hola a mi me pasó esto pero con la version 3.1
lo solucioné colocalndo esto, acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 pruebas y nos comentas. saludos > Date: Tue, 13 Aug 2013 12:40:51 -0300 > From: federico.do...@gmail.com > To: centos-es@centos.org > Subject: [CentOS-es] Squid Upgrade 3.3.8 > > Buenas, > > Necesito su ayuda. > > Tengo funcionando un Squid Version 2.6.STABLE21 en un CentOS release 5.5 > (Final) > > La configuracion de mi squid es la siguiente: > > [root@eze1-proxy02 ~]# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d' > visible_hostname eze1-proxy02 > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > icp_access allow all > http_port 3128 transparent > hierarchy_stoplist cgi-bin ? > access_log /var/log/squid/access.log squid > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl apache rep_header Server ^Apache > broken_vary_encoding allow apache > acl sp-download-grant src 172.17.193.25/32 #NOC-14473# > acl sp-download-grant src 172.17.196.7/32 #NOC-14473# > acl sp-download-grant src 172.17.196.30/32 #NOC-?????# > acl sp-download-grant src 172.17.196.55/32 #Pablo Resniski# > acl sp-download-grant src 172.17.196.136/32 #Damian Ferrai > acl sp-download-grant src 172.17.193.218/32 #NOC-14473# > acl sp-download-grant src 172.17.193.171/32 #adrian_bosi# > acl sp-download-grant src 172.17.197.148/32 # > acl sp-download-grant src 172.17.198.94/32 #Monitores-NOC > acl sp-download-grant src 172.17.201.63/32 #Fede_git > acl sp-download-grant src 172.17.193.38/32 #request for it-team > acl sp-download-grant src 172.17.193.197/32 #request for it-team > acl sp-download-grant src 172.17.193.6/32 #request for it-team > acl sp-download-grant src 172.17.193.5/32 #request for it-team > acl sp-download-grant src 172.17.193.4/32 #request for it-team > acl sp-download-grant src 172.17.193.7/32 #request for it-team > acl sp-download-grant src 172.17.193.85/32 #request for Mauro > acl sp-download-grant src 172.17.195.42/32 #request for it-team > acl sp-download-grant src 172.17.195.200/32 #request for it-team > acl sp-download-grant src 172.17.195.37/32 #request for it-team > acl sp-download-grant src 172.17.195.38/32 #request for it-team > acl sp-download-grant src 172.17.195.112/32 #request for it-team > acl sp-download-grant src 172.17.195.122/32 #fede for it-team > acl sp-download-grant src 172.17.195.240/32 #request for it-team > acl sp-download-grant src 172.17.195.242/32 #request for it-team > acl sp-download-grant src 172.17.195.67/32 #request for it-team > acl sp-download-grant src 172.17.195.208/32 #request for it-team > acl sp-download-grant src 172.17.193.175/32 #request for damian ferrai > acl sp-download-grant src 172.17.193.230/32 #request for Juan Ferraris > acl sp-download-grant src 172.17.196.26/32 #request for Juan Ferraris > acl sp-download-grant src 172.17.196.25/32 #request for gaston pereyra > acl sp-download-grant src 172.17.201.59/32 #request for fededon > acl sp-download-grant src 172.17.195.24/32 #request for fededon > acl sp-download-grant src 172.17.195.144/32 #request for fededon > acl sp-download-grant src 172.17.195.59/32 #request for fededon > reply_body_max_size 0 allow sp-download-grant > acl downloadhours time D 9:00-18:00 > reply_body_max_size 504900000 allow downloadhours all > acl allow_url dstdomain "/etc/squid/allow_url" > http_access allow all allow_url > acl facebook_list src "/etc/squid/facebook_allow.squid" > acl facebook dstdomain .facebook.com > http_access allow facebook facebook_list > acl WorkingHours time D 09:00-13:00 > acl WorkingHours2 time D 14:00-18:00 > acl youtube_list src "/etc/squid/youtube_allow.squid" > acl youtube dstdomain .youtube.com > http_access allow youtube youtube_list > http_access deny youtube WorkingHours all > http_access deny youtube WorkingHours2 all > http_access allow youtube all > acl taringa_list src "/etc/squid/taringa_allow.squid" > acl taringa dstdomain .taringa.net > http_access allow taringa taringa_list > acl WorkingHours time D 09:00-13:00 > acl WorkingHours2 time D 14:00-18:00 > acl vimeo_list src "/etc/squid/vimeo_allow.squid" > acl vimeo dstdomain .vimeo.com > http_access allow vimeo vimeo_list > http_access deny vimeo WorkingHours all > http_access deny vimeo WorkingHours2 all > http_access allow vimeo all > http_access allow all > cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange > default > max_filedesc 4096 > > Ahora bien, quiero pasar a la version Squid Cache: Version 3.3.8 en un > CentOS release 6.4 (Final). > > Realize una instalacion nueva en otro host y la configuracion en squid.con > es la siguiente: > > [root@eze1-proxy3 ~]# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d' > visible_hostname eze1-proxy03 > acl localnet src 17.17.192.0/20 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost localnet > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > icp_access allow all > http_port 3128 intercept > hierarchy_stoplist cgi-bin ? > access_log /var/log/squid/access.log squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl apache rep_header Server ^Apache > acl sp-download-grant src 172.17.193.25/32 #NOC-14473# > acl sp-download-grant src 172.17.196.7/32 #NOC-14473# > acl sp-download-grant src 172.17.196.30/32 #NOC-?????# > acl sp-download-grant src 172.17.196.55/32 #Pablo Resniski# > acl sp-download-grant src 172.17.196.136/32 #Damian Ferrai > acl sp-download-grant src 172.17.193.218/32 #NOC-14473# > acl sp-download-grant src 172.17.193.171/32 #adrian_bosi# > acl sp-download-grant src 172.17.197.148/32 # > acl sp-download-grant src 172.17.198.94/32 #Monitores-NOC > acl sp-download-grant src 172.17.201.63/32 #Fede_git > acl sp-download-grant src 172.17.193.38/32 #request for it-team > acl sp-download-grant src 172.17.193.197/32 #request for it-team > acl sp-download-grant src 172.17.193.6/32 #request for it-team > acl sp-download-grant src 172.17.193.5/32 #request for it-team > acl sp-download-grant src 172.17.193.4/32 #request for it-team > acl sp-download-grant src 172.17.193.7/32 #request for it-team > acl sp-download-grant src 172.17.193.85/32 #request for Mauro > acl sp-download-grant src 172.17.195.42/32 #request for it-team > acl sp-download-grant src 172.17.195.200/32 #request for it-team > acl sp-download-grant src 172.17.195.37/32 #request for it-team > acl sp-download-grant src 172.17.195.38/32 #request for it-team > acl sp-download-grant src 172.17.195.112/32 #request for it-team > acl sp-download-grant src 172.17.195.122/32 #fede for it-team > acl sp-download-grant src 172.17.195.240/32 #request for it-team > acl sp-download-grant src 172.17.195.242/32 #request for it-team > acl sp-download-grant src 172.17.195.67/32 #request for it-team > acl sp-download-grant src 172.17.195.208/32 #request for it-team > acl sp-download-grant src 172.17.193.175/32 #request for damian ferrai > acl sp-download-grant src 172.17.193.230/32 #request for Juan Ferraris > acl sp-download-grant src 172.17.196.26/32 #request for Juan Ferraris > acl sp-download-grant src 172.17.196.25/32 #request for gaston pereyra > acl sp-download-grant src 172.17.201.59/32 #request for fededon > acl sp-download-grant src 172.17.195.24/32 #request for fededon > acl sp-download-grant src 172.17.195.144/32 #request for