Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries-2 wrote: Henrique M. wrote: Amos Jeffries-2 wrote: acl localhost src 192.168.2.5 # 192.168.2.5 Server IP, 192.168.2.1 Modem IP localhost is a special term used in networking to mean the IPs 127.0.0.1 and sometimes ::1 as well. When defining an ACL for 'public' squid box IPs its better to use a different name. The localnet definition covers the same public IPs anyway so redefining it is not a help here. So what do you suggest? Should I just erase this line or change it? Make it back to: acl localhost src 127.0.0.1 Amos Jeffries-2 wrote: http_access allow all This opens the proxy to access from any source on the internet at all. Zero inbound security. Not good for a long-term solution. I'd suggest testing with that as a deny all to make sure we don't get a false-success. Will do that. How about the icp_access? What does this command do? Should I leave it allow all? Allows other machines which have your squid set as a cache_peer to send ICP requests to you and get replies back. Current Squid default it off for extra security. Unless you need it, do: icp_access deny all joost.deheer wrote: Define doesn't work. Clients get an error? Won't start? Something else? Squid seems to starts, but clients can't browse the internet. They get the default error msg that the browser shows when it can't load the website. This actualy got me thinking if I am setting up the browser correctly? I'm typing the servers IP for the proxy address and 3128 for the proxy port, is that correct? I believe so yes. * Make sure its set for HTTP, HTTPS, FTP, and Gopher but not SOCKS proxy settings. (some may not be present). * Check the testing client machine can get to squid (ping or such). Check the cache.log to see if Squid is failing or busy at the time you are checking. * make sure that squid is actually running and opened port 3128. netstat -antup | grep 3128 or similar commands should say. joost.deheer wrote: You could also try to start the proxy with 'squid -N' to start squid as a console application instead of in daemon mode. The errors should then appear on your screen. How should I do that? I tried to start squid with /etc/init.d/squid -N start and /etc/init.d/squid -N but I didn't work. I end up finding out that I could check squid's status and for my surprise I got this message * squid is not running.. So how do I start squid so it will show me the error msgs on screen? Just squid -N -Y -d 1 shoudl work. If not find the path to *bin/squid and run with the full file path/name. Usually locate bin/squid says where squid actually is. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7 Thanks a lot Amos, Squid is now working on server and on client machines. I figured that squid wasn't running because there were a few folders that were not available for squid to use (probably cache folders). This is actually something that I would like to understand. Does squid cache files and webpages automatically or do I have to add a few command lines to enable it? How about the about of memory RAM used by squid and the amount of disk available for cache? Do I have to set this up or not? If not what are the default values? -- View this message in context: http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p23318899.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries-2 wrote: acl localhost src 192.168.2.5 # 192.168.2.5 Server IP, 192.168.2.1 Modem IP localhost is a special term used in networking to mean the IPs 127.0.0.1 and sometimes ::1 as well. When defining an ACL for 'public' squid box IPs its better to use a different name. The localnet definition covers the same public IPs anyway so redefining it is not a help here. So what do you suggest? Should I just erase this line or change it? Amos Jeffries-2 wrote: http_access allow all This opens the proxy to access from any source on the internet at all. Zero inbound security. Not good for a long-term solution. I'd suggest testing with that as a deny all to make sure we don't get a false-success. Will do that. How about the icp_access? What does this command do? Should I leave it allow all? joost.deheer wrote: Define doesn't work. Clients get an error? Won't start? Something else? Squid seems to starts, but clients can't browse the internet. They get the default error msg that the browser shows when it can't load the website. This actualy got me thinking if I am setting up the browser correctly? I'm typing the servers IP for the proxy address and 3128 for the proxy port, is that correct? joost.deheer wrote: You could also try to start the proxy with 'squid -N' to start squid as a console application instead of in daemon mode. The errors should then appear on your screen. How should I do that? I tried to start squid with /etc/init.d/squid -N start and /etc/init.d/squid -N but I didn't work. I end up finding out that I could check squid's status and for my surprise I got this message * squid is not running.. So how do I start squid so it will show me the error msgs on screen? -- View this message in context: http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p23175470.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Getting error msgs when trying to start squid
