[squid-users] ARGH!! Squid is not Fetching from parent proxy again!! argh!!
Ok guise Ive tried many things and am ready to pull my last hair out, accept that im bald. so I need some help with this. Both proxies are working fine as standalone proxies within my networks. I dont need authentication, and both are squid 3.1.6, yes I know I should update, but compiling isnt workin for me. So, Ill go with the official Stable release from the debian repos thank you very much. Could one of you generous gentlemen take a peak and see if I have goofed up somewhere? Tailing the /var/log/squid3/access.log shows traffic only on the downstream squid, and never on the upstream. Ive been watching the logs for hours now and have zero activity on the parent and have had over 500mb of http traffic on the downstream, so something should have hit by now. But nothing has. ### Heres the conf for my downstream proxy ### http_port 10.10.1.105:3128 cache_peer 192.168.1.205 parent 3128 3129 default icp_port 3129 #prefer_direct off #nonhierarchical_direct off never_direct deny all refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 10.10.1.1 hosts_file /etc/hosts cache_swap_low 90 cache_swap_high 95 access_log /var/log/squid3/access.log cache_mem 400 MB memory_pools off maximum_object_size_in_memory 512 KB maximum_object_size 400 MB log_icp_queries off half_closed_clients off cache_mgr mrnicho...@gmail.com cache_dir ufs /mnt/secondary/var/spool/squid3 3 32 256 visible_hostname deviant.evil shutdown_lifetime 1 second #icap_enable on #icap_send_client_ip on #icap_send_client_username on #icap_client_username_encode off #icap_client_username_header X-Authenticated-User #icap_preview_enable on #icap_preview_size 1024 #icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav #adaptation_access service_req allow all #icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav #adaptation_access service_resp allow all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.10.1.0/24 acl blacklist dstdomain /mnt/secondary/squid3/squid-block.acl acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 # http acl Safe_ports port 443 # ftp acl Safe_ports port 70 # https acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 280 # unregistered ports acl Safe_ports port 488 # http-mgmt acl Safe_ports port 591 # gss-http acl Safe_ports port 777 # filemaker acl CONNECT method CONNECT # multiling http always_direct allow localnet icp_access allow localnet icp_access deny all http_access deny blacklist http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all And heres the conf for the upstream proxy http_port 192.168.1.205:3128 icp_port 3129 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 192.168.1.1 hosts_file /etc/hosts cache_swap_low 95 cache_swap_high 98 access_log /var/log/squid3/access.log cache_mem 700 MB memory_pools on maximum_object_size_in_memory 3 MB maximum_object_size 320 MB log_icp_queries off half_closed_clients off cache_mgr mrnicho...@gmail.com cache_dir ufs /var/spool/squid3 4 32 256 visible_hostname squid.brosound shutdown_lifetime 1 second #icap_enable on #icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/dlp #adaptation_access service_req allow all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 192.168.1.0/24 #blacklisting disabled for oneil #acl blacklist dstdomain /etc/squid3/squid-block.acl acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 82 acl Safe_ports port 21 # FTP acl Safe_ports port 443 ## SSL acl Safe_ports port 70 # https acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 280 # unregistered ports acl Safe_ports port 488 # http-mgmt acl Safe_ports port 591 # gss-http acl Safe_ports port 777 # filemaker acl CONNECT method CONNECT # multiling http acl INSIDE_IP dst 192.168.1.0/24 #always_direct allow INSIDE_IP #never_direct allow all icp_access allow localnet icp_access deny all #blacklisting disabled for oneil #http_access deny blacklist http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet
[squid-users] Why is squid caching local intranet domains??
Im scratching my head here, Ive got an issue thats driving me bonkers... 1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET http://deviant.evil/ - NONE/- text/html Clearly this local site is being cached, what is frustrating is that I have the following meta tag on the page meta http-equiv=Cache-control content=no-cache Yet squid is apparently ignoring that directive completely. Ok, no problem, so we set our conf up to always go direct for localnet acl right? No dice, still caching, Could one of you be so kind as to take a look at my conf and tell me why? ## #transparent because ddwrt is forwarding traffic to it http_port 3128 transparent #parent disabled due to location outside scope of firewall rules #cache_peer 192.168.1.205 parent 3128 3129 default # no-query no-digest never_direct deny all refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 10.10.1.1 hosts_file /etc/hosts cache_swap_low 95 cache_swap_high 98 access_log /var/log/squid3/access.log cache_mem 320 MB memory_pools on maximum_object_size_in_memory 512 KB maximum_object_size 400 MB log_icp_queries off half_closed_clients on cache_mgr mrnicho...@gmail.com cache_dir ufs /mnt/secondary/var/spool/squid3 3 32 256 visible_hostname deviant.evil shutdown_lifetime 1 second #icap_enable on #icap_send_client_ip on #icap_send_client_username on #icap_client_username_encode off #icap_client_username_header X-Authenticated-User #icap_preview_enable on #icap_preview_size 1024 #icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav #adaptation_access service_req allow all #icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav #adaptation_access service_resp allow all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.10.1.0/24 acl blacklist dstdomain /mnt/secondary/squid3/squid-block.acl acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 # http acl Safe_ports port 443 # ftp acl Safe_ports port 70 # https acl Safe_ports port 210 # gopher acl Safe_ports port 1025-65535 # wais acl Safe_ports port 280 # unregistered ports acl Safe_ports port 488 # http-mgmt acl Safe_ports port 591 # gss-http acl Safe_ports port 777 # filemaker acl CONNECT method CONNECT # multiling http always_direct allow localnet #icp_access allow localnet #icp_access deny all http_access deny blacklist http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all #Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
[squid-users] wtf
squid is caching but refuses to serve cached content to my peers, its = a small home network and I need to get an estimate for, something that = will likely take about an hour or two worth of work, to get my squid working properly, its quite frustrating to see squids cache growing and 1gig memory consumption, downloading http content like updates and game patches yet not being served that cached content. its like a carrot dangling on a stick, and I just apparently cant seem to get it.
