See my in-line comments below.
*====v====v====v====v====v====v====v====v====*
My comments are marked like this.
*====^====^====^====^====^====^====^====^====*
Mark Shearar wrote:
>
> This is a long one so I'm gonna snip out all the old stuff.
> Btw, the location was purely personal to keep everything related to
> squid under squid.
>
> Ok, removed my entire squidGuard tree and compiled as follows:
>
> (first attempt)
> make clean
> ./configure
> make
> make install
>
>
> (second attempt)
> make clean
> ./configure --with-sg-config=/etc/squidGuard.conf
> --with-sg-logdir=/var/log/squidGuard --with-sg-dbhome=/var/db/squidGuard
> make
> make install
>
> (Btw I got the same results with both the above)
>
> My config in squidGuard.conf at the moment is:
> acl {
> default {
> pass all
> }
> }
>
> (Just to try cut down on the variables, I've also had no results with my
> customized rule set)
>
> The response I get is a standard IE page saying "The page you are
> looking for is currently unavailable."
> at the top and "Cannot find server or DNS Error" at the bottom. The
> squid access.log shows no attempt to access the relevant site
> (google.com) so my guess is that squid isn't even trying to send it
> anywhere yet.
*====v====v====v====v====v====v====v====v====*
As you have pointed out, that is not a squid response, but your
browser's response. Is your browser configured to use a proxy server
and pointed at your squid box? Or are you configured as a transparent
proxy?
I'd bet it isn't in access.log because squid never got it.
*====^====^====^====^====^====^====^====^====*
>
> the cache.log shows:
*====v====v====v====v====v====v====v====v====*
Date/time fields have been removed to improve display.
*====^====^====^====^====^====^====^====^====*
>
> Starting Squid Cache version 2.5.STABLE1 for i686-pc-linux-gnu...
> Process ID 27283
> With 1024 file descriptors available
> Initializing IP Cache...
> ipcache_init: Skipping DNS name lookup tests.
> cachemgrRegister: registered ipcache
> Initializing FQDN Cache...
> cachemgrRegister: registered fqdncache
> etc_hosts: line is '127.0.0.1 localhost localhost.localdomain'
> etc_hosts: address is '127.0.0.1'
> etc_hosts: multiple spaces, skipping
> etc_hosts: got hostname 'localhost'
> etc_hosts: got hostname 'localhost.localdomain'
> etc_hosts: line is '10.0.0.1 moria'
> etc_hosts: address is '10.0.0.1'
> etc_hosts: multiple spaces, skipping
> etc_hosts: got hostname 'moria'
> etc_hosts: address is ''
> etc_hosts: line is ''
> etc_hosts: address is ''
*====v====v====v====v====v====v====v====v====*
The etc_hosts section above raises a couple of questions:
- Have you corrected the errors in the /etc/hosts file on the
squid box?
- I don't understand why squid is reading the /etc/hosts file. The
Squid documentation says:
"Instead of Intranet DNS you can have domain entries in /etc/hosts.
You have to configure squid with --disable-internal-dns to use
/etc/hosts file lookup."
But you've provided your squid configure options at the end of this
email and --disable-internal-dns is not listed.
What is your take on this?
*====^====^====^====^====^====^====^====^====*
> fqdncacheRelease: Released FQDN record for ''.
> comm_open: FD 5 is a new socket
> fd_open FD 5 DNS Socket
> comm_local_port: FD 5: port 33010
> DNS Socket created at 0.0.0.0, port 33010, FD 5
> Adding nameserver 196.30.249.1 from squid.conf
> idnsAddNameserver: Added nameserver #0: 196.30.249.1
> Adding nameserver 196.30.249.2 from squid.conf
> idnsAddNameserver: Added nameserver #1: 196.30.249.2
*====v====v====v====v====v====v====v====v====*
Nameservers listed in squid.conf are used instead of those in
/etc/resolv.conf. Why would you want to use nameservers different
from those listed in /etc/resolv.conf?
*====^====^====^====^====^====^====^====^====*
> cachemgrRegister: registered idns
> helperOpenServers: Starting 4 'squidGuard' processes
> comm_open: FD 6 is a new socket
> fd_open FD 6 squidGuard
> comm_open: FD 7 is a new socket
> fd_open FD 7 squidGuard
> ipcCreate: prfd FD 7
> ipcCreate: pwfd FD 7
> ipcCreate: crfd FD 6
> ipcCreate: cwfd FD 6
> ipcCreate: FD 7 sockaddr 127.0.0.1:44113
> ipcCreate: FD 6 sockaddr 127.0.0.1:44112
> ipcCreate: FD 6 listening...
> comm_close: FD 6
> commCallCloseHandlers: FD 6
> fd_close FD 6 squidGuard
> leave_suid: PID 27284 called
> leave_suid: PID 27284 giving up root priveleges forever
> ipcCreate: calling accept on FD 6
> connect FD 7: (110) Connection timed out
> comm_close: FD 7
> commCallCloseHandlers: FD 7
> fd_close FD 7 squidGuard
> WARNING: Cannot run '/usr/local/bin/squidGuard' process.
> comm_open: FD 6 is a new socket
> fd_open FD 6 squidGuard
> comm_open: FD 7 is a new socket
> fd_open FD 7 squidGuard
> ipcCreate: prfd FD 7
> ipcCreate: pwfd FD 7
> ipcCreate: crfd FD 6
> ipcCreate: cwfd FD 6
> ipcCreate: FD 7 sockaddr 127.0.0.1:44115
> ipcCreate: FD 6 sockaddr 127.0.0.1:44114
> ipcCreate: FD 6 listening...
