Re: [squid-users] Cannot connect to Squid's default port
Reid ha scritto: Could you tell me the command to make squid listen only on 3128? When I run tcpdump -n -i any port 3128 (or any other port) it gives me an error - something about promiscuous command. Thanks Have you tried to make squid listen only on the 3128 port ? Maybe you could start from there and then enable one other port at a time... (just writing thoughts as they pop off my head :) -- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.com Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/ Well, it's pretty easy: just leave only one http_port 3128 line in your squid.conf. I would suggest that you save your current squid.conf in a temporary file, and start over with a fresh one (i.e. copied from squid.conf.example) and see if that works. Then you can modify squid.conf one directive at a time and see if it still works after every change... Again, just my .02 euro. -- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.com
Re: [squid-users] Cannot connect to Squid's default port
On 29.06.07 12:32, Reid wrote: (please, configure your mailer to wrap lines below 80 chars) Thank you everyone for your help. The dedicated server company where my squid is located has just reported to me that we are blocking outgoing connections on tcp/3128 port for security reasons. ehm. The company you are connected through can block outgoing connections to 3128 or the company you host squid in canblock incoming connections to 3128. I also wonder why do you run squid in the hosting company, squid should be in your network, to control (and decrease) traffic from your network/company. Does this mean that they are a squid unfriendly company? Is there any reason to block that port, and not other ports associated with proxy servers?? not I'm aware off, I would ask how they mean it. Or maybe there was some misunderstanding here? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
Re: [squid-users] Cannot connect to Squid's default port
On Fri, 2007-06-29 at 12:32 -0700, Reid wrote: Does this mean that they are a squid unfriendly company? Their answer made me a little confused.. they say outgoing connections. Your connections is incoming to the hosted server I think, and it seems they blocked that as well.. Is there any reason to block that port, and not other ports associated with proxy servers?? No, can't imagine any.. other than maybe that the other common HTTP proxy ports such as 8080 is also often used by web servers... Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Cannot connect to Squid's default port
Reid ha scritto: Sounds very very much as if there is a firewall blocking access to port 3128. Regards Henrik Could you advise of how I can determine if there is some firewall running? Here is a list of running processes: Thank you 1 root Jun26 init [2] 2 root Jun26 [migration/0] 3 root Jun26 [ksoftirqd/0] 4 root Jun26 [migration/1] 5 root Jun26 [ksoftirqd/1] 6 root Jun26 [events/0] 7 root Jun26 [events/1] 8 root Jun26 [khelper] 9 root Jun26 [kthread] 34 root Jun26 [kblockd/0] 35 root Jun26 [kblockd/1] 36 root Jun26 [kacpid] 146 root Jun26 [kseriod] 173 root Jun26 [pdflush] 174 root Jun26 [pdflush] 175 root Jun26 [kswapd0] 176 root Jun26 [aio/0] 177 root Jun26 [aio/1] 732 root Jun26 [ksuspend_usbd] 733 root Jun26 [khubd] 755 root Jun26 [khpsbpkt] 781 root Jun26 [knodemgrd_0] 807 root Jun26 [ata/0] 808 root Jun26 [ata/1] 811 root Jun26 [ata_aux] 817 root Jun26 [scsi_eh_0] 818 root Jun26 [scsi_eh_1] 853 root Jun26 [scsi_eh_2] 854 root Jun26 [scsi_eh_3] 858 root Jun26 [scsi_eh_4] 1081 root Jun26 [kjournald] 1663 root Jun26 [kpsmoused] 1696 root Jun26 [hda_codec] 336 root Jun26 [kirqd] 1241 root Jun26 udevd --daemon 2132 root Jun26 /sbin/syslogd 2135 root Jun26 /sbin/klogd 2175 root Jun26 /bin/sh /usr/bin/mysqld_safe 2212 mysql Jun26 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file ... 2213 root Jun26 logger -p daemon.err -t mysqld_safe -i -t mysqld 2293 Debian-exim Jun26 /usr/sbin/exim4 -bd -q30m 2299 root Jun26 /usr/sbin/inetd 2312 root Jun26 /usr/sbin/sshd 2331 daemon Jun26 /usr/sbin/atd 2334 root Jun26 /usr/sbin/cron 2341 root Jun26 /usr/sbin/apache 9742 www-data 07:15 /usr/sbin/apache 9743 www-data 07:15 /usr/sbin/apache 9744 www-data 07:15 /usr/sbin/apache 9745 www-data 07:15 /usr/sbin/apache 9746 www-data 07:15 /usr/sbin/apache 9747 www-data 07:15 /usr/sbin/apache 2367 root Jun26 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf 10591 root 15:16 /usr/share/webmin/proc/index_tree.cgi 2371 root Jun26 /sbin/getty 38400 tty2 2372 root Jun26 /sbin/getty 38400 tty3 2374 root Jun26 /sbin/getty 38400 tty4 2375 root Jun26 /sbin/getty 38400 tty5 2377 root Jun26 /sbin/getty 38400 tty6 2394 root Jun26 /sbin/getty 38400 tty1 7279 root Jun27 squid -sY -f /etc/squid/squid.conf 7281 squid Jun27 (squid) -sY -f /etc/squid/squid.conf 10499 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10500 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10501 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10502 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10503 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10504 squid 12:58 (unlinkd) Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos more. http://mobile.yahoo.com/go?refer=1GNXIC No, to see if you have active firewall rules on the input side try: iptables -n -L INPUT -- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.com