Henrique M. wrote: Amos Jeffries-2 wrote: acl localhost src 192.168.2.5 # 192.168.2.5 Server IP, 192.168.2.1 Modem IP localhost is a special term used in networking to mean the IPs 127.0.0.1 and sometimes ::1 as well. When defining an ACL for 'public' squid box IPs its better to use a different name. The localnet definition covers the same public IPs anyway so redefining it is not a help here. So what do you suggest? Should I just erase this line or change it? Make it back to: acl localhost src 127.0.0.1 Amos Jeffries-2 wrote: http_access allow all This opens the proxy to access from any source on the internet at all. Zero inbound security. Not good for a long-term solution. I'd suggest testing with that as a deny all to make sure we don't get a false-success. Will do that. How about the icp_access? What does this command do? Should I leave it allow all? Allows other machines which have your squid set as a cache_peer to send ICP requests to you and get replies back. Current Squid default it off for extra security. Unless you need it, do: icp_access deny all joost.deheer wrote: Define doesn't work. Clients get an error? Won't start? Something else? Squid seems to starts, but clients can't browse the internet. They get the default error msg that the browser shows when it can't load the website. This actualy got me thinking if I am setting up the browser correctly? I'm typing the servers IP for the proxy address and 3128 for the proxy port, is that correct? I believe so yes. * Make sure its set for HTTP, HTTPS, FTP, and Gopher but not SOCKS proxy settings. (some may not be present). * Check the testing client machine can get to squid (ping or such). Check the cache.log to see if Squid is failing or busy at the time you are checking. * make sure that squid is actually running and opened port 3128. netstat -antup | grep 3128 or similar commands should say. joost.deheer wrote: You could also try to start the proxy with 'squid -N' to start squid as a console application instead of in daemon mode. The errors should then appear on your screen. How should I do that? I tried to start squid with /etc/init.d/squid -N start and /etc/init.d/squid -N but I didn't work. I end up finding out that I could check squid's status and for my surprise I got this message * squid is not running.. So how do I start squid so it will show me the error msgs on screen? Just squid -N -Y -d 1 shoudl work. If not find the path to *bin/squid and run with the full file path/name. Usually locate bin/squid says where squid actually is. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7
RE: [squid-users] Getting error msgs when trying to start squid
I have made I few changes to squid.conf based on what you told me, but proxy still doesn't work. Define doesn't work. Clients get an error? Won't start? Something else? If you get denies, you could try to add a deny_info for every ACL you have, to see which ACL is stopping you: - create a file ERR_ACL_NAME (replace 'ACL_NAME' with the ACL name you use, e.g. ERR_LOCALNET for the localnet ACL) in the errors directory (you can find the exact path by grepping for error_directory in the default squid config). Give it as only content The ACL 'ACL_NAME' gave a deny. - deny_info ERR_ACL_NAME aclname (e.g. deny_info ERR_LOCALNET localnet) - Start the browser, and see which errorpage you get. If it doesn't start, the error log is your friend. You could also try to start the proxy with 'squid -N' to start squid as a console application instead of in daemon mode. The errors should then appear on your screen. Joost
Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries-2 wrote: FYI: The squid wiki http://wiki.squid-cache.org has the authoritative current information and how-tos. The config manual http://www.squid-cache.org/Doc/config has the authoritative content on all options since Squid-2.5 what they do and where they are available. What do you mean by proxy + cache for http? none of those words meanings individually or together match with httpd_accel config options meaning. Your config as posted shows: A regular forward proxy listening on port 3128 and only allowing traffic from localhost (aka IP 127.0.0.1) through to the internet. Some extension HTTP methods have been added to allow SVN to work through the proxy. Port security has been updated to allow rsync, cups and SWAT protocols to be sent over standard HTTP, and rsync, snews over CONNECT tunnel requests. The proxy sits in a private network of 192.168.2.0/24, though the network hosts are not allowed to use it. What do you need to add/alter from that? Amos Amos I probably don't need most of these rules that came with squid. For now I only want to get squid to work, speeding up the http browsing and giving total access to the internet to the network clients. I have made I few changes to squid.conf based on what you told me, but proxy still doesn't work. http://www.nabble.com/file/p23137693/squid.conf squid.conf Would you suggest a different setup for me to use? -- View this message in context: http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p23137693.