> comm_close: FD 6
> commCallCloseHandlers: FD 6
> fd_close FD 6 squidGuard
> leave_suid: PID 27292 called
> leave_suid: PID 27292 giving up root priveleges forever
> ipcCreate: calling accept on FD 6
> connect FD 7: (110) Connection timed out
> comm_close: FD 7
> commCallCloseHandlers: FD 7
> fd_close FD 7 squidGuard
> WARNING: Cannot run '/usr/local/bin/squidGuard' process.
> comm_open: FD 6 is a new socket
> fd_open FD 6 squidGuard
> comm_open: FD 7 is a new socket
> fd_open FD 7 squidGuard
> ipcCreate: prfd FD 7
> ipcCreate: pwfd FD 7
> ipcCreate: crfd FD 6
> ipcCreate: cwfd FD 6
> ipcCreate: FD 7 sockaddr 127.0.0.1:44118
> ipcCreate: FD 6 sockaddr 127.0.0.1:44117
> ipcCreate: FD 6 listening...
> comm_close: FD 6
> commCallCloseHandlers: FD 6
> fd_close FD 6 squidGuard
> leave_suid: PID 27301 called
> leave_suid: PID 27301 giving up root priveleges forever
> ipcCreate: calling accept on FD 6
>
> A "ps -ax |grep squid" shows:
>
> 799 ? S 0:00 tail -f /usr/local/squid/logs/access.log
> 27275 pts/1 S 0:00 tail -f squidGuard.log
> 27281 ? S 0:00 /usr/local/squid/bin/squid -D
> 27283 ? S 0:00 (squid) -D
> 27284 ? S 0:00 (squid) -D
> 27292 ? S 0:00 (squid) -D
>
*====v====v====v====v====v====v====v====v====*
I'm curious... what does 'ps -u proxy' show?
In the ps listing pid 27283 is squid and 27281 is the program that
starts and restarts squid. pid 27284 & 27292 are the processes that
squid started that were to become squidGuard. I don't understand why
they are still there, and as long as they are there, why aren't there
four of them?
I ran a test here to see how squid would react.
Here's a 'ps -ax | grep squid' on my system:
1223 ? S 0:00 squid -D
18574 ? S 1:02 (squid) -D
18575 ? S 0:04 (squidGuard)
18576 ? S 0:00 (squidGuard)
18577 ? S 0:00 (squidGuard)
18578 ? S 0:00 (squidGuard)
19423 pts/0 S 0:00 grep squid
One by one, I issued kill commands on each of the squidGuard processes.
Here's what was written to cache.log while I was doing the killing:
- - - - cache.log - - - - -
WARNING: redirector #1 (FD 7) exited
WARNING: redirector #2 (FD 8) exited
WARNING: redirector #3 (FD 9) exited
storeDirWriteCleanLogs: Starting...
WARNING: Closing open FD 6
65536 entries written so far.
131072 entries written so far.
196608 entries written so far.
262144 entries written so far.
Finished. Wrote 318946 entries.
Took 3.4 seconds (92643.8 entries/sec).
FATAL: Too few redirector processes are running
Squid Cache (Version 2.4.STABLE6): Terminated abnormally.
- - - - - - - - - - - - - - -
Squid then immediately restarted on its own.
Looking at squid's actions here, I would've thought that in your
situation squid would've logged "FATAL: Too few redirector processes
are running" (or something like that) and terminated.
*====^====^====^====^====^====^====^====^====*
> squidGuard.log shows nothing except for the results from my "make test"
>
>
> The one difference that I have noticed though is that cache.log will
> show, with no redirect_program, the following:
> fd_open FD 12 HTTP Socket
> Accepting HTTP connections at 0.0.0.0, port 3128, FD 12.
> fd_open FD 13 HTTP Socket
> Accepting HTTP connections at 0.0.0.0, port 8080, FD 13.
*====v====v====v====v====v====v====v====v====*
You don't get that message until squid makes it all the way up, so
apparently squid never made it. (There's another reason why the
error message you mentioned earlier came from your browser, and was
never written to access.log.)
*====^====^====^====^====^====^====^====^====*
>
> As soon as I add the redirect_program though, the above lines do not
> appear at all.
>
> My Linux distribution is:
> Linux version 2.4.18 (gcc version 2.96 20000731 (Red Hat Linux 7.1
> 2.96-85))
> Squid is compiled from a tarball with the following options:
> ./configure --enable-delay-pools --enable-useragent-log
> --enable-referer-log --enable-ipf-transparent --enable-linux-netfilter
*====v====v====v====v====v====v====v====v====*
As mentioned earlier, the documentation indicates if you want squid
to use /etc/hosts "You have to configure squid with
--disable-internal-dns to use /etc/hosts file lookup". (Unless I'm
misreading the documentation?)
I was also unfamiliar with the "--enable-ipf-transparent" option, and
had to look it up. I read three different versions, and they all said
basically the same thing:
"For some operating systems, you need to have configured and built
a version of Squid which can recognize the hijacked connections and
discern the destination addresses. For Linux this seems to work
automatically. For *BSD-based systems, you probably have to configure
squid with the --enable-ipf-transparent option." Are you comfortable
that it is appropriate with your installation?
*====^====^====^====^====^====^====^====^====*
>
> Hope it makes sense :)
> Mark
>
>
