OK.
It is very clear that something is still unclear about the system.
it has about 2-4k open connections which is not the hardest thing to
handle but is not just a small pry.
I do not remember if the tproxy sockets are suppose to show up in ss or
in any other place.
So now let's jump to iptables.
Do you have the nf_conntrack files I have mentioned before?
use the dump of iptables to see what rules are running on the system:
"iptables-save"
should do the trick but just remeber to remove any confidential IPs but
leave whatever you can.
And about the ulimit that I have mentioned before:
I did not wanted you to enter "ulimit -a" but to insert the line into
the squid init.d script which should be "/etc/init.d/squid".(second or
third line in the file)
this way once you will just run the script:
"/etc/init.d/squid"
you will see the output and we will be able to see what is the ulimit
on\in the bash script which squid will be also limited to.
Eliezer
On 11/08/2013 02:50 AM, Dr.x wrote:
[root@squid ~]# lsof -u squid -a -i TCP -n -P >/tmp/tmp_lsof.1
[root@squid ~]# cat /tmp/tmp_lsof.1 |wc -l
2023
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep UDP |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep ESTABLISHED |wc -l
1841
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep TIME_WAIT |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep CLOSE_WAIT |wc -l
1
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep ":80" |wc -l
2009
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep LISTEN |wc -l
8
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep ":3129" |wc -l
4
[root@squid ~]#
[root@squid ~]# lsof -i TCP -n -P >/tmp/tmp_lsof.2
cat /tmp/tmp_lsof.2 |wc -l
cat /tmp/tmp_lsof.2 |grep UDP |wc -l
cat /tmp/tmp_lsof.2 |grep ESTABLISHED |wc -l
cat /tmp/tmp_lsof.2 |grep TIME_WAIT |wc -l
cat /tmp/tmp_lsof.2 |grep CLOSE_WAIT |wc -l
cat /tmp/tmp_lsof.2 |grep LISTEN |wc -l
cat /tmp/tmp_lsof.2 |grep ":80" |wc -l
cat /tmp/tmp_lsof.2 |grep ":3129" |wc -l [root@squid ~]# cat /tmp/tmp_lsof.2
|wc -l
2170
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep UDP |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep ESTABLISHED |wc -l
1982
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep TIME_WAIT |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep CLOSE_WAIT |wc -l
1
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep LISTEN |wc -l
28
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep ":80" |wc -l
2133
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep ":3129" |wc -l
4
[root@squid ~]# ^C
==========================
after sometime :
[root@squid ~]# ^C
[root@squid ~]# lsof -u squid -a -i TCP -n -P >/tmp/tmp_lsof.1
[root@squid ~]# cat /tmp/tmp_lsof.1 |wc -l
2250
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep UDP |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep ESTABLISHED |wc -l
2078
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep TIME_WAIT |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep CLOSE_WAIT |wc -l
4
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep ":80" |wc -l
2236
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep LISTEN |wc -l
8
[root@squid ~]# cat /tmp/tmp_lsof.1 |grep ":3129" |wc -l
4
[root@squid ~]#
[root@squid ~]#
[root@squid ~]#
[root@squid ~]#
[root@squid ~]#
[root@squid ~]# lsof -i TCP -n -P >/tmp/tmp_lsof.2
cat /tmp/tmp_lsof.2 |wc -l
cat /tmp/tmp_lsof.2 |grep UDP |wc -l
cat /tmp/tmp_lsof.2 |grep ESTABLISHED |wc -l
cat /tmp/tmp_lsof.2 |grep TIME_WAIT |wc -l
cat /tmp/tmp_lsof.2 |grep CLOSE_WAIT |wc -l
cat /tmp/tmp_lsof.2 |grep LISTEN |wc -l
cat /tmp/tmp_lsof.2 |grep ":80" |wc -l
cat /tmp/tmp_lsof.2 |grep ":3129" |wc -l [root@squid ~]# cat /tmp/tmp_lsof.2
|wc -l
2184
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep UDP |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep ESTABLISHED |wc -l
1999
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep TIME_WAIT |wc -l
0
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep CLOSE_WAIT |wc -l
4
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep LISTEN |wc -l
28
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep ":80" |wc -l
2149
[root@squid ~]# cat /tmp/tmp_lsof.2 |grep ":3129" |wc -l
4
[root@squid ~]#
-----
Dr.x
