RE: [squid-users] Squid not starting up after update to Fedora Core4

From: Vaughan Roberts <Vaughan@dont-contact.us>
Date: Mon, 27 Jun 2005 21:29:22 +1000

That's right, it was one of the first things I disabled. I don't like things
running on my box that I know nothing about what they are doing. Of course, I
intend to find out what selinux does and re-enable it once everything else is
settled.

However, I now have to announce, with egg on my face, that is was the firewall
causing the problems. Not sure why it worked before, but I now have to punch a
hole from the LAN side into firewall going to port 3128. Of course, FC4 is
running a later version of iptables than I was using on RH7.1 as well.

Thanks for the help.

Best regards,
Vaughan

Mobile: 0412 122 362

-----Original Message-----
From: Gert Brits [mailto:gbrits@techconcepts.co.za]
Sent: Monday, June 27, 2005 8:47 PM
To: Vaughan@Roberts.name; 'Emilio Casbas'
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Squid not starting up after update to Fedora Core4

SO I take it that when you disabled SELinux, it still did not work ?

Regards

Gert Brits
Senior Engineer
Technology Concepts
Tel +27 11 803 2169
Fax +27 11 803 2189
Web www.techconcepts.co.za

-----Original Message-----
From: Vaughan Roberts [mailto:Vaughan@Roberts.name]
Sent: Monday, June 27, 2005 12:28 PM
To: 'Emilio Casbas'
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Squid not starting up after update to Fedora
Core4

I have disabled selinux in /etc/selinux/conf so that it does not cause
additional problems.

I am looking at installing ethereal to get some data to help identify
the problem.

Best regards,
Vaughan

Mobile: 0412 122 362

-----Original Message-----
From: Emilio Casbas [mailto:ecasbas@unav.es]
Sent: Monday, June 27, 2005 7:36 PM
To: Vaughan@Roberts.name
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid not starting up after update to Fedora
Core4

Vaughan Roberts wrote:

>Hi,
>
>I have been using squid for about 4-5 months successfully on a RedHat
>7.1 box which acts as the nat router / firewall between the I-net and
>my LAN. A couple of days ago I decided to upgrade to Fedora Core4. I
>have now got most things working, but the browers on my LAN clients are

>not able to access web-sites. I can ping the web-sites, but the
browers are
doing nothing.
>At first I thought it was a DNS problem, but tcpdump indicates that is
>working fine and if I use IP numbers for the web-sites they still don't
respond.
>I have copied over my squid.conf and iptables setting from 7.1 and
>successfully set up the cache directories but I am getting nothing in
>access.log or store.log.
>
>Can anybody see what I am doing wrong, or knows of any utilities that
>could clarify what the issue is?
>
>Here is a decommented copy of the squid.conf file I am using. http_port

>3128 icp_port 0
>hierarchy_stoplist cgi-bin ?
>acl QUERY urlpath_regex cgi-bin \?
>no_cache deny QUERY
>cache_mem 32 MB
>cache_dir ufs /var/spool/squid 100 16 256 cache_access_log
>/var/log/squid/access.log cache_log /var/log/squid/cache.log
>cache_store_log /var/log/squid/store.log pid_filename
>/var/run/squid.pid debug_options ALL,1 33,2 auth_param basic children 5