[squid-users] need a simple transparent caching conf
Squid is caching content, but it is NOT serving cache to my clients and frankly its driving me nuts, I dont need a 101 on squid, I just need a basic conf. I wish the devs would include a basic transparent cache proxy conf with squid to save noobs like me the trouble. My clients are MANUALLY aimed at the proxy at port 3128, they can surf just fine, so NAT is NOT required on the box, I just need a conf that actually WORKS. This is getting absurd, I dont understand why its not serving up cached content, I download ANYTHING you know 13mb exe files from a site, then go download the same file on another pc and BAM!! fresh content NOT served from the cache, wtf am I doing wrong here!?!?!?! Ive tried several confs and they all FAIL to actually serve up cache, below is my latest attempt. http_port 3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache access_log /var/log/squid3/access.log squid hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost acl lan src 10.10.1.0/24 http_access allow localhost http_access allow lan http_access deny all http_reply_access allow all icp_access allow all visible_hostname katmai.local always_direct allow all coredump_dir /var/spool/squid3 cache_dir ufs /var/spool/squid3 2 32 256 maximum_object_size 200 MB maximum_object_size_in_memory 50 MB
[squid-users] Sqiuid Refuses to Serve Cached Content, strange cache.log errors
Ive set transparent and removed it, changed my OS, doesnt matter, access log doesnt even show half the things im downloading. My clients browsers are set manually to the squid servers ip, I get internet through the proxy, just not getting the benefits of the cache :( root@katmai:/var/log/squid3# df -h FilesystemSize Used Avail Use% Mounted on /dev/mapper/katmai-root 37G 1.2G 34G 4% / varrun1.5G 60K 1.5G 1% /var/run varlock 1.5G 0 1.5G 0% /var/lock udev 1.5G 44K 1.5G 1% /dev devshm1.5G 0 1.5G 0% /dev/shm /dev/sda1 236M 25M 199M 12% /boot Linux katmai 2.6.24-19-server #1 SMP Wed Jun 18 15:18:00 UTC 2008 i686 = GNU/Linux cache.log errors -- 2011/06/04 13:29:25| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:30:29| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:31:30| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:32:31| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:33:32| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:34:34| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:35:35| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:36:36| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available squid.conf -- root@katmai:/var/log/squid3# df -h FilesystemSize Used Avail Use% Mounted on /dev/mapper/katmai-root 37G 1.2G 34G 4% / Linux katmai 2.6.24-19-server #1 SMP Wed Jun 18 15:18:00 UTC 2008 i686 = GNU/Linux cache.log errors -- 2011/06/04 13:29:25| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:30:29| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:31:30| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:32:31| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:33:32| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:34:34| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:35:35| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available 2011/06/04 13:36:36| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) = failed: (92) Protocol not available squid.conf -- visible_hostname central.server http_port 3128 icp_port 0 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 127.0.0.1 cache_swap_low 90 cache_swap_high 95 access_log /var/log/squid3/access.log cache_mem 2048 MB memory_pools on maximum_object_size_in_memory 50 MB log_icp_queries off cache_mgr ad...@meatspin.com cache_dir ufs /var/spool/squid3 2 32 256 acl localhost src 127.0.0.1/32 acl manager proto cache_object acl our_networks src 10.10.1.0/24 acl SSL_ports port 443 acl Safe_ports port 21 # ftp acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow our_networks http_access allow localhost http_access deny all cache deny localhost manager SSL_ports maximum_object_size 300 MB cache_replacement_policy heap GDSF
[squid-users] testing, squid users can you get this?
anyone getting my mails?
[squid-users] Squid not caching, plz help
Ok Ive had squid3 running rock solid for months, I recently migrated from Ubuntu 9 to 10.04 and now Squid is clearly not caching, but traffic IS passing through it, my conf is the same as it was before but now im getting an error on cache.log every time squid gets a request, any help would be great, im sure its something simple Im just not seeing..THANK YOU!! ERRORs from cache.log == 2011/06/03 13:57:32| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 13:58:53| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:00:12| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:01:27| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:03:04| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:05:19| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:06:59| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:08:50| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:10:27| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:11:32| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available 2011/06/03 14:12:39| clientNatLookup: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available === #squid..conf visible_hostname central.server http_port 3128 transparent icp_port0 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 dns_nameservers 127.0.0.1 cache_swap_low 95 cache_swap_high 98 access_log /var/log/squid3/access.log cache_mem 2048 MB memory_pools on maximum_object_size_in_memory 50 MB log_icp_queries off cache_mgr ad...@meatspin.com cache_dir ufs /var/spool/squid3 2 32 256 acl localhost src 127.0.0.1/32 acl manager proto cache_object acl our_networks src 10.10.1.0/24 acl localnet src 127.0.0.1/255.255.255.255 acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain redir.metaservices.microsoft.com acl windowsupdate dstdomain images.metaservices.microsoft.com acl windowsupdate dstdomain c.microsoft.com acl windowsupdate dstdomain www.download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate dstdomain crl.microsoft.com acl windowsupdate dstdomain sls.microsoft.com acl windowsupdate dstdomain productactivation.one.microsoft.com acl windowsupdate dstdomain ntservicepack.microsoft.com acl SSL_ports port 443 acl Safe_ports port 21 # ftp acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com http_access allow our_networks http_access allow localnet http_access allow CONNECT wuCONNECT our_networks http_access allow windowsupdate our_networks http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow manager localhost http_access deny manager http_access allow all cache deny localhost manager localnet SSL_ports maximum_object_size 300 MB
