[::] FD 11
flags=41, err=0, HTTP Socket port=0x7c8e838) [call2]
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(18) AsyncCall: The
AsyncCall httpsAccept constructed, this=0x8233a20 [call3]
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(18) AsyncCall: The
AsyncCall clientListenerConnectionOpened constructed, this=0x8233aa0
[call4]
2013/10/07 20:50:00.238 kid1| tools.cc(664) enter_suid: enter_suid:
PID 17862 taking root privileges
2013/10/07 20:50:00.238 kid1| comm.cc(554) comm_openex: comm_openex:
Attempt open socket for: 0.0.0.0:3130
2013/10/07 20:50:00.238 kid1| comm.cc(595) comm_openex: comm_openex:
Opened socket local=0.0.0.0:3130 remote=[::] FD 12 flags=1 : family=2,
type=1, protocol=6
2013/10/07 20:50:00.238 kid1| comm.cc(637) comm_init_opened:
local=0.0.0.0:3130 remote=[::] FD 12 flags=1 is a new socket
2013/10/07 20:50:00.238 kid1| fd.cc(221) fd_open: fd_open() FD 12 HTTPS Socket
2013/10/07 20:50:00.238 kid1| commBind: Cannot bind socket FD 12 to
0.0.0.0:3130: (13) Permission denied
2013/10/07 20:50:00.238 kid1| comm.cc(1102) _comm_close: comm_close:
start closing FD 12
2013/10/07 20:50:00.238 kid1| comm.cc(760) commUnsetFdTimeout: Remove
timeout for FD 12
2013/10/07 20:50:00.238 kid1| comm.cc(955) commCallCloseHandlers:
commCallCloseHandlers: FD 12
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(18) AsyncCall: The
AsyncCall comm_close_complete constructed, this=0x8233c60 [call5]
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(85) ScheduleCall:
comm.cc(1178) will call comm_close_complete(FD 12) [call5]
3128 opens up just fine and runs AOK .. just when i use https_port it
seems to get shot down .. yes, i did check to make sure squid user can
write to /var/run/squid -- not seeing that error .. yes, i made sure
selinux isn't blocking the port ..
sudo semanage port -l | grep 3130
http_cache_port_t udp 3130, 11211
but for some reason, it just wont work .. "funny" funny thing is i
performed the "exact" same steps on a diff server that is suppose to
be identical, and it worked AOK .. just for some reason this server
doesn't like when i try to use port 3130 -- getting that nasty
"permission denied" error and debug log doesn't seem to point me to
root cause ..
semanage gives a hint: port 3130 permissions are for UDP (Squid ICP
protocol port). But HTTPS uses TCP protocol.
Amos
