Re: [squid-users] Re: FTP through squid
On 4/05/2012 9:58 p.m., Hugo Deprez wrote: Hello, I am running Debian Squeeze with squid 3.1.6-1.2+squeeze2 with the command line it works : $ftp ftp.free.fr Connected to ftp.proxad.net. 220 Welcome to ProXad FTP server Name (ftp.free.fr:hugo.deprez): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. lrwxrwxrwx1 ftp ftp28 Jun 14 2011 MPlayer -> mirrors/mplayerhq.hu/MPlayer drwxr-xr-x2 ftp ftp 4096 May 07 2008 awstats drwx--2 ftp ftp 16384 Mar 08 2006 lost+found drwxr-xr-x3 ftp ftp 4096 Jan 04 11:44 mirrors drwxr-xr-x2 ftp ftp 4096 Dec 24 2008 nzb drwxr-xr-x 10 ftp ftp 4096 Nov 23 2009 pub drwxr-xr-x2 ftp ftp 81920 May 03 22:30 stats drwxr-xr-x2 ftp ftp 4096 May 04 09:35 tmp 226 Directory send OK. I do have this error for all ftp server I try with ftp.mozilla.org Any idea ? Please try the squid3 package form Wheezy/Testing repositories. 3.1.6 has quite a few problems. The FTP client you are using seems to be doing IPv4-only PORT commands silently in the background. Squid uses protocol-neutral EPSV/EPRT first, and the older 3.1 have a few issues in that area. Amos
[squid-users] Squid 3.1 and TPROXY 4 Problems
Hi all, I'm busy working on a tproxy setup with the latest squid on Ubuntu 12.04; tproxy is enabled, squid is compiled with tproxy support etc. The difference with this setup is that traffic is being sent to the host using route-map on a cisco as opposed to WCCP but it seems that should work. Unfortunately it seems there is very little documentation about the latest tproxy+squid3.1 setup method - but this is what I have -- # IP ip -f inet rule add fwmark 1 lookup 100 ip -f inet route add local default dev eth0 table 100 # Sysctl echo 1 > /proc/sys/net/ipv4/ip_forward echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter # IP Tables iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 In squid.conf the relevant line for http_port 3129 tproxy is set etc. With this setup I get hits on the iptables rules, and see a request in the access log but it fails to fill it, it also looks very strange -- 1336146295.076 56266 69.77.128.218 TCP_MISS/000 0 GET http://www.google.com/url? - DIRECT/www.google.com - 1336146337.969 42875 69.77.128.218 TCP_MISS/000 0 GET http://www.google.com/url? - DIRECT/www.google.com - As you can see it's a TCP_MISS/000 and the DIRECT/www.google.com in my experience should have an IP not a hostname? Additionally the sizes seem very weird. The client just hangs. Should this setup be working or is there some obvious error? Thank you in advance Dave
[squid-users] Connection Reset by Peer (104)
Hi, Running 2.6.STABLE21-6 (RHEL5) here. I am unable to access http://www.nacuboannualmeeting.org/. The error that is thrown is: The following error was encountered: Read Error The system returned: (104) Connection reset by peer My access.log shows: 04/May/2012:08:49:03 -0500348 172.24.75.138 TCP_MISS/502 1484 GET http://www.nacuboannualmeeting.org/ - DIRECT/64.211.220.113 text/html I have tried the two suggestions in the FAQ: echo 0 > /proc/sys/net/ipv4/tcp_ecn echo 0 >/proc/sys/net/ipv4/tcp_window_scaling Neither of these solved the problem. Does anyone have any other ideas on how I can solve this? Thanks, Josh
[squid-users] Squid Restarting
Hi, We're running squid 3.1.19 - and have seen it restarting from the logs, just after the below error: 2012/04/19 12:12:28| assertion failed: forward.cc:496: "server_fd == fd" 2012/04/19 12:12:59| Starting Squid Cache version 3.1.19 for sparc-sun-solaris2.10... Is this a known issue? any workaround? It's been in production for 6 weeks now, and have only seen it once, but we need to have an answer for the customer. We're worried it'll be more frequently as traffic goes up. Thanks, Justin This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: [squid-users] Re: FTP through squid
