[squid-users] web base squid configuration package
i want configure squid based on web base. it is possible ?please help me.
Re: [squid-users] Squid 2.5STABLE10 core dumps
* Odhiambo Washington ([EMAIL PROTECTED]): With the same config file, whenever I attempt to browse, I get a core dump. I did not change anything in squid.conf that I have always used. [gdb output elided] Is it possible that you are bitten by the access denied to ipnat device bug (see squid bug #1314, http://www.squid-cache.org/bugs/show_bug.cgi?id=1313)? Yes. That is correct! I have seen same behaviour, now that I see the bug. I hadn't though this could be the issue previously, but I realized at some point that if i disabled the transparent proxying options in squid.conf and put proxy settings in my browser then squid worked fine. The moment I reverted to transparent and it crashed. I got so confused I did not even remember to look at cache.log ;) No worries; you mentioning IPFilter rang the right bell here! If so, could you try the patch at http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-transparent, and if you use the FreeBSD port, could you try out the patch below, too and tell me if it fixes the problem? Yes, I use the ports. I have applied your patch and it actually solved the problem. Fine, I'll integrate the older patches up to this one, too and submit a maintainer update later today. Thanks for the feedback. Short of using this patch, does it mean if I changed the perms on the /dev/ipnat then it could have worked? Tricky, I think, since in FreeBSD 5.x most devices are created on the fly, yes? This is correct. You might want to experiment with devfs rules; see devfs(8) and /etc/defaults/devfs.conf or use /etc/devfs.conf. (I admit I am a bit confused which approach is better or more correct; you could ask on freebsd-questions or -stable.)
Re: [squid-users] Squid 2.5STABLE10 core dumps
On Sun, 26 Jun 2005, Odhiambo Washington wrote: Yes, I use the ports. I have applied your patch and it actually solved the problem. You still need to fix the permission error. Short of using this patch, does it mean if I changed the perms on the /dev/ipnat then it could have worked? Yes. Tricky, I think, since in FreeBSD 5.x most devices are created on the fly, yes? There is a config file somewhere.. (Not a FreeBSD person). Regards Henrik
RE: [squid-users] Could not start SquidNT on local computer- fixed
thanx guys, by exploring your suggestions i got the answer. apparently the squid.conf file by default refers to directories using / whereas windows prefers \ e.g. c:/squid/var/log was the default but I just changed it to c:\squid\var\log and it worked! though I find it a bit slow. Could someone suggest how to speed up the SquidNT? it is not giving me the performance I have experienced on a Linux Platform. walu. --- James Bruce [EMAIL PROTECTED] wrote: Just my 2 cents but have you tried starting it from the cmd prompt. It should give you a little more detail on what is causing the error. C:\squid squid -X -Jimmy -Original Message- From: John Walubengo [mailto:[EMAIL PROTECTED] Sent: Friday, June 24, 2005 10:16 AM To: squid-users@squid-cache.org Subject: [squid-users] Could not start SquidNT on local computer error 1067: The process terminated unexpectantly. I managed to get the squid Tom had recommended squid2.5 Stable7-NT installed on my XP professional. However, it fails to start with the above errors. what am i missing? walu. --- Carinus Carelse [EMAIL PROTECTED] wrote: I have installed the new version of squid 2.5 but i would like to test it under load and I want to use the cache_peer to forward all requests to the new proxy for a few days just to test everything. I would like it to just forward the login credentials to the new proxy what is the equivalent to login=PASS in the 2.4 version. My old proxy is a 2.4 version. I have the forwarding working the other way. From 2.5 to a 2.4 proxy. I would now like to make it work the other way I have tried various permutations of the command below including login=PASS at the end of the line can some please help me by telling me the right way to do this. It just keeps popping up the login box. Squid Cache: Version 2.4.STABLE7 cache_peer parent.domain.com parent 3128 3130 no-query default login=user:password. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [squid-users] Could not start SquidNT on local computer- fixed