>auth_param basic realm Squid proxy-caching web server auth_param basic
>credentialsttl 2 hours
>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 20% 4320
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst
>127.0.0.0/255.0.0.0 acl SSL_ports port 443 563
>acl Safe_ports port 80 # http
>acl Safe_ports port 8080 # http #2
>acl Safe_ports port 21 # ftp
>acl Safe_ports port 443 563 # https, snews
>acl Safe_ports port 3128 # squid (is this needed, maybe as I
don't allow
>1025-65535 below)
>acl Safe_ports port 5050:5055 # bpalogin
>acl Safe_ports port 123 # ntp
>acl Safe_ports port 280 # http-mgmt
>acl CONNECT method CONNECT
>http_access allow manager localhost
>http_access deny manager
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access deny to_localhost
>acl mylan src 192.168.1.0/255.255.255.224 http_access allow mylan
>http_access allow localhost http_access deny all http_reply_access
>allow all icp_access allow all cache_mgr root cache_effective_user
>squid cache_effective_group squid httpd_accel_port 80 httpd_accel_host
>virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on
>memory_pools on memory_pools_limit 10 MB cachemgr_passwd disable all
>coredump_dir /var/spool/squid
>
>
>Here is what is in my cache.log
>2005/06/26 21:12:28| Starting Squid Cache version 2.5.STABLE9 for
>i386-redhat-linux-gnu... 2005/06/26 21:12:28| Process ID 7346
>2005/06/26 21:12:28| With 1024 file descriptors available
>2005/06/26 21:12:28| DNS Socket created at 0.0.0.0, port 32825, FD 5
>2005/06/26 21:12:28| Adding nameserver 127.0.0.1 from /etc/resolv.conf
>2005/06/26 21:12:28| Adding nameserver 144.140.70.16 from
/etc/resolv.conf
>2005/06/26 21:12:28| Adding nameserver 144.140.71.29 from
/etc/resolv.conf
>2005/06/26 21:12:28| Adding nameserver 144.140.70.15 from
/etc/resolv.conf
>2005/06/26 21:12:28| User-Agent logging is disabled.
>2005/06/26 21:12:28| Referer logging is disabled.
>2005/06/26 21:12:28| Unlinkd pipe opened on FD 10
>2005/06/26 21:12:28| Swap maxSize 102400 KB, estimated 7876 objects
>2005/06/26 21:12:28| Target number of buckets: 393
>2005/06/26 21:12:28| Using 8192 Store buckets
>2005/06/26 21:12:28| Max Mem size: 32768 KB
>2005/06/26 21:12:28| Max Swap size: 102400 KB
>2005/06/26 21:12:28| Rebuilding storage in /var/spool/squid (CLEAN)
>2005/06/26 21:12:28| Using Least Load store dir selection
>2005/06/26 21:12:28| Set Current Directory to /var/spool/squid
>2005/06/26 21:12:28| Loaded Icons.
>2005/06/26 21:12:29| Accepting HTTP connections at 0.0.0.0, port 3128,
FD 12.
>2005/06/26 21:12:29| WCCP Disabled.
>2005/06/26 21:12:29| Ready to serve requests.
>2005/06/26 21:12:29| Done reading /var/spool/squid swaplog (0 entries)
>2005/06/26 21:12:29| Finished rebuilding storage from disk.
>2005/06/26 21:12:29| 0 Entries scanned
>2005/06/26 21:12:29| 0 Invalid entries.
>2005/06/26 21:12:29| 0 With invalid flags.
>2005/06/26 21:12:29| 0 Objects loaded.
>2005/06/26 21:12:29| 0 Objects expired.
>2005/06/26 21:12:29| 0 Objects cancelled.
>2005/06/26 21:12:29| 0 Duplicate URLs purged.
>2005/06/26 21:12:29| 0 Swapfile clashes avoided.
>2005/06/26 21:12:29| Took 0.3 seconds ( 0.0 objects/sec).
>2005/06/26 21:12:29| Beginning Validation Procedure
>2005/06/26 21:12:29| Completed Validation Procedure
>2005/06/26 21:12:29| Validated 0 Entries
>2005/06/26 21:12:29| store_swap_size = 0k
>2005/06/26 21:12:30| storeLateRelease: released 0 objects
>
>Best regards,
>Vaughan
>
>Mobile: 0412 122 362
>
>
>
>
>
Maybe does SElinux active in the new server FC4.?

Emilio C.
Received on Mon Jun 27 2005 - 05:29:34 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:03 MDT