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries-2 wrote: FYI: The squid wiki http://wiki.squid-cache.org has the authoritative current information and how-tos. The config manual http://www.squid-cache.org/Doc/config has the authoritative content on all options since Squid-2.5 what they do and where they are available. What do you mean by proxy + cache for http? none of those words meanings individually or together match with httpd_accel config options meaning. Your config as posted shows: A regular forward proxy listening on port 3128 and only allowing traffic from localhost (aka IP 127.0.0.1) through to the internet. Some extension HTTP methods have been added to allow SVN to work through the proxy. Port security has been updated to allow rsync, cups and SWAT protocols to be sent over standard HTTP, and rsync, snews over CONNECT tunnel requests. The proxy sits in a private network of 192.168.2.0/24, though the network hosts are not allowed to use it. What do you need to add/alter from that? Amos Amos I probably don't need most of these rules that came with squid. For now I only want to get squid to work, speeding up the http browsing and giving total access to the internet to the network clients. I have made I few changes to squid.conf based on what you told me, but proxy still doesn't work. http://www.nabble.com/file/p23137693/squid.conf squid.conf Would you suggest a different setup for me to use? I'm scratching my head over what access problems you are getting trying to use that proxy. It's almost completely open for any type of access, from any source (not good, but understandable how you got there). You may need to add http_reply_access allow all. Note: its _replies_ that are always allowed, not http_access. Which leads to two points on the config: acl localhost src 192.168.2.5 # 192.168.2.5 Server IP, 192.168.2.1 Modem IP localhost is a special term used in networking to mean the IPs 127.0.0.1 and sometimes ::1 as well. When defining an ACL for 'public' squid box IPs its better to use a different name. The localnet definition covers the same public IPs anyway so redefining it is not a help here. http_access allow all This opens the proxy to access from any source on the internet at all. Zero inbound security. Not good for a long-term solution. I'd suggest testing with that as a deny all to make sure we don't get a false-success. -- View this message in context: http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p23137693.html Sent from the Squid - Users mailing list archive at Nabble.com. Amos
Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries-2 wrote: httpd_accel has been obsolete for more than 3 years now. Where did you get that config? I know it does not come with the packaged squid/squid3 on any current Ubuntu. Considering that you have on apparently brand new installs encountered two sets of issues with long obsolete config options. I'm going to have to say please post your Ubundu version, squid version, and whole squid.conf (minus the comment '#' lines) and lets get it cleaned up before you do anything else. Amos My Ubuntu version is 8.10, my Squid version is 2.7STABLE3-1ubuntu2.1 and my squid.conf was uploaded with this message. http://www.nabble.com/file/p22971433/squid.conf squid.conf I added the httpd_accel command lines because I read online that this was the procedure to enable the proxy + cache for http, but I didn't know this was obsolete. -- View this message in context: http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p22971433.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Getting error msgs when trying to start squid
Henrique M. wrote: Amos Jeffries-2 wrote: httpd_accel has been obsolete for more than 3 years now. Where did you get that config? I know it does not come with the packaged squid/squid3 on any current Ubuntu. Considering that you have on apparently brand new installs encountered two sets of issues with long obsolete config options. I'm going to have to say please post your Ubundu version, squid version, and whole squid.conf (minus the comment '#' lines) and lets get it cleaned up before you do anything else. Amos My Ubuntu version is 8.10, my Squid version is 2.7STABLE3-1ubuntu2.1 and my squid.conf was uploaded with this message. http://www.nabble.com/file/p22971433/squid.conf squid.conf I added the httpd_accel command lines because I read online that this was the procedure to enable the proxy + cache for http, but I didn't know this was obsolete. FYI: The squid wiki http://wiki.squid-cache.org has the authoritative current information and how-tos. The config manual http://www.squid-cache.org/Doc/config has the authoritative content on all options since Squid-2.5 what they do and where they are available. What do you mean by proxy + cache for http? none of those words meanings individually or together match with httpd_accel config options meaning. Your config as posted shows: A regular forward proxy listening on port 3128 and only allowing traffic from localhost (aka IP 127.0.0.1) through to the internet. Some extension HTTP methods have been added to allow SVN to work through the proxy. Port security has been updated to allow rsync, cups and SWAT protocols to be sent over standard HTTP, and rsync, snews over CONNECT tunnel requests. The proxy sits in a private network of 192.168.2.0/24, though the network hosts are not allowed to use it. What do you need to add/alter from that? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6
Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries wrote: Henrique M. wrote: Amos Jeffries-2 wrote: httpd_accel has been obsolete for more than 3 years now. Where did you get that config? I know it does not come with the packaged squid/squid3 on any current Ubuntu. Considering that you have on apparently brand new installs encountered two sets of issues with long obsolete config options. I'm going to have to say please post your Ubundu version, squid version, and whole squid.conf (minus the comment '#' lines) and lets get it cleaned up before you do anything else. Amos My Ubuntu version is 8.10, my Squid version is 2.7STABLE3-1ubuntu2.1 and my squid.conf was uploaded with this message. http://www.nabble.com/file/p22971433/squid.conf squid.conf I added the httpd_accel command lines because I read online that this was the procedure to enable the proxy + cache for http, but I didn't know this was obsolete. FYI: The squid wiki http://wiki.squid-cache.org has the authoritative current information and how-tos. The config manual http://www.squid-cache.org/Doc/config has the authoritative content on all options since Squid-2.5 what they do and where they are available. What do you mean by proxy + cache for http? none of those words meanings individually or together match with httpd_accel config options meaning. Your config as posted shows: A regular forward proxy listening on port 3128 and only allowing traffic from localhost (aka IP 127.0.0.1) through to the internet. Some extension HTTP methods have been added to allow SVN to work through the proxy. Port security has been updated to allow rsync, cups and SWAT protocols to be sent over standard HTTP, and rsync, snews over CONNECT tunnel requests. Oops, I missed a it. snews is listed for CONNECT, but !Safe_ports still blocks it from being used. The proxy sits in a private network of 192.168.2.0/24, though the network hosts are not allowed to use it. What do you need to add/alter from that? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6
Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries-2 wrote: 'error messages' in web terminology means something completely different which can be 'kept'. I assume you mean where doe sit send the startup error output? That is usually sent to syslog by Debian/Ubuntu during init process and then when squid is going to the /var/logs/squid3/cache.log Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6 Thanks for the help so far Amos, the squid 2.7 is working now. I couldn't get squid3 to work so I reinstalled squid 2.7 and it worked right away, don't know why it didn't work before. This version seems to be ubuntu's default but it is old and even though it is running it won't recognize the httpd_accel command lines, so I had to comment them like you guys said. I also would like to ask for help with squid configuration. I have a ADSL modem that it also DHCP server (IP is 192.168.2.1) and a Ubuntu Linux server that will be the proxy server (IP 192.168.2.5). In order to get the proxy working will I have to transfer the DHCP server to the ubuntu server instead? How should I setup squid.conf to get proxy working? Thanks again -- View this message in context: http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p22957492.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Getting error msgs when trying to start squid
Amos Jeffries-2 wrote: 'error messages' in web terminology means something completely different which can be 'kept'. I assume you mean where doe sit send the startup error output? That is usually sent to syslog by Debian/Ubuntu during init process and then when squid is going to the /var/logs/squid3/cache.log Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6 Thanks for the help so far Amos, the squid 2.7 is working now. I couldn't get squid3 to work so I reinstalled squid 2.7 and it worked right away, don't know why it didn't work before. This version seems to be ubuntu's default but it is old and even though it is running it won't recognize the httpd_accel command lines, so I had to comment them like you guys said. httpd_accel has been obsolete for more than 3 years now. Where did you get that config? I know it does not come with the packaged squid/squid3 on any current Ubuntu. I also would like to ask for help with squid configuration. I have a ADSL modem that it also DHCP server (IP is 192.168.2.1) and a Ubuntu Linux server that will be the proxy server (IP 192.168.2.5). In order to get the proxy working will I have to transfer the DHCP server to the ubuntu server instead? How should I setup squid.conf to get proxy working? Considering that you have on apparently brand new installs encountered two sets of issues with long obsolete config options. I'm going to have to say please post your Ubundu version, squid version, and whole squid.conf (minus the comment '#' lines) and lets get it cleaned up before you do anything else. Amos
Re: [squid-users] Getting error msgs when trying to start squid
Do you actualy require these functions? if no then comment them out. Rob On Tue, 2009-04-07 at 10:02 -0700, Henrique M. wrote: I'm trying to run squid but I'm getting a few error msgs: * Starting Squid HTTP proxy squid 2009/04/07 13:25:53| parseConfigFile: squid.conf:67 unrecognized: 'wais_relay_port' 2009/04/07 13:25:53| parseConfigFile: squid.conf:100 unrecognized: 'incoming_icp_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:101 unrecognized: 'incoming_http_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:102 unrecognized: 'incoming_dns_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:103 unrecognized: 'min_icp_poll_cnt' 2009/04/07 13:25:53| parseConfigFile: squid.conf:104 unrecognized: 'min_dns_poll_cnt' 2009/04/07 13:25:53| parseConfigFile: squid.conf:105 unrecognized: 'min_http_poll_cnt' Could you guys help me solve this?