Hi, At 16.08 26/06/2005, John Walubengo wrote: thanx guys, by exploring your suggestions i got the answer. apparently the squid.conf file by default refers to directories using / whereas windows prefers \ e.g. c:/squid/var/log was the default but I just changed it to c:\squid\var\log and it worked! This is wrong. MS C runtime library makes no difference between / and \ chars in paths, but the usage of / char in Squid.conf is recommended in the Windows specific documentation included in the binary package. Do you have read it ? Probably you have unintentionally fixed some other thing in your squid.conf. though I find it a bit slow. Could someone suggest how to speed up the SquidNT? it is not giving me the performance I have experienced on a Linux Platform. Your squid was not starting, now you say that it is slow, they are typical DNS misconfiguration problems. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] Transparent Squid proxy through IPSec
Hi, I'm running Squid 2.4 on a FreeBSD machine. Two days ago, i've configured IPSec for my wireless LAN. So i have a wired LAN and a secure wireless LAN. Squid runs on the wired LAN as a transparent proxy. The clients on the network will be always redirect through the proxy, even they have no proxy server configured. It works great. The configuration for ipnat (to redirect HTTP traffic through Squid) is: rdr sis0 0/0 port 80 - 127.0.0.1 port 3128 tcp sis0 = wired LAN interface on FreeBSD server. I want to configure this also for the wireless LAN. But i think it's a problem because the wireless LAN is secured by IPSec. The IP header en body are encrypted with AH and ESP. When i run tcpdump on the unsecured (no IPSec) wired LAN, i see this: 19:43:04.275456 PIV-2400.epauli.dyndns.org.36704 www.xs4all.nl.http: F 2306:2306(0) ack 25327 win 14060 nop,nop,timestamp 25426808 442068678 (DF) 19:43:04.275479 www.xs4all.nl.http PIV-2400.epauli.dyndns.org.36704: . ack 2307 win 65535 nop,nop,timestamp 442068680 25426808 (DF) Ipnat (i use that for redirection HTTP traffic on port 80 through Squid) can handle that traffic, because source and destination adress and portnumbers are viewable. When i run tcpdump for the secured connection, the only thing i can see is ESP encrypted traffic and the source and destination IPv4-adress and no portnumbers. 19:41:35.457404 192.168.2.3 192.168.2.1: AH(spi=0x04572f8e,seq=0xc3a0): ESP(spi=0x06211586,seq=0xc3a0) (DF) 19:41:35.465699 192.168.2.1 192.168.2.3: AH(spi=0x0eda8b37,seq=0x164bc): ESP(spi=0x077870a2,seq=0x164bc) 19:41:35.468010 192.168.2.3 192.168.2.1: AH(spi=0x04572f8e,seq=0xc3a1): ESP(spi=0x06211586,seq=0xc3a1) (DF) 19:41:35.475919 192.168.2.1 192.168.2.3: AH(spi=0x0eda8b37,seq=0x164bd): ESP(spi=0x077870a2,seq=0x164bd) I think it's not possible to transparent redirect traffic to Squid, when IPSec is used, because no traffic data is available. True or not true? Can someone tell me how i can redirect traffic through Squid, on a IPsec secured (wireless) LAN? Thanks! -- Edwin Pauli
Re: [squid-users] web base squid configuration package
What do you mean exactly? If you are looking for a web based configuration for squid, you can use squid webmin module. --- ashkan almaspour [EMAIL PROTECTED] wrote: i want configure squid based on web base. it is possible ?please help me. __ Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html
Re: [squid-users] Problems with effective user
I've got back in the country and I've started doing more work on this. I've found answers to these questions before I found these questions. The squid-users mailing list is a bit busier than I expected and I only found this message by chance. I've thrown truss at the problem and I now have a much clearer idea of what is going on. Henrik Nordstrom [EMAIL PROTECTED] 06/25/05 9:25 AM On Mon, 20 Jun 2005, Lloyd Parkes wrote: Only one of the two squid processes runs as 'squid' the parent still runs as 'root' This is the way it should be. I agree. I can see that the command line squid is trying to signal the child squid that is running as squid and not the parent that is running as root. I would suspect you are running a nightly snapshot or STABLE10 patched with the chroot -k patch, and that there maybe is problems with this patch. You