Re: [squid-users] Cannot connect to Squid's default port
These are the results of running the commands. Does it look like there is anything that could be interfering with port 3128 connections? iptables-save # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007 *nat :PREROUTING ACCEPT [525278:45243592] :POSTROUTING ACCEPT [420:38931] :OUTPUT ACCEPT [420:38931] COMMIT # Completed on Thu Jun 28 15:32:38 2007 # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007 *mangle :PREROUTING ACCEPT [702539:100216603] :INPUT ACCEPT [211958:57721156] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [76059:28676083] :POSTROUTING ACCEPT [76059:28676083] COMMIT # Completed on Thu Jun 28 15:32:38 2007 # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007 *filter :INPUT ACCEPT [535723:156552090] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [177395:71003870] COMMIT # Completed on Thu Jun 28 15:32:38 2007 iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables -n -L INPUT Chain INPUT (policy ACCEPT) target prot opt source destination telnet #.#.#.# 3128 [FROM CLIENT] Could not open connection to host on port 3128. Connection failed tcpdump -n -i any port 3128 WARNING: Promiscuous mode not support on the any device Could you advise of how I can determine if there is some firewall running? To check if there is a local firewall running: iptables-save To check if there is a firewall between the client and the Squid server: run tcpdump -n -i any port 3128 on the Squid server, then on a client run telnet ip.of.squid.server 3128. Regards Henrik Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games. http://videogames.yahoo.com/platform?platform=120121
Re: [squid-users] Cannot connect to Squid's default port
Reid ha scritto: These are the results of running the commands. Does it look like there is anything that could be interfering with port 3128 connections? iptables-save # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007 *nat :PREROUTING ACCEPT [525278:45243592] :POSTROUTING ACCEPT [420:38931] :OUTPUT ACCEPT [420:38931] COMMIT # Completed on Thu Jun 28 15:32:38 2007 # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007 *mangle :PREROUTING ACCEPT [702539:100216603] :INPUT ACCEPT [211958:57721156] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [76059:28676083] :POSTROUTING ACCEPT [76059:28676083] COMMIT # Completed on Thu Jun 28 15:32:38 2007 # Generated by iptables-save v1.2.11 on Thu Jun 28 15:32:38 2007 *filter :INPUT ACCEPT [535723:156552090] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [177395:71003870] COMMIT # Completed on Thu Jun 28 15:32:38 2007 iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables -n -L INPUT Chain INPUT (policy ACCEPT) target prot opt source destination telnet #.#.#.# 3128 [FROM CLIENT] Could not open connection to host on port 3128. Connection failed tcpdump -n -i any port 3128 WARNING: Promiscuous mode not support on the any device Could you advise of how I can determine if there is some firewall running? To check if there is a local firewall running: iptables-save To check if there is a firewall between the client and the Squid server: run tcpdump -n -i any port 3128 on the Squid server, then on a client run telnet ip.of.squid.server 3128. Regards Henrik Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games. http://videogames.yahoo.com/platform?platform=120121 It seems you firewall is totally open, i.e. it doesn't have anything that could interfere with any daemon. That Connection failed message puzzles me: if I try to telnet a linux host from another linux host to a port that I know for sure it's closed, it tells me Connectoin refused. So either we are using different telnet clients (mine is run under gentoo linux) or there is something very strange goning on... Have you tried to make squid listen only on the 3128 port ? Maybe you could start from there and then enable one other port at a time... (just writing thoughts as they pop off my head :) -- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.com
Re: [squid-users] Cannot connect to Squid's default port