Re: [squid-users] Getting error msgs when trying to start squid
Also what version are you running? is this a hand crafted config or one borrowed from somwhere else? Post up the confg from lines 66 to 106 Rob On Tue, 2009-04-07 at 10:02 -0700, Henrique M. wrote: I'm trying to run squid but I'm getting a few error msgs: * Starting Squid HTTP proxy squid 2009/04/07 13:25:53| parseConfigFile: squid.conf:67 unrecognized: 'wais_relay_port' 2009/04/07 13:25:53| parseConfigFile: squid.conf:100 unrecognized: 'incoming_icp_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:101 unrecognized: 'incoming_http_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:102 unrecognized: 'incoming_dns_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:103 unrecognized: 'min_icp_poll_cnt' 2009/04/07 13:25:53| parseConfigFile: squid.conf:104 unrecognized: 'min_dns_poll_cnt' 2009/04/07 13:25:53| parseConfigFile: squid.conf:105 unrecognized: 'min_http_poll_cnt' Could you guys help me solve this?
Re: [squid-users] Getting error msgs when trying to start squid
I'm trying to run squid but I'm getting a few error msgs: * Starting Squid HTTP proxy squid 2009/04/07 13:25:53| parseConfigFile: squid.conf:67 unrecognized: 'wais_relay_port' 2009/04/07 13:25:53| parseConfigFile: squid.conf:100 unrecognized: 'incoming_icp_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:101 unrecognized: 'incoming_http_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:102 unrecognized: 'incoming_dns_average' 2009/04/07 13:25:53| parseConfigFile: squid.conf:103 unrecognized: 'min_icp_poll_cnt' 2009/04/07 13:25:53| parseConfigFile: squid.conf:104 unrecognized: 'min_dns_poll_cnt' 2009/04/07 13:25:53| parseConfigFile: squid.conf:105 unrecognized: 'min_http_poll_cnt' Could you guys help me solve this? You are using an ancient squid.conf in a newer squid. If you don't actually need the options remove them. If you do please check for how they are done in your current version. Also if you are doing an upgrade check the release notes for each version of squid between the one you were using and the new one. We write a section on upgrading changes every release that covers the dead or changed options and what to do with them in the upgrade process. One day we will have an automatic upgrader, but its not in visible sight. (volunteers to do http://wiki.squid-cache.org/Features/ConfigUpdater ??) Amos
Re: [squid-users] Getting error msgs when trying to start squid
twinturbo-2 wrote: Also what version are you running? is this a hand crafted config or one borrowed from somwhere else? Post up the confg from lines 66 to 106 Rob I was running the default squid for ubuntu server 8.10 which is the version 2.7 stable. I'm using the default squid.conf that was installed together with squid 2.7 and I don't really know if I need these command lines or not, so for now I can comment them to see if I can get squid to work. In the meantime, since squid 2.7 wasn't working I installed squid3 and tried to run it, which also didn't work, but this time it only gave me a fail message, it doesn't describes what it wrong. I would like to keep the newer version of squid installed instead of moving to the old one again, could you guys tell me where squid3 keep its error messages? Thanks -- View this message in context: http://www.nabble.com/Getting-error-msgs-when-trying-to-start-squid-tp22933693p22941895.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Getting error msgs when trying to start squid
Henrique M. wrote: twinturbo-2 wrote: Also what version are you running? is this a hand crafted config or one borrowed from somwhere else? Post up the confg from lines 66 to 106 Rob I was running the default squid for ubuntu server 8.10 which is the version 2.7 stable. I'm using the default squid.conf that was installed together with squid 2.7 and I don't really know if I need these command lines or not, so for now I can comment them to see if I can get squid to work. Okay. Since they were obsoleted by 2.6 you don't. The bigger issue is how you got a config like that out of a 2.7 bundle! In the meantime, since squid 2.7 wasn't working I installed squid3 and tried to run it, which also didn't work, but this time it only gave me a fail message, it doesn't describes what it wrong. I would like to keep the newer version of squid installed instead of moving to the old one again, could you guys tell me where squid3 keep its error messages? 'error messages' in web terminology means something completely different which can be 'kept'. I assume you mean where doe sit send the startup error output? That is usually sent to syslog by Debian/Ubuntu during init process and then when squid is going to the /var/logs/squid3/cache.log Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6