[CentOS-es] Squid Upgrade 3.3.8

Tue, 13 Aug 2013 08:41:54 -0700 

Buenas,

Necesito su ayuda.

Tengo funcionando un Squid Version 2.6.STABLE21 en un CentOS release 5.5
(Final)

La configuracion de mi squid es la siguiente:

[root@eze1-proxy02 ~]# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
visible_hostname eze1-proxy02
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
icp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
acl sp-download-grant src 172.17.193.25/32 #NOC-14473#
acl sp-download-grant src 172.17.196.7/32 #NOC-14473#
acl sp-download-grant src 172.17.196.30/32 #NOC-?????#
acl sp-download-grant src 172.17.196.55/32 #Pablo Resniski#
acl sp-download-grant src 172.17.196.136/32 #Damian Ferrai
acl sp-download-grant src 172.17.193.218/32 #NOC-14473#
acl sp-download-grant src 172.17.193.171/32 #adrian_bosi#
acl sp-download-grant src 172.17.197.148/32 #
acl sp-download-grant src 172.17.198.94/32 #Monitores-NOC
acl sp-download-grant src 172.17.201.63/32 #Fede_git
acl sp-download-grant src 172.17.193.38/32 #request for it-team
acl sp-download-grant src 172.17.193.197/32 #request for it-team
acl sp-download-grant src 172.17.193.6/32 #request for it-team
acl sp-download-grant src 172.17.193.5/32 #request for it-team
acl sp-download-grant src 172.17.193.4/32 #request for it-team
acl sp-download-grant src 172.17.193.7/32 #request for it-team
acl sp-download-grant src 172.17.193.85/32 #request for Mauro
acl sp-download-grant src 172.17.195.42/32 #request for it-team
acl sp-download-grant src 172.17.195.200/32 #request for it-team
acl sp-download-grant src 172.17.195.37/32 #request for it-team
acl sp-download-grant src 172.17.195.38/32 #request for it-team
acl sp-download-grant src 172.17.195.112/32 #request for it-team
acl sp-download-grant src 172.17.195.122/32 #fede for it-team
acl sp-download-grant src 172.17.195.240/32 #request for it-team
acl sp-download-grant src 172.17.195.242/32 #request for it-team
acl sp-download-grant src 172.17.195.67/32 #request for it-team
acl sp-download-grant src 172.17.195.208/32 #request for it-team
acl sp-download-grant src 172.17.193.175/32 #request for damian ferrai
acl sp-download-grant src 172.17.193.230/32 #request for Juan Ferraris
acl sp-download-grant src 172.17.196.26/32 #request for Juan Ferraris
acl sp-download-grant src 172.17.196.25/32 #request for gaston pereyra
acl sp-download-grant src 172.17.201.59/32 #request for fededon
acl sp-download-grant src 172.17.195.24/32 #request for fededon
acl sp-download-grant src 172.17.195.144/32 #request for fededon
acl sp-download-grant src 172.17.195.59/32 #request for fededon
reply_body_max_size 0 allow sp-download-grant
acl downloadhours time D 9:00-18:00
reply_body_max_size 504900000 allow downloadhours all
acl allow_url dstdomain "/etc/squid/allow_url"
http_access allow all allow_url
acl facebook_list src "/etc/squid/facebook_allow.squid"
acl facebook dstdomain .facebook.com
http_access allow facebook facebook_list
acl WorkingHours time D 09:00-13:00
acl WorkingHours2 time D 14:00-18:00
acl youtube_list src "/etc/squid/youtube_allow.squid"
acl youtube dstdomain .youtube.com
http_access allow youtube youtube_list
http_access deny youtube WorkingHours all
http_access deny youtube WorkingHours2 all
http_access allow youtube all
acl taringa_list src "/etc/squid/taringa_allow.squid"
acl taringa dstdomain .taringa.net
http_access allow taringa taringa_list
acl WorkingHours time D 09:00-13:00
acl WorkingHours2 time D 14:00-18:00
acl vimeo_list src "/etc/squid/vimeo_allow.squid"
acl vimeo dstdomain .vimeo.com
http_access allow vimeo vimeo_list
http_access deny vimeo WorkingHours all
http_access deny vimeo WorkingHours2 all
http_access allow vimeo all
http_access allow all
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange
default
max_filedesc 4096

Ahora bien, quiero pasar a la version Squid Cache: Version 3.3.8 en un
CentOS release 6.4 (Final).

Realize una instalacion nueva en otro host y la configuracion en squid.con
es la siguiente:

[root@eze1-proxy3 ~]# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
visible_hostname eze1-proxy03
acl localnet src 17.17.192.0/20
acl SSL_ports port 443 563
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
icp_access allow all
http_port 3128 intercept
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320
acl apache rep_header Server ^Apache
acl sp-download-grant src 172.17.193.25/32 #NOC-14473#
acl sp-download-grant src 172.17.196.7/32 #NOC-14473#
acl sp-download-grant src 172.17.196.30/32 #NOC-?????#
acl sp-download-grant src 172.17.196.55/32 #Pablo Resniski#
acl sp-download-grant src 172.17.196.136/32 #Damian Ferrai
acl sp-download-grant src 172.17.193.218/32 #NOC-14473#
acl sp-download-grant src 172.17.193.171/32 #adrian_bosi#
acl sp-download-grant src 172.17.197.148/32 #
acl sp-download-grant src 172.17.198.94/32 #Monitores-NOC
acl sp-download-grant src 172.17.201.63/32 #Fede_git
acl sp-download-grant src 172.17.193.38/32 #request for it-team
acl sp-download-grant src 172.17.193.197/32 #request for it-team
acl sp-download-grant src 172.17.193.6/32 #request for it-team
acl sp-download-grant src 172.17.193.5/32 #request for it-team
acl sp-download-grant src 172.17.193.4/32 #request for it-team
acl sp-download-grant src 172.17.193.7/32 #request for it-team
acl sp-download-grant src 172.17.193.85/32 #request for Mauro
acl sp-download-grant src 172.17.195.42/32 #request for it-team
acl sp-download-grant src 172.17.195.200/32 #request for it-team
acl sp-download-grant src 172.17.195.37/32 #request for it-team
acl sp-download-grant src 172.17.195.38/32 #request for it-team
acl sp-download-grant src 172.17.195.112/32 #request for it-team
acl sp-download-grant src 172.17.195.122/32 #fede for it-team
acl sp-download-grant src 172.17.195.240/32 #request for it-team
acl sp-download-grant src 172.17.195.242/32 #request for it-team
acl sp-download-grant src 172.17.195.67/32 #request for it-team
acl sp-download-grant src 172.17.195.208/32 #request for it-team
acl sp-download-grant src 172.17.193.175/32 #request for damian ferrai
acl sp-download-grant src 172.17.193.230/32 #request for Juan Ferraris
acl sp-download-grant src 172.17.196.26/32 #request for Juan Ferraris
acl sp-download-grant src 172.17.196.25/32 #request for gaston pereyra
acl sp-download-grant src 172.17.201.59/32 #request for fededon
acl sp-download-grant src 172.17.195.24/32 #request for fededon
acl sp-download-grant src 172.17.195.144/32 #request for fededon
acl sp-download-grant src 172.17.195.59/32 #request for fededon
reply_body_max_size 1000 MB sp-download-grant
acl downloadhours time D 9:00-18:00
reply_body_max_size 500 MB downloadhours all
acl allow_url dstdomain "/etc/squid/allow_url"
http_access allow all allow_url
acl facebook_list src "/etc/squid/facebook_allow.squid"
acl facebook dstdomain .facebook.com
http_access allow facebook facebook_list
acl WorkingHours time D 09:00-13:00
acl WorkingHours2 time D 14:00-18:00
acl youtube_list src "/etc/squid/youtube_allow.squid"
acl youtube dstdomain .youtube.com
http_access allow youtube youtube_list
http_access deny youtube WorkingHours all
http_access deny youtube WorkingHours2 all
http_access allow youtube all
acl taringa_list src "/etc/squid/taringa_allow.squid"
acl taringa dstdomain .taringa.net
http_access allow taringa taringa_list
acl WorkingHours time D 09:00-13:00
acl WorkingHours2 time D 14:00-18:00
acl vimeo_list src "/etc/squid/vimeo_allow.squid"
acl vimeo dstdomain .vimeo.com
http_access allow vimeo vimeo_list
http_access deny vimeo WorkingHours all
http_access deny vimeo WorkingHours2 all
http_access allow vimeo all
http_access allow all
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange
default
max_filedesc 4096

Tengo la misma configuracion de firewall en los dos servidores, las mismas
rutas, Per no puedo navegar por ninguna web en el browser, me hace un deny
a todo!

Estos son los logs:

[root@eze1-proxy3 ~]# service squid start
Starting squid: .                                          [  OK  ]
[root@eze1-proxy3 ~]# tail -f /var/log/squid/squid.out
2013/08/13 09:07:32| WARNING: You should probably remove '::/0' from the
ACL named 'all'
2013/08/13 09:07:32| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
'127.0.0.1'
2013/08/13 09:07:32| WARNING: because of this '127.0.0.1' is ignored to
keep splay tree searching predictable
2013/08/13 09:07:32| WARNING: You should probably remove '127.0.0.1' from
the ACL named 'localhost'
2013/08/13 09:07:32| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
'127.0.0.1'
2013/08/13 09:07:32| WARNING: because of this '127.0.0.1' is ignored to
keep splay tree searching predictable
2013/08/13 09:07:32| WARNING: You should probably remove '127.0.0.1' from
the ACL named 'localhost'
2013/08/13 09:07:32| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '
127.0.0.0/8'
2013/08/13 09:07:32| WARNING: because of this '127.0.0.0/8' is ignored to
keep splay tree searching predictable
2013/08/13 09:07:32| WARNING: You should probably remove '127.0.0.0/8' from
the ACL named 'to_localhost'
^C
[root@eze1-proxy3 ~]# tail -f /var/log/squid/access.log

1376395692.119      0 172.17.195.6 TCP_MISS/403 4386 GET
http://www.infobae.com/ - HIER_NONE/- text/html
1376395692.120   5004 172.17.193.7 TCP_MISS/403 4493 GET
http://www.infobae.com/ - HIER_DIRECT/172.17.195.6 text/html
1376395692.358      0 172.17.195.6 TCP_MISS/403 3985 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1376395692.359    148 172.17.193.7 TCP_MISS/403 4092 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.17.195.6text/html


Pueden ayudarme a encontrar la falla....ya no busque por todos lados y
realize cambios como se puede ver en los dos archivos de squid.conf, pero
ya no se que hacer...

Agradesco mucho su tiempo!!

Saludos,
_______________________________________________
CentOS-es mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos-es

Responder a