Could you advise of how I can determine if there is some firewall running? Here is a list of running processes: You cannot see the firewall as it is part of the kernel. Do a telnet localhost 3128 If you get ANY response, the port is open for the localhost, if the command fails immediately or it takes ages to fail, there is a firewall blocking access from localhost. You can do the same from a client in your network; replace the localhost by the IP of your squid server. Works also under Windows CMD shell. Hope this helps, JC
Re: [squid-users] Cannot connect to Squid's default port
Do a telnet localhost 3128 If you get ANY response, the port is open for the localhost, if the command fails immediately or it takes ages to fail, there is a firewall blocking access from localhost. You can do the same from a client in your network; replace the localhost by the IP of your squid server. Works also under Windows CMD shell. Hope this helps, JC This is the response I get: telnet localhost 3128 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. Connection closed by foreign host. I get the same result for ports like 8000, 8080. Telnet from client to 3128 hangs and doesn't connect. Telnet to other ports does connect. Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
Re: [squid-users] Cannot connect to Squid's default port
telnet localhost 3128 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. Connection closed by foreign host. I get the same result for ports like 8000, 8080. Telnet from client to 3128 hangs and doesn't connect. Telnet to other ports does connect. Then you have some sort of firewall, manageable switch or similar device between the client and your squid OR a firewall on your squid box (looks unlikely from your previous post) OR some sort of port redirection running on the client, the server or in between. This has nothing to do with squid itself. Yours, Jakob Curdes
Re: [squid-users] Cannot connect to Squid's default port
Reid wrote: Yes, I meant to say cache.log. If I try to connect via 3128, the browser times out, and no entry appears in cache.log. Hi Reid, Do the timeouts in your web browser give any indication related to your Squid proxy server? Here are the entries in squid.conf, where #.#.#.# is my ip: http_port #.#.#.#:8080 http_port #.#.#.#:8000 http_port #.#.#.#:3128 http_port #.#.#.#:3127 Why are you running Squid in 4 different ports? Anyway, try removing all entries except: http_port 3128 Are you sure that you have allowed localhost and your network to access your proxy in your squid.conf? Please post your squid.conf. I'm new to squid and don't know what transparent stuff is, but as far as I know I haven't changed anything other than basic settings. Transparent proxy refers to the term where the client does not have to manually put a proxy server to use it. Every web requests on port 80 will be redirected to Squid's port. If you indeed have some firewall running in your proxy server, run: /sbin/iptables -vnL Then initialize your cache by: squid -z After initializing your cache, run: squid -NCd1 Make sure there are no errors! From another terminal of your proxy server, run: telnet localhost 3128 If that works, telnet from another workstation: telnet IP.Of.Proxy 3128 Hope everything works fine! Thanking you... Are you doing transparent stuff anywhere? What does your squid.conf have for that port? and the others that work? By 'error log' earlier did you mean to say 'cache.log'? I have seen this effect when squid encounterd an error it can't recover from and never sends the browser an error. Amos Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. http://tv.yahoo.com/
Re: [squid-users] Cannot connect to Squid's default port
Hi, All those tests checked out - the commands did not produce any errors. Here are the uncommented lines from my squid.conf.. See anything that might block 3128? Thanks WELCOME TO SQUID 2.6.STABLE5 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /var/log/squid/access.log squid hosts_file /etc/hosts auth_param basic program /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users auth_param basic realm US 1 refresh_pattern ^ftp: refresh_pattern ^gopher: refresh_pattern . acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost acl auth proxy_auth REQUIRED http_access allow auth http_access deny all http_reply_access allow all icp_access allow all cache_effective_user squid cache_effective_group users visible_hostname Unconfigured http_port 8080 http_port 3128 forwarded_for off delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 512/6400 coredump_dir /var/spool/squid --- Tek Bahadur Limbu wrote: Reid wrote: Yes, I meant to say cache.log. If I try to connect via 3128, the browser times out, and no entry appears in cache.log. Please post your squid.conf. If you indeed have some firewall running in your proxy server, run: /sbin/iptables -vnL Then initialize your cache by: squid -z After initializing your cache, run: squid -NCd1 Make sure there are no errors! From another terminal of your proxy server, run: telnet localhost 3128 If that works, telnet from another workstation: telnet IP.Of.Proxy 3128 Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html
