Re: [squid-users] Problem restarting/stopping squid
2010/9/22 Amos Jeffries : > On 23/09/10 03:06, Sergio Belkin wrote: >> >> 2010/9/16 Amos Jeffries: >>> >>> On 17/09/10 01:46, Sergio Belkin wrote: >>>> >>>> 2010/9/16 Peter Albrecht: >>>>> >>>>> Hi Sergio, >>>>> >>>>>> I use squid squid-2.6.STABLE21-3.el5 on CentOS 5.4. The problem is >>>>>> that squid can't be restarted and "rotate" isnt working, I mean log >>>>>> rotating is done but I have to start the service by hand. >>>>>> >> >> I think that I found the cause of problem. Since I was rotating on a >> different times each log, only executed "squid -k rotate" when it >> rotated the store.log, but it didn't when it made the access.log and >> cache log. So I've append >> postrotate >> /usr/sbin/squid -k rotate >> endscript >> >> at the end of both access.log and cache.log sections. >> > > Careful that this does not make squid overwrite log data. > Why do you say that? Could that happen? Stupid question: What does 'squid -k rotate' really do? Thanks in advance -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
Re: [squid-users] Problem restarting/stopping squid
2010/9/16 Amos Jeffries : > On 17/09/10 01:46, Sergio Belkin wrote: >> >> 2010/9/16 Peter Albrecht: >>> >>> Hi Sergio, >>> >>>> I use squid squid-2.6.STABLE21-3.el5 on CentOS 5.4. The problem is >>>> that squid can't be restarted and "rotate" isnt working, I mean log >>>> rotating is done but I have to start the service by hand. >>>> >>> >>>> /var/log/squid/store.log { > > Do you actually make use of store.log for anything? > It's primarily a cache debugging log and most installs can configure it not > to be created. > > Amos > -- I think that I found the cause of problem. Since I was rotating on a different times each log, only executed "squid -k rotate" when it rotated the store.log, but it didn't when it made the access.log and cache log. So I've append postrotate /usr/sbin/squid -k rotate endscript at the end of both access.log and cache.log sections. Thanks -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
Re: [squid-users] Problem restarting/stopping squid
2010/9/16 Peter Albrecht : > Hi Sergio, > >> I use squid squid-2.6.STABLE21-3.el5 on CentOS 5.4. The problem is >> that squid can't be restarted and "rotate" isnt working, I mean log >> rotating is done but I have to start the service by hand. >> > >> /var/log/squid/store.log { >> weekly >> rotate 4 >> size 1000M >> copytruncate >> compress >> notifempty >> missingok >> postrotate >> postrotate >> /usr/sbin/squid -k rotate >> endscript >> } > > Do you really have "postrotate" twice in the configuration? Maybe logrotate > gets confused by that. > > Regards, > > Peter > Thanks Peter for read my mail carefully, no I haven't twice :) it was an error when copying... -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Problem restarting/stopping squid
Hi, I use squid squid-2.6.STABLE21-3.el5 on CentOS 5.4. The problem is that squid can't be restarted and "rotate" isnt working, I mean log rotating is done but I have to start the service by hand. /var/log/squid/squid.out it says: 2010/09/16 09:59:27| Squid is already running! Process ID 30874 /etc/squid/squid.conf contains: shutdown_lifetime 100 seconds /etc/logrotate.d/squid has: /var/log/squid/access.log { weekly rotate 3 size 3500M copytruncate compress notifempty missingok } /var/log/squid/cache.log { weekly rotate 4 size 1000M copytruncate compress notifempty missingok } /var/log/squid/store.log { weekly rotate 4 size 1000M copytruncate compress notifempty missingok postrotate postrotate /usr/sbin/squid -k rotate endscript } And what about PID file?: ls -l /var/run/squid.pid -rw-r--r-- 1 root squid 6 Sep 16 09:59 /var/run/squid.pid And what about disk space? FilesystemSize Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 145G 131G 6.0G 96% / /dev/sda1 99M 19M 75M 21% /boot tmpfs 3.5G 0 3.5G 0% /dev/shm If you want to take a look to init script, you can do it on http://pastebin.com/X1HEeq1G Please could you tell me what's wrong with my config Thanks in advance! -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Squid Stops of working after some time
Hi I have a Fedora with Squid Cache: Version 2.5.STABLE9 running and every 20' minutes more or less, squid stops of working, I mean, client can't browse the web. If I restart squid, clients can suf the web again, problem always is solved when I restart the squid, please does anyone know what can bw wrong? If you need I can print some of the squidclient info. Thanks in advance -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Max connections