fededon > acl sp-download-grant src 172.17.195.59/32 #request for fededon > reply_body_max_size 1000 MB sp-download-grant > acl downloadhours time D 9:00-18:00 > reply_body_max_size 500 MB downloadhours all > acl allow_url dstdomain "/etc/squid/allow_url" > http_access allow all allow_url > acl facebook_list src "/etc/squid/facebook_allow.squid" > acl facebook dstdomain .facebook.com > http_access allow facebook facebook_list > acl WorkingHours time D 09:00-13:00 > acl WorkingHours2 time D 14:00-18:00 > acl youtube_list src "/etc/squid/youtube_allow.squid" > acl youtube dstdomain .youtube.com > http_access allow youtube youtube_list > http_access deny youtube WorkingHours all > http_access deny youtube WorkingHours2 all > http_access allow youtube all > acl taringa_list src "/etc/squid/taringa_allow.squid" > acl taringa dstdomain .taringa.net > http_access allow taringa taringa_list > acl WorkingHours time D 09:00-13:00 > acl WorkingHours2 time D 14:00-18:00 > acl vimeo_list src "/etc/squid/vimeo_allow.squid" > acl vimeo dstdomain .vimeo.com > http_access allow vimeo vimeo_list > http_access deny vimeo WorkingHours all > http_access deny vimeo WorkingHours2 all > http_access allow vimeo all > http_access allow all > cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange > default > max_filedesc 4096 > > Tengo la misma configuracion de firewall en los dos servidores, las mismas > rutas, Per no puedo navegar por ninguna web en el browser, me hace un deny > a todo! > > Estos son los logs: > > [root@eze1-proxy3 ~]# service squid start > Starting squid: . [ OK ] > [root@eze1-proxy3 ~]# tail -f /var/log/squid/squid.out > 2013/08/13 09:07:32| WARNING: You should probably remove '::/0' from the > ACL named 'all' > 2013/08/13 09:07:32| WARNING: (B) '127.0.0.1' is a subnetwork of (A) > '127.0.0.1' > 2013/08/13 09:07:32| WARNING: because of this '127.0.0.1' is ignored to > keep splay tree searching predictable > 2013/08/13 09:07:32| WARNING: You should probably remove '127.0.0.1' from > the ACL named 'localhost' > 2013/08/13 09:07:32| WARNING: (B) '127.0.0.1' is a subnetwork of (A) > '127.0.0.1' > 2013/08/13 09:07:32| WARNING: because of this '127.0.0.1' is ignored to > keep splay tree searching predictable > 2013/08/13 09:07:32| WARNING: You should probably remove '127.0.0.1' from > the ACL named 'localhost' > 2013/08/13 09:07:32| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) ' > 127.0.0.0/8' > 2013/08/13 09:07:32| WARNING: because of this '127.0.0.0/8' is ignored to > keep splay tree searching predictable > 2013/08/13 09:07:32| WARNING: You should probably remove '127.0.0.0/8' from > the ACL named 'to_localhost' > ^C > [root@eze1-proxy3 ~]# tail -f /var/log/squid/access.log > > 1376395692.119 0 172.17.195.6 TCP_MISS/403 4386 GET > http://www.infobae.com/ - HIER_NONE/- text/html > 1376395692.120 5004 172.17.193.7 TCP_MISS/403 4493 GET > http://www.infobae.com/ - HIER_DIRECT/172.17.195.6 text/html > 1376395692.358 0 172.17.195.6 TCP_MISS/403 3985 GET > http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html > 1376395692.359 148 172.17.193.7 TCP_MISS/403 4092 GET > http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.17.195.6text/html > > > Pueden ayudarme a encontrar la falla....ya no busque por todos lados y > realize cambios como se puede ver en los dos archivos de squid.conf, pero > ya no se que hacer... > > Agradesco mucho su tiempo!! > > Saludos, > _______________________________________________ > CentOS-es mailing list > CentOS-es@centos.org > http://lists.centos.org/mailman/listinfo/centos-es _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es