Re: [squid-users] Cannot connect to Squid's default port
Thank you everyone for your help. The dedicated server company where my squid is located has just reported to me that we are blocking outgoing connections on tcp/3128 port for security reasons. Does this mean that they are a squid unfriendly company? Is there any reason to block that port, and not other ports associated with proxy servers?? Thank you all again, I appreciate the help with troubleshooting. Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
Re: [squid-users] Cannot connect to Squid's default port
Reid wrote: Thank you everyone for your help. The dedicated server company where my squid is located has just reported to me that we are blocking outgoing connections on tcp/3128 port for security reasons. Does this mean that they are a squid unfriendly company? Is there any reason to block that port, and not other ports associated with proxy servers?? Hi Reid, I don't understand how blocking connections on port 3128 will provide your hosting company any security. Why don't you request your hosting company to open up port 3128 for your server? If nothing works, then simple run your proxy server in a different port. Thanking you... Thank you all again, I appreciate the help with troubleshooting. Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
Re: [squid-users] Cannot connect to Squid's default port
many scanners look for open proxies on port 3128 and 8080. mike At 12:52 PM 6/29/2007, Tek Bahadur Limbu wrote: Reid wrote: Thank you everyone for your help. The dedicated server company where my squid is located has just reported to me that we are blocking outgoing connections on tcp/3128 port for security reasons. Does this mean that they are a squid unfriendly company? Is there any reason to block that port, and not other ports associated with proxy servers?? Hi Reid, I don't understand how blocking connections on port 3128 will provide your hosting company any security. Why don't you request your hosting company to open up port 3128 for your server? If nothing works, then simple run your proxy server in a different port. Thanking you... Thank you all again, I appreciate the help with troubleshooting. Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
Re: [squid-users] Cannot connect to Squid's default port
Reid wrote: Thank you everyone for your help. The dedicated server company where my squid is located has just reported to me that we are blocking outgoing connections on tcp/3128 port for security reasons. Does this mean that they are a squid unfriendly company? Is there any reason to block that port, and not other ports associated with proxy servers?? At some point they were probably trying to cut down on abuse of open proxies... I doubt it's really justified at the moment. Thank you all again, I appreciate the help with troubleshooting. Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
Re: [squid-users] Cannot connect to Squid's default port
Thank you everyone for your help. The dedicated server company where my squid is located has just reported to me that we are blocking outgoing connections on tcp/3128 port for security reasons. Does this mean that they are a squid unfriendly company? Is there any reason to block that port, and not other ports associated with proxy servers?? For the record: if a telnet to a tcp port times out or you do not get a meaningful response this means there is something in between. An application -whatever it is- will alway be active and responding on the port or there is no service running at the port so that any request is an immediate failure. There are many reasons to block proxies [at least on stadanrd ports]. This has nothing to do with squid speccially. JC
[squid-users] Cannot connect to Squid's default port
I have setup a squid server, and it works fine on every port except squid's default (3128). Using a browser, every other port connects fine, but not 3128. I ran a utility called lsof to confirm that squid is listening on 3128. Here is the positive result: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME squid 7281 squid 15u IPv4 52369 TCP debian:8080 (LISTEN) squid 7281 squid 16u IPv4 52370 TCP debian:8000 (LISTEN) squid 7281 squid 19u IPv4 52372 TCP debian:3127 (LISTEN) squid 7281 squid 18u IPv4 52371 TCP debian:3128 (LISTEN) When my browser attempts to connect via 3128 it just hangs and eventually times out. The squid error log doesn't even show an attempt to connect. The other ports connect no problem. Any ideas? I've googled my brains out. Thanks! The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
Re: [squid-users] Cannot connect to Squid's default port
tor 2007-06-28 klockan 12:50 -0700 skrev Reid: When my browser attempts to connect via 3128 it just hangs and eventually times out. The squid error log doesn't even show an attempt to connect. The other ports connect no problem. Check if there is a firewall rule blocking port 3128. iptables-save | grep 3128 Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Cannot connect to Squid's default port
tor 2007-06-28 klockan 14:26 -0700 skrev Reid: Hi, Thank you for your reply. I'm using webmin, which reports that No IPtables firewall has been setup yet on your system.. Frustrated, And if you execute iptables-save | grep 3128 from the command line (as root)? It's possible there is iptables rules Webmin doesn't know about.. Or could there be another firewall between the client and the Squid server? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Cannot connect to Squid's default port
Running iptables-save | grep 3128 return nothings (No output, no error, just another prompt). I'm not aware of any other firewall. Baffled And if you execute iptables-save | grep 3128 from the command line (as root)? It's possible there is iptables rules Webmin doesn't know about.. Or could there be another firewall between the client and the Squid server? Thank you for your reply. I'm using webmin, which reports that No IPtables firewall has been setup yet on your system.. Frustrated, Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
Re: [squid-users] Cannot connect to Squid's default port
Running iptables-save | grep 3128 return nothings (No output, no error, just another prompt). I'm not aware of any other firewall. Baffled And if you execute iptables-save | grep 3128 from the command line (as root)? It's possible there is iptables rules Webmin doesn't know about.. Or could there be another firewall between the client and the Squid server? Thank you for your reply. I'm using webmin, which reports that No IPtables firewall has been setup yet on your system.. Frustrated, Are you doing transparent stuff anywhere? What does your squid.conf have for that port? and the others that work? By 'error log' earlier did you mean to say 'cache.log'? I have seen this effect when squid encounterd an error it can't recover from and never sends the browser an error. Amos
Re: [squid-users] Cannot connect to Squid's default port
Yes, I meant to say cache.log. If I try to connect via 3128, the browser times out, and no entry appears in cache.log. Here are the entries in squid.conf, where #.#.#.# is my ip: http_port #.#.#.#:8080 http_port #.#.#.#:8000 http_port #.#.#.#:3128 http_port #.#.#.#:3127 I'm new to squid and don't know what transparent stuff is, but as far as I know I haven't changed anything other than basic settings. Are you doing transparent stuff anywhere? What does your squid.conf have for that port? and the others that work? By 'error log' earlier did you mean to say 'cache.log'? I have seen this effect when squid encounterd an error it can't recover from and never sends the browser an error. Amos Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. http://tv.yahoo.com/
Re: [squid-users] Cannot connect to Squid's default port
tor 2007-06-28 klockan 16:15 -0700 skrev Reid: Yes, I meant to say cache.log. If I try to connect via 3128, the browser times out, and no entry appears in cache.log. And what about access.log? What happens if you run /path/to/bin/squidclient -p 3128 http://www.squid-cache.org; Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Cannot connect to Squid's default port
Hi, On Thu, 2007-06-28 at 16:47 -0700, Reid wrote: Yes, those command show squid as running, and listening on port 3128: lsof -ni tcp:3128 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME squid 7281 squid 18u IPv4 54844 TCP #.#.#.#:3128 (LISTEN) ps -ef UIDPID PPID C STIME TTY TIME CMD root 7279 1 0 Jun27 ?00:00:00 squid -sY -f /etc/squid/squid.conf squid 7281 7279 0 Jun27 ?00:00:00 (squid) -sY -f /etc/squid/squid.conf squid 8854 7281 0 05:54 ?00:00:00 (unlinkd) squid 9204 7281 0 06:25 ?00:00:00 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users squid 9205 7281 0 06:25 ?00:00:00 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users squid 9206 7281 0 06:25 ?00:00:00 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users squid 9209 7281 0 06:25 ?00:00:00 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users squid 9210 7281 0 06:25 ?00:00:00 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users I am new to squid, so it's possible that I'm doing something stupid. But I've been careful to change as few of the default settings as I could. What about the telnet tests? Colin Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather -- Colin Campbell Unix Support/Postmaster/Hostmaster Citec +61 7 3227 6334
