+ Post New Thread
Results 1 to 12 of 12
Wireless Networks Thread, Squid Screwed in Technical; OK Squid/DG was working fine till today Sites were becoming slow to hit, and now no one can hit anything ...
  1. #1

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,675
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Squid Screwed

    OK Squid/DG was working fine till today
    Sites were becoming slow to hit, and now no one can hit anything

    It is set to use the LEA's ISA server as its "parent" but when i stop/start squid i see this error
    startproc: exit status of parent of /usr/sbin/squid: 1
    Squid reports as starting, DG fails to start tho.

    Have checked the config as best i can and all seems ok

    the cache_peer peer line is as follows

    cache_peer <isa server ip> 8080 3128 proxy-only default login=<username|password>

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Squid Screwed

    What do the log files say. The cache.log in paticular?

  3. #3

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,675
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: Squid Screwed

    2006/10/10 11:28:13| Configuring Parent 10.201.2.7/8080/3128
    2006/10/10 11:28:13| Ready to serve requests.
    2006/10/10 11:28:13| Done reading /var/cache/squid swaplog (15 entries)
    2006/10/10 11:28:13| Finished rebuilding storage from disk.
    2006/10/10 11:28:13| 15 Entries scanned
    2006/10/10 11:28:13| 0 Invalid entries.
    2006/10/10 11:28:13| 0 With invalid flags.
    2006/10/10 11:28:13| 15 Objects loaded.
    2006/10/10 11:28:13| 0 Objects expired.
    2006/10/10 11:28:13| 0 Objects cancelled.
    2006/10/10 11:28:13| 0 Duplicate URLs purged.
    2006/10/10 11:28:13| 0 Swapfile clashes avoided.
    2006/10/10 11:28:13| Took 0.4 seconds ( 38.9 objects/sec).
    2006/10/10 11:28:13| Beginning Validation Procedure
    2006/10/10 11:28:13| Completed Validation Procedure
    2006/10/10 11:28:13| Validated 15 Entries
    2006/10/10 11:28:13| store_swap_size = 384k
    2006/10/10 11:28:14| storeLateRelease: released 0 objects
    2006/10/10 11:28:38| temporary disabling (Proxy Authentication Required) digest
    from 10.201.2.7
    2006/10/10 11:29:34| Detected DEAD Parent: 10.201.2.7/8080/3128
    2006/10/10 11:33:38| temporary disabling (Proxy Authentication Required) digest
    from 10.201.2.7
    2006/10/10 11:43:40| temporary disabling (Proxy Authentication Required) digest
    from 10.201.2.7
    2006/10/10 12:03:41| temporary disabling (Proxy Authentication Required) digest
    from 10.201.2.7
    2006/10/10 12:43:41| temporary disabling (Proxy Authentication Required) digest
    from 10.201.2.7
    lithium:/var/log/squid #
    Now the weird bit - despite the "dead parent" line - i am currently writing this post whilst IE is configured to use that addresss ! So that server is alive and well!

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Squid Screwed

    Have you told Squid to use some sort of peering arrangement the other cache does not support? eg, ICP? What does your cache_peer line look like?

  5. #5

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,675
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: Squid Screwed

    cache_peer 10.201.2.7 parent 8080 3128 proxy-only no-delay login=domain\usernameassword

  6. #6

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,675
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: Squid Screwed

    cache_peer 10.201.2.7 parent 8080 3128 proxy-only no-delay login=domain\usernameassword
    The service starts - as does dansguardian - but cannot get to any site other than www.google.co.uk
    No other URL will work nor will any google search.

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Squid Screwed

    Ok, so your parent cache is running ICP on port 3128?
    Also, if the parent cache fails, there's direct internet access?

  8. #8

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,675
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: Squid Screwed

    No, if the LEA's ISA fails then we're dead in the water - guessing that I've missed a bit out then?

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Squid Screwed

    Yes, your cache_peer line says:

    My upstream proxy is 10.201.2.7:8080
    I need to login to it
    I can query it with ICP on port 3128.
    If it's dead I can access the internet directly.

    The combination of the second two is whats causing the problem. Try this instead:
    Code:
    cache_peer     10.201.2.7    parent  8080    0       no-query default login=domain\username:password
    Presumably you also have a:
    Code:
    never_direct allow all
    Somewhere in your ACL's too?

  10. #10

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,675
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: Squid Screwed

    Yep though when i use
    Code:
     never_direct acl all
    i get this when i try to stop/start squid
    Code:
    ACL name 'all' not defined!
    FATAL: Bungled squid.conf line 364: never_direct allow all
    yet later in the code I have
    Code:
    acl all src 0.0.0.0/0.0.0.0

  11. #11

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,675
    Thank Post
    861
    Thanked 650 Times in 431 Posts
    Rep Power
    499

    Re: Squid Screwed

    Sorted it!

    The
    Code:
     never_direct acl all
    was in the wrong place!!

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Squid Screwed

    Yes, you need to have the directive after your acl definition because squid reads it's configuration top to bottom rather than all at once.

SHARE:
+ Post New Thread

Similar Threads

  1. HELP - I think I just screwed up!
    By tazz in forum Windows
    Replies: 28
    Last Post: 14th January 2011, 10:17 PM
  2. LEA Server Upgrade Screwed website!
    By DSapseid in forum Web Development
    Replies: 2
    Last Post: 18th December 2007, 01:31 PM
  3. Squid Transparent
    By Jackd in forum *nix
    Replies: 5
    Last Post: 10th October 2007, 02:12 PM
  4. Exchange 2003 - screwed
    By Gatt in forum Windows
    Replies: 1
    Last Post: 20th July 2007, 08:49 AM
  5. squid acl
    By browolf in forum *nix
    Replies: 20
    Last Post: 20th April 2007, 08:55 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •