>
> We are currently running Squid version 2.5 stable 3 with the following
> compile options '--prefix=/usr/local/squid' '--enable-icmp'
> '--enable-useragent-log' '--enable-referer-log' '--enable-wccpv2'
> '--enable-linux-netfilter' '--enable-async-io' '--enable-ssl'
> '--with-openssl'. We are running this on a Dell PowerEdge 2350 server
> with a 2.8Ghz processor and 2Gb RAM and 96GB of RAID5 storage.
>
> I am utilizing SquidGuard for content filtering.
>
> This setup is running on two identical boxes where the installation
> process was duplicated from one box to the other. We are running wccp
> on our core Cisco switches to handle failover on those boxes.
>
> This setup has been running fine for over a year with the occasional
> wiping of the cache and restart using squid -z then re-running the
> startup script I wrote. I have not had a single problem with this
> seetup until the last two days. Suddenly I began to get errors when
> connecting to Yahoo's mail system (just mail, the other sections of
> Yahoo work fine), hotmail, and some sites that our users have
> to access
> at some vendor sites that use .asp pages. Now whenever I try to go to
> one of those troubled sites I get a connection reset by peer error on
> the browser and nothing else in the cache.log.
>
> To compound the puzzle if I shut down both squid boxes then all my
> traffic goes through our Pix firewall and works just fine (the squid
> boxes sit parallel to the Pix not behind it) then as soon as
> we start up
> squid and try it fails with the same errors.
>
> Does anyone have any thoughts or comments? Like I said this has run
> fine for a year or so and just started in the last 2 days.....nothing
> has been done to these servers prior to this problem starting.
>
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41
(about conn. reset
by pear meaning, first paragraph only).
As to the 'why now' question : don't bother too long with that in life.
Advising to upgrade to 2.5STABLE5. There have been issues fixed
in combination with PIX firewalls. As I recall they had problems
inspecting http packets when some headers where not seen in an initial
packet or something.
Vaque , check the archives for more.
M.
Received on Sat Jul 03 2004 - 06:48:07 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:01 MDT