Hi, squid.conf says about maxconn: "This will be matched when the client's IP address has more than HTTP connections established." OK, that's if we have only one IP with we want to limit. What if I have an acls such like this: acl max_conn_vlan2 maxconn 100 acl vlan2 src 192.168.139.128/255.255.255.128 And then: http_access deny vlan2 max_conn_vlan2 Does this limit each IP of the range up to 100 connections or the whole range is limited up to 100? Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Mac Address in access.log
Hi, I wonder if is there a way to list the mac address besides ip address in access.log. Thanks in advance. -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Re: Question about np-query option in cache_peer
Sorry I made a typo, I meant: Question about no-query option in cache_peer -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Question about np-query option in cache_peer
Hi, Now I have an inner squid namely squid-1 and outer squid namely squid-2. squid-1 has a squid-2 as parent: cache_peer squid-2.domain parent 8080 0 no-query default never_direct allow all Please tell me if I understand what that means: a) Client behind (only) squid-2 ask for object "A", because is not on his own cache, ask to the internet, retrieves the object and save it on his own cache. b) When client behind squid-1 ask for an object "A" squid-1 looks fisrtly at his own cache and if it's hasn't it, redirects the petition to squid-2. c) Then squid directly ask for object "A" on internet, but doesn't look at his own cache, because of no-query option in squid.conf os squid-1. d) squid-2 retrieves object "A" and save it on his own cache. If the above is right, squid-2 would be working twice, wouldn't it? In that case, no-query would not be so useful. Please fix me if I'm wrong -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] TCP_MISS/503 and icp
Hi, I have some hosts that use one squid-1 server that has a squid-2 parent: I mean squid-1 has: cache_peer parent.domain parent 80803130 But some sites are unaccessible, in special those sites with url having an "?" for example: 1242674301.146104 10.128.255.189 TCP_MISS/503 1415 GET http://ar.yahoo.com/? - DIRECT/209.191.93.55 text/html and browser shows: Error The requested URL could not be retrieved While trying to retrieve the URL http://ar.yahoo.com/? The following error was encountered: *Connection to 209.191.93.55 The system returned: (111) Connectio0n refused Also, On the squid-1 iptables are doing REDIRECT. Please could you tell me what's wrong? Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Problem with logrotate and compress
Hi I am using Centos 5.1 and I have a weird problem with squid logs rotation. I have the file squid as follow in /etc/logrotate.d: Recently I reduce size parameter. /var/log/squid/access.log { weekly missingok rotate 10 compress create 0660 squid squid missingok size 200M postrotate /usr/sbin/squid -k rotate endscript } /var/log/squid/cache.log { weekly rotate 5 copytruncate compress notifempty missingok } /var/log/squid/store.log { missingok weekly compress size 200M create 0660 root squid rotate 4 # This script asks squid to rotate its logs on its own. # Restarting squid is a long process and it is not worth # doing it just to rotate logs postrotate /usr/sbin/squid -k rotate endscript } The strange thing is that I get the following files: -rw-r- 1 squid squid 3.4M Jul 8 09:37 access.log -rw-r- 1 squid squid 116K Jul 8 09:31 access.log.0 -rw-rw 1 squid squid0 Jul 8 09:31 access.log.1 -rw-r- 1 squid squid 20 Jul 8 09:31 access.log.1.gz -rw-r--r-- 1 squid squid 28M Jul 8 04:22 access.log.2.gz -rw-r- 1 squid squid 39M Jul 8 09:31 access.log.3 -rw-r--r-- 1 root root 29M Jul 7 15:58 access.log.3.gz -rw-r--r-- 1 squid squid 252M Jul 8 04:22 access.log.4 -rw-r- 1 squid squid 1.9K Jul 8 09:31 cache.log -rw-r- 1 squid squid0 Jul 8 09:31 cache.log.0 -rw-r- 1 squid squid 3.1K Jul 8 09:28 cache.log.1 -rw-r- 1 squid squid 367 Jul 8 09:31 cache.log.1.gz -rw-r- 1 squid squid 367 Jul 8 04:22 cache.log.2.gz -rw-r--r-- 1 root root 12K Jun 11 15:40 squid.out -rw-r- 1 squid squid 1.1M Jul 8 09:37 store.log -rw-rw 1 root squid0 Jul 8 09:31 store.log.0 -rw-r- 1 squid squid 2.9M Jul 8 09:31 store.log.1.gz -rw-r- 1 squid squid 42K Jul 8 09:31 store.log.2 -rw-rw 1 root root 323M May 26 04:21 store.log.2.gz -rw-rw 1 root root 329M May 16 04:25 store.log.3.gz -rw-rw 1 root root 357M May 8 04:23 store.log.4.gz I don't understand why compress old log files but doesn't delete old non-compressed files uncompressed. Any ideas? (I've also modified create parameter for squid be owner of access logs and run by hand logrotate /etc/logrotate.d/squid to see if it repeats the case) Thanks in advance -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Delay Pools: Big values for maximum and resto