are entirely correct. I've had a lot of luck in the past with adding patches from squid-cache.org to STABLE releases of squid, so I threw in all the patches (six of them). I noticed that my test machine worked fine, so I ran truss /usr/local/squid/sbin/squid -k reconfigure 2 truss.out on each machine and compared the output. The production machine was doing completely different stuff from my test machine. I quickly confirmed that I had different binaries on the two machines (bad me). Both squids read in the config file, but with the chroot patch, the config file gets 'activated'. I'm guessing it's the call to configDoConfigure() that does it. Later on squid calls setuid(squid) which sets the real, effective and saves user id to squid. It then tries to send the signal to the child squid. Unfortunately the child squid is running as USERRUSER PID PPID PGID SID COMMAND squid root 768 766 766 766 (squid) -sDYf /usr/local/squid/etc/squid.conf and the real user id of the two processes need to match if the signal is to be delivered. This is all on Solaris 9, but other systems should be broadly similar. I can fix this by simply not using any of the extra patches. Hopefully this info will help with any future work on the chroot patch. Cheers, Lloyd
RE: [squid-users] Problems with effective user
I have seen similar behaviour in our test environment. (sparc Solaris 9) Comparing a truss (of an attempt to shutdown the proxy) between a working (20050525) and non-working (20050621) nightly build shows Squid dropping its privileges before sending the kill signal through. (As Lloyd has indicated, this is where the problem occurs.) Another work-around I found was to 'su' down to squid (in our startup script) to start the proxy. But that might break other depending on whether Squid needed any root privileges during startup. Regards, David. __ David Gameau ISTS - Unix Systems University of South Australia email: [EMAIL PROTECTED] phone: +61 8 302 3533 fax:+61 8 302 5800 Disclaimer: I didn't do it. Nobody saw me do it. You can't prove anything. -Original Message- From: Lloyd Parkes [mailto:[EMAIL PROTECTED] Sent: Monday, 27 June 2005 9:04 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] Problems with effective user I've got back in the country and I've started doing more work on this. I've found answers to these questions before I found these questions. The squid-users mailing list is a bit busier than I expected and I only found this message by chance. I've thrown truss at the problem and I now have a much clearer idea of what is going on. Henrik Nordstrom [EMAIL PROTECTED] 06/25/05 9:25 AM On Mon, 20 Jun 2005, Lloyd Parkes wrote: Only one of the two squid processes runs as 'squid' the parent still runs as 'root' This is the way it should be. I agree. I can see that the command line squid is trying to signal the child squid that is running as squid and not the parent that is running as root. I would suspect you are running a nightly snapshot or STABLE10 patched with the chroot -k patch, and that there maybe is problems with this patch. You are entirely correct. I've had a lot of luck in the past with adding patches from squid-cache.org to STABLE releases of squid, so I threw in all the patches (six of them). I noticed that my test machine worked fine, so I ran truss /usr/local/squid/sbin/squid -k reconfigure 2 truss.out on each machine and compared the output. The production machine was doing completely different stuff from my test machine. I quickly confirmed that I had different binaries on the two machines (bad me). Both squids read in the config file, but with the chroot patch, the config file gets 'activated'. I'm guessing it's the call to configDoConfigure() that does it. Later on squid calls setuid(squid) which sets the real, effective and saves user id to squid. It then tries to send the signal to the child squid. Unfortunately the child squid is running as USERRUSER PID PPID PGID SID COMMAND squid root 768 766 766 766 (squid) -sDYf /usr/local/squid/etc/squid.conf and the real user id of the two processes need to match if the signal is to be delivered. This is all on Solaris 9, but other systems should be broadly similar. I can fix this by simply not using any of the extra patches. Hopefully this info will help with any future work on the chroot patch.