Hello, I am running Debian Squeeze with squid 3.1.6-1.2+squeeze2 with the command line it works : $ftp ftp.free.fr Connected to ftp.proxad.net. 220 Welcome to ProXad FTP server Name (ftp.free.fr:hugo.deprez): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. lrwxrwxrwx1 ftp ftp28 Jun 14 2011 MPlayer -> mirrors/mplayerhq.hu/MPlayer drwxr-xr-x2 ftp ftp 4096 May 07 2008 awstats drwx--2 ftp ftp 16384 Mar 08 2006 lost+found drwxr-xr-x3 ftp ftp 4096 Jan 04 11:44 mirrors drwxr-xr-x2 ftp ftp 4096 Dec 24 2008 nzb drwxr-xr-x 10 ftp ftp 4096 Nov 23 2009 pub drwxr-xr-x2 ftp ftp 81920 May 03 22:30 stats drwxr-xr-x2 ftp ftp 4096 May 04 09:35 tmp 226 Directory send OK. I do have this error for all ftp server I try with ftp.mozilla.org Any idea ? On 4 May 2012 06:16, Amos Jeffries wrote: > Continuing the top-posting trend... > > free.fr is an IPv6-enabled network. Which means Squid version and your OS > type is now quite important when debugging. > > Amos > > > On 4/05/2012 1:58 a.m., FredB wrote: >> >> Firewall problem with passive/active ? Just try on shell >> >> ftp ftp.free.fr -> with password and login anonymous anonymous >> >>> [02/May/2012:11:44:55 +0200] "GET ftp://ftp.free.fr/ HTTP/1.0" 504 3190 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 >> >> 504 mean Gateway Timeout: The server was acting as a gateway or proxy and >> did not receive a timely response from the upstream serve >> >> - Mail original - >>> >>> De: "Hugo Deprez" >>> >>> Hello, >>> >>> no one have an idea on this issue ? >>> >>> Regards >>> >>> >>> >>> On 2 May 2012 11:55, Hugo Deprez wrote: Dear community, I am setting up a squid proxy but I am not able to allow access to ftp server. I read many explanation on this but I'm a bit lost. So here is my conf : acl SSL_ports port 443 20 21 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl CONNECT method CONNECT ### IPOC ACL's acl sub1 src 10.1.1.0/24 acl sub2 src 10.1.2.128/25 acl ftp proto FTP http_access allow ftp ## Default access based on defined access lists http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports http_access allow sub1 http_access allow sub2 # Deny all http_access deny all ## Squid's port http_port 3128 ## Default Squid hierarchy_stoplist cgi-bin ? refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 I can see the following log in the access.log : [02/May/2012:11:44:55 +0200] "GET ftp://ftp.free.fr/ HTTP/1.0" 504 3190 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0" TCP_MISS:DIRECT But I get a squid error message on firefox : The requested URL could not be retrieved What am I missing here ? Regards, Hugo > >
[squid-users] Tried 3.2.0.17 today and ran out of filedscriptors
Today I gave 3.2.0.17 a spin (previously I've been running squid-3.1.19), and while it used to work in general, I found it to run out of filedscriptors. Same users, same config, still: 2012/05/04 09:59:16| comm_open: socket failure: (24) Too many open files 2012/05/04 09:59:16| comm_open: socket failure: (24) Too many open files 2012/05/04 09:59:20| WARNING! Your cache is running out of filedescriptors 2012/05/04 09:59:33| DiskThreadsDiskFile::openDone: (24) Too many open files 2012/05/04 09:59:33| /squid-cache/14/1C/5389 I'm running squid like this: cd /tmp echo 128 > /proc/sys/kernel/msgmni ulimit -n 8192 -c unlimited exec 2>&1 exec /usr/sbin/squid -NsYC -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155