Hi Squid community, Does impact on performance if I set maximum and restore on very high values instead infinite (-1), I do that in order to audit the traffic level. If I set -1 squidclient is not clear about its usage... please tell me if I'm wrong... I am using squid 2.6.x on Centos 5.1 Thanks in advance -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
Re: [squid-users] Transparent proxy with MSN
2008/6/7 Amos Jeffries <[EMAIL PROTECTED]>: > Sergio Belkin wrote: >> >> 2008/6/5 Amos Jeffries <[EMAIL PROTECTED]>: >>> >>> Sergio Belkin wrote: >>>> >>>> Hi, >>>> I'd want to know if it's possible allos MSN usage along transparent >>>> proxy. >>> >>> Possible. But not always easy. It depends highly on the type of network >>> you >>> have setup (a level of NAT between the client and squid kills it fairly >>> well). >> >> The schema is as follows: >> >> A user connect with his notebook via Access Point which has OpenWRT >> installed. OpenWRT has DNAT rules: >> >> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT >> --to-destination $SQUID_IP:8080 >> >> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT >> --to-destination SQUID_IP:8080 > > That NAT happening on the AP would break squid transparency. > The AP needs to do policy-routing to pass only the port-80 packets to the > squid box. > http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic > > The NAT part appears to be right, but the Squid box should be the one doing > it. So But why is web browsing working fine? > > There is something about authentication too with MSN, Where can I red about it? > full TPROXY may be > needed for that one. > >> >> (I've tried the last one and even redirecting 1050, but I'm not sure >> if that's right) >> >> Users can browse the web with no problems using transparent proxy >> (except SSL sites of course) but they fail to use MSN. >> >> >>> MSN is _supposed_ to have automatic failovers to port 80 that use HTTP. >>> But >>> that depends on what other paths it can find through your network first. >>> > > Amos > -- > Please use Squid 2.7.STABLE1 or 3.0.STABLE6 > -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
Re: [squid-users] Transparent proxy with MSN
2008/6/5 Amos Jeffries <[EMAIL PROTECTED]>: > Sergio Belkin wrote: >> >> Hi, >> I'd want to know if it's possible allos MSN usage along transparent proxy. > > Possible. But not always easy. It depends highly on the type of network you > have setup (a level of NAT between the client and squid kills it fairly > well). The schema is as follows: A user connect with his notebook via Access Point which has OpenWRT installed. OpenWRT has DNAT rules: iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT --to-destination $SQUID_IP:8080 iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT --to-destination SQUID_IP:8080 (I've tried the last one and even redirecting 1050, but I'm not sure if that's right) Users can browse the web with no problems using transparent proxy (except SSL sites of course) but they fail to use MSN. > > MSN is _supposed_ to have automatic failovers to port 80 that use HTTP. But > that depends on what other paths it can find through your network first. > > Amos > -- > Please use Squid 2.7.STABLE1 or 3.0.STABLE6 > Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Transparent proxy with MSN
Hi, I'd want to know if it's possible allos MSN usage along transparent proxy. Thanks in advance!! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] Negative values in delay pools
Hi, I configured delay pools on squid. I get the following from squidclient: Delay pools configured: 2 Pool: 1 Class: 1 Aggregate: Disabled. Pool: 2 Class: 1 Aggregate: Max: 187500 Restore: 187500 Current: -6 Memory Used: 624 bytes - End of Output - I know that "-1" mean "no limits" but What does mean Current with a negative value < -1 ? Thanks in advance -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
[squid-users] refreshing cache
On http://www.squid-cache.org/Doc/FAQ/FAQ-12.html#ss12.20 is described how does Squid decide when to refresh a cached object. But by another side there are caching policies (directive cache_replacement_policy). I don't understand how work, o which mechanism has priority. Could somebody explain me how those work together? Thanks in advance! = Sergio Belkin¿Se imagina si su Software fuera Libre? Correo Yahoo! - 6 MB, tecnología antispam ¡gratis! Suscribite ya http://correo.yahoo.com.ar/
Re: [squid-users] transparent proxy with server box itself: SOLVED!!!