[squid-users] Squid not starting up after update to Fedora Core4
Hi, I have been using squid for about 4-5 months successfully on a RedHat 7.1 box which acts as the nat router / firewall between the I-net and my LAN. A couple of days ago I decided to upgrade to Fedora Core4. I have now got most things working, but the browers on my LAN clients are not able to access web-sites. I can ping the web-sites, but the browers are doing nothing. At first I thought it was a DNS problem, but tcpdump indicates that is working fine and if I use IP numbers for the web-sites they still don't respond. I have copied over my squid.conf and iptables setting from 7.1 and successfully set up the cache directories but I am getting nothing in access.log or store.log. Can anybody see what I am doing wrong, or knows of any utilities that could clarify what the issue is? Here is a decommented copy of the squid.conf file I am using. http_port 3128 icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB cache_dir ufs /var/spool/squid 100 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid debug_options ALL,1 33,2 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/255.0.0.0 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 8080# http #2 acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 3128# squid (is this needed, maybe as I don't allow 1025-65535 below) acl Safe_ports port 5050:5055 # bpalogin acl Safe_ports port 123 # ntp acl Safe_ports port 280 # http-mgmt acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost acl mylan src 192.168.1.0/255.255.255.224 http_access allow mylan http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all cache_mgr root cache_effective_user squid cache_effective_group squid httpd_accel_port 80 httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on memory_pools on memory_pools_limit 10 MB cachemgr_passwd disable all coredump_dir /var/spool/squid Here is what is in my cache.log 2005/06/26 21:12:28| Starting Squid Cache version 2.5.STABLE9 for i386-redhat-linux-gnu... 2005/06/26 21:12:28| Process ID 7346 2005/06/26 21:12:28| With 1024 file descriptors available 2005/06/26 21:12:28| DNS Socket created at 0.0.0.0, port 32825, FD 5 2005/06/26 21:12:28| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2005/06/26 21:12:28| Adding nameserver 144.140.70.16 from /etc/resolv.conf 2005/06/26 21:12:28| Adding nameserver 144.140.71.29 from /etc/resolv.conf 2005/06/26 21:12:28| Adding nameserver 144.140.70.15 from /etc/resolv.conf 2005/06/26 21:12:28| User-Agent logging is disabled. 2005/06/26 21:12:28| Referer logging is disabled. 2005/06/26 21:12:28| Unlinkd pipe opened on FD 10 2005/06/26 21:12:28| Swap maxSize 102400 KB, estimated 7876 objects 2005/06/26 21:12:28| Target number of buckets: 393 2005/06/26 21:12:28| Using 8192 Store buckets 2005/06/26 21:12:28| Max Mem size: 32768 KB 2005/06/26 21:12:28| Max Swap size: 102400 KB 2005/06/26 21:12:28| Rebuilding storage in /var/spool/squid (CLEAN) 2005/06/26 21:12:28| Using Least Load store dir selection 2005/06/26 21:12:28| Set Current Directory to /var/spool/squid 2005/06/26 21:12:28| Loaded Icons. 2005/06/26 21:12:29| Accepting HTTP connections at 0.0.0.0, port 3128, FD 12. 2005/06/26 21:12:29| WCCP Disabled. 2005/06/26 21:12:29| Ready to serve requests. 2005/06/26 21:12:29| Done reading /var/spool/squid swaplog (0 entries) 2005/06/26 21:12:29| Finished rebuilding storage from disk. 2005/06/26 21:12:29| 0 Entries scanned 2005/06/26 21:12:29| 0 Invalid entries. 2005/06/26 21:12:29| 0 With invalid flags. 2005/06/26 21:12:29| 0 Objects loaded. 2005/06/26 21:12:29| 0 Objects expired. 2005/06/26 21:12:29| 0 Objects cancelled. 2005/06/26 21:12:29| 0 Duplicate URLs purged. 2005/06/26 21:12:29| 0 Swapfile clashes avoided. 2005/06/26 21:12:29| Took 0.3 seconds ( 0.0 objects/sec). 2005/06/26 21:12:29| Beginning Validation Procedure 2005/06/26 21:12:29| Completed Validation Procedure 2005/06/26 21:12:29| Validated 0 Entries 2005/06/26 21:12:29| store_swap_size = 0k 2005/06/26 21:12:30| storeLateRelease: released 0 objects Best regards, Vaughan Mobile: 0412 122 362