Re: [squid-users] Cannot connect to Squid's default port
Well it just took me 3 hours to figure out that squidclient requires localhost. Fun. So I tried squidclient -p 3128 http://www.squid-cache.org; and it works fine. It outputs the entire html of squid-cache.org homepage. But using IE/Firefox to proxy through 3128 still causes the browser to hang and timeout. All other ports (8000,8080,3127,etc) connect just fine. Also, trying to connect on 3128 does not put any entry into the access.log file. Any other ideas? Thank you all for the help And what about access.log? What happens if you run /path/to/bin/squidclient -p 3128 http://www.squid-cache.org; Regards Henrik TV dinner still cooling? Check out Tonight's Picks on Yahoo! TV. http://tv.yahoo.com/
Re: [squid-users] Cannot connect to Squid's default port
On Thu, 2007-06-28 at 20:11 -0700, Reid wrote: Well it just took me 3 hours to figure out that squidclient requires localhost. Fun. So I tried squidclient -p 3128 http://www.squid-cache.org; and it works fine. It outputs the entire html of squid-cache.org homepage. But using IE/Firefox to proxy through 3128 still causes the browser to hang and timeout. All other ports (8000,8080,3127,etc) connect just fine. Also, trying to connect on 3128 does not put any entry into the access.log file. Any other ideas? Thank you all for the help Sounds very very much as if there is a firewall blocking access to port 3128. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Cannot connect to Squid's default port
Sounds very very much as if there is a firewall blocking access to port 3128. Regards Henrik Could you advise of how I can determine if there is some firewall running? Here is a list of running processes: Thank you 1 root Jun26 init [2] 2 root Jun26 [migration/0] 3 root Jun26 [ksoftirqd/0] 4 root Jun26 [migration/1] 5 root Jun26 [ksoftirqd/1] 6 root Jun26 [events/0] 7 root Jun26 [events/1] 8 root Jun26 [khelper] 9 root Jun26 [kthread] 34 root Jun26 [kblockd/0] 35 root Jun26 [kblockd/1] 36 root Jun26 [kacpid] 146 root Jun26 [kseriod] 173 root Jun26 [pdflush] 174 root Jun26 [pdflush] 175 root Jun26 [kswapd0] 176 root Jun26 [aio/0] 177 root Jun26 [aio/1] 732 root Jun26 [ksuspend_usbd] 733 root Jun26 [khubd] 755 root Jun26 [khpsbpkt] 781 root Jun26 [knodemgrd_0] 807 root Jun26 [ata/0] 808 root Jun26 [ata/1] 811 root Jun26 [ata_aux] 817 root Jun26 [scsi_eh_0] 818 root Jun26 [scsi_eh_1] 853 root Jun26 [scsi_eh_2] 854 root Jun26 [scsi_eh_3] 858 root Jun26 [scsi_eh_4] 1081 root Jun26 [kjournald] 1663 root Jun26 [kpsmoused] 1696 root Jun26 [hda_codec] 336 root Jun26 [kirqd] 1241 root Jun26 udevd --daemon 2132 root Jun26 /sbin/syslogd 2135 root Jun26 /sbin/klogd 2175 root Jun26 /bin/sh /usr/bin/mysqld_safe 2212 mysql Jun26 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file ... 2213 root Jun26 logger -p daemon.err -t mysqld_safe -i -t mysqld 2293 Debian-exim Jun26 /usr/sbin/exim4 -bd -q30m 2299 root Jun26 /usr/sbin/inetd 2312 root Jun26 /usr/sbin/sshd 2331 daemon Jun26 /usr/sbin/atd 2334 root Jun26 /usr/sbin/cron 2341 root Jun26 /usr/sbin/apache 9742 www-data 07:15 /usr/sbin/apache 9743 www-data 07:15 /usr/sbin/apache 9744 www-data 07:15 /usr/sbin/apache 9745 www-data 07:15 /usr/sbin/apache 9746 www-data 07:15 /usr/sbin/apache 9747 www-data 07:15 /usr/sbin/apache 2367 root Jun26 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf 10591 root 15:16 /usr/share/webmin/proc/index_tree.cgi 2371 root Jun26 /sbin/getty 38400 tty2 2372 root Jun26 /sbin/getty 38400 tty3 2374 root Jun26 /sbin/getty 38400 tty4 2375 root Jun26 /sbin/getty 38400 tty5 2377 root Jun26 /sbin/getty 38400 tty6 2394 root Jun26 /sbin/getty 38400 tty1 7279 root Jun27 squid -sY -f /etc/squid/squid.conf 7281 squid Jun27 (squid) -sY -f /etc/squid/squid.conf 10499 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10500 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10501 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10502 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10503 squid 12:58 /usr/bin/perl /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users 10504 squid 12:58 (unlinkd) Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos more. http://mobile.yahoo.com/go?refer=1GNXIC
Re: [squid-users] Cannot connect to Squid's default port
On Thu, 2007-06-28 at 22:26 -0700, Reid wrote: Could you advise of how I can determine if there is some firewall running? To check if there is a local firewall running: iptables-save To check if there is a firewall between the client and the Squid server: run tcpdump -n -i any port 3128 on the Squid server, then on a client run telnet ip.of.squid.server 3128. Regards Henrik signature.asc Description: This is a digitally signed message part