El Jueves 04 Marzo 2004 07:56, Henrik Nordstrom escribió: >HN On Wed, 3 Mar 2004 [EMAIL PROTECTED] wrote: >HN >HN > When I lsmod, I see ipnat among the loaded modules. Does this mean > that HN > local NAT is enabled? >HN >HN No, it just means that NAT is. >HN >HN There is a special kernel compile option required if you want to enable >HN NAT of locally initiated connections. If this option is not enabled (the >HN default) then the netfilter/iptables NAT code assumes you do not need > this HN and "cheats" a little on locally initiated traffic. >HN >HN Regards >HN Henrik >HN I have solved the problem. I thank for your help. I set this rules: iptables -t nat -A OUTPUT -p tcp -m owner --dport 80 --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:3128 As I supossed it could not be PREROUTING because that chain never will match with a packet outgoing form the firewall/proxy box itself. It only was possible through OUTPUT chain. The iptables man pages say: "natThis table is consulted when a packet that creates a new connec- tion is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out)." The same tell us the well-known documentation, as for example the Oskar Andreasson tutorial of iptables. The following web page also helped me: http://www.linux-bulgaria.org/lug-bg-list/archive/2003/Jun/0253.html Note that "!" cannot use with owner module then, I reverted the rule. As you will think, do nat, transparent proxy and firewalling over itself is not so useful. But I think that is interesting to learn a little more about the iptables and squid proxy-cache. Also, Henrik has said that it neccesary an special kernel option. I could include the running kernel config (but the size is 50 kb, and I don't know if attachments are allowed in this mailing but the lsmod output is: Module Size Used byNot tainted lp 8160 0 parport_pc 25544 1 parport34472 1 [lp parport_pc] i810_audio 25692 2 ac97_codec 15828 0 [i810_audio] soundcore 6340 0 [i810_audio] af_packet 14856 1 (autoclean) sr_mod 19384 2 (autoclean) floppy 55932 2 ipt_owner 1944 1 (autoclean) iptable_nat20814 1 (autoclean) ip_conntrack 26468 1 (autoclean) [iptable_nat] iptable_mangle 2712 0 (autoclean) (unused) iptable_filter 2316 0 (autoclean) (unused) ip_tables 15072 6 [ipt_owner iptable_nat iptable_mangle iptable_filter] 8139too17384 1 (autoclean) mii 3864 0 (autoclean) [8139too] nls_iso8859-15 4060 1 (autoclean) nls_cp850 4284 1 (autoclean) vfat 11820 1 (autoclean) fat38040 0 (autoclean) [vfat] supermount 84032 2 (autoclean) ide-cd 33956 0 cdrom 32608 0 [sr_mod ide-cd] ide-scsi 11376 1 scsi_mod 106176 2 [sr_mod ide-scsi] usb-ohci 21080 0 (unused) usbcore74988 1 [usb-ohci] rtc 9004 0 (autoclean) ext3 60048 11 jbd39264 11 [ext3] I thank you again and I hope that info may be usable for everyone. This list seems cool ;) Sergio -- Descargue al manual para nuevos usuarios de GNU/Linux de http://www.solar.org.ar/article.php3?id_article=28