LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-23-2007, 02:08 PM   #1
shobhit
Member
 
Registered: Sep 2003
Location: kolkata
Distribution: Fedora 7
Posts: 60

Rep: Reputation: 15
Set the DNS hostname for Squid cache server.


I have a stand alone PC (running Fedora 7) which I use to connect to the net. I tried running squid on it, just to have its caching property to speed up net access.
I have installed squid-2.6.STABLE16 and it is up and running.

Code:
squid     9959  9527  0 Sep23 pts/6    00:00:00 ./squid -N -d 1 -D
Also the log says...

Code:
2007/09/23 23:33:11| aclParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.1.3/24'
2007/09/23 23:33:11| Starting Squid Cache version 2.6.STABLE16 for i686-pc-linux-gnu...
2007/09/23 23:33:11| Process ID 9959
2007/09/23 23:33:11| With 1024 file descriptors available
2007/09/23 23:33:11| Using epoll for the IO loop
2007/09/23 23:33:11| DNS Socket created at 0.0.0.0, port 33045, FD 6
2007/09/23 23:33:11| Adding nameserver 208.67.222.222 from /etc/resolv.conf
2007/09/23 23:33:11| Adding nameserver 208.67.220.220 from /etc/resolv.conf
2007/09/23 23:33:11| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2007/09/23 23:33:11| Unlinkd pipe opened on FD 12
2007/09/23 23:33:11| Swap maxSize 102400 KB, estimated 7876 objects
2007/09/23 23:33:11| Target number of buckets: 393
2007/09/23 23:33:11| Using 8192 Store buckets
2007/09/23 23:33:11| Max Mem  size: 8192 KB
2007/09/23 23:33:11| Max Swap size: 102400 KB
2007/09/23 23:33:11| Rebuilding storage in /usr/local/squid/var/cache (CLEAN)
2007/09/23 23:33:11| Using Least Load store dir selection
2007/09/23 23:33:11| Set Current Directory to /usr/local/squid/var/cache
2007/09/23 23:33:11| Loaded Icons.
2007/09/23 23:33:11| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 14.
2007/09/23 23:33:11| Accepting ICP messages at 0.0.0.0, port 3130, FD 15.
2007/09/23 23:33:11| WCCP Disabled.
2007/09/23 23:33:11| Ready to serve requests.
2007/09/23 23:33:11| Done reading /usr/local/squid/var/cache swaplog (0 entries)
2007/09/23 23:33:11| Finished rebuilding storage from disk.
2007/09/23 23:33:11|         0 Entries scanned
2007/09/23 23:33:11|         0 Invalid entries.
2007/09/23 23:33:11|         0 With invalid flags.
2007/09/23 23:33:11|         0 Objects loaded.
2007/09/23 23:33:11|         0 Objects expired.
2007/09/23 23:33:11|         0 Objects cancelled.
2007/09/23 23:33:11|         0 Duplicate URLs purged.
2007/09/23 23:33:11|         0 Swapfile clashes avoided.
2007/09/23 23:33:11|   Took 0.3 seconds (   0.0 objects/sec).
2007/09/23 23:33:11| Beginning Validation Procedure
2007/09/23 23:33:11|   Completed Validation Procedure
2007/09/23 23:33:11|   Validated 0 Entries
2007/09/23 23:33:11|   store_swap_size = 0k
2007/09/23 23:33:12| storeLateRelease: released 0 objects
Next I configured firefox to use localhost.localdomain as proxy server and port 3128.
But I get the following error message.

Code:
    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
I'd appreciate any help to get this fixed, please.

Thanks.

Last edited by shobhit; 09-23-2007 at 02:32 PM.
 
Old 09-23-2007, 08:03 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
You don't need to use "localdomain" in your Firefox - localhost is fine. Personally, I use 127.0.0.1 so that it doesn't even have to look at /etc/hosts but it's all good. In any case, your problem is being caused by a bad ACL (or lack of a good one). This should be an easy fix. Let's see what your squid.conf looks like. Use this command to strip comments and spaces before posting:
Code:
cat /etc/squid/squid.conf | grep -v ^# | grep -v ^$
BTW, just to be clear: You are saying this Squid is only meant for use on localhost, right?

Last edited by win32sux; 09-23-2007 at 08:07 PM.
 
Old 09-24-2007, 12:27 AM   #3
shobhit
Member
 
Registered: Sep 2003
Location: kolkata
Distribution: Fedora 7
Posts: 60

Original Poster
Rep: Reputation: 15
I had already tried it without the localdomain it didn't work. Now I have also tried 127.0.0.1 still not working :-(

Yes I plan to use squid server on my localhost and use firefox from the same localhost to access the net.

Here's squid.conf

Code:
[sho /usr/local/squid/etc]$ cat squid.conf | grep -v ^# | grep -v ^$
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
acl localnet src 192.168.1.3/24
http_access allow  localnet
icp_access  allow  localnet
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_dir ufs /usr/local/squid/var/cache 100 16 256
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mgr sho@localhost.localdomain
cache_effective_user squid
cache_effective_group squid
coredump_dir /usr/local/squid/var/cache
The squid startup log says squid is running on 0.0.0.0
Code:
2007/09/23 23:33:11| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 14.
2007/09/23 23:33:11| Accepting ICP messages at 0.0.0.0, port 3130, FD 15.
Is that ok?

I suppose I put the log in as well :-)
Here is a part of it, it looks the same throughout :-(

Code:
1190571997.179      0 127.0.0.1 TCP_DENIED/403 1477 GET http://toolbarqueries.google.co.in/search? - NONE/- text/html
1190572006.612      0 127.0.0.1 TCP_DENIED/403 1563 GET http://www.deckle.co.za/squid-users-guide/Access_Control_and_Access_Control_Operators - NONE/- text/html
1190572006.809      0 127.0.0.1 TCP_DENIED/403 1477 GET http://toolbarqueries.google.co.in/search? - NONE/- text/html
1190572011.016      0 127.0.0.1 TCP_DENIED/403 1477 GET http://toolbarqueries.google.co.in/search? - NONE/- text/html
1190572013.843      0 127.0.0.1 TCP_DENIED/403 1477 GET http://toolbarqueries.google.co.in/search? - NONE/- text/html

Last edited by shobhit; 09-24-2007 at 12:33 AM.
 
Old 09-24-2007, 01:20 AM   #4
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
add this code to your squid.conf

http_access allow localhost
 
Old 09-24-2007, 01:53 AM   #5
shobhit
Member
 
Registered: Sep 2003
Location: kolkata
Distribution: Fedora 7
Posts: 60

Original Poster
Rep: Reputation: 15
Yep! its working. In fact this post is going through squid.
Thanks a lot.
 
Old 09-24-2007, 03:22 AM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Glad you got it working, I told you it would be an easy fix!

BTW, what are you using those localnet and our_networks ACLs for?
 
Old 09-24-2007, 07:20 AM   #7
shobhit
Member
 
Registered: Sep 2003
Location: kolkata
Distribution: Fedora 7
Posts: 60

Original Poster
Rep: Reputation: 15
You need only one of those not both, I realize that now :-)
I will remove one.
I was going through various documentation and web sites to fix this and I put that in to try to get it to work.

Is there any way to ensure that all inter net connection goes through squid only. Right now, I can choose to use the proxy setting for Firefox and therefore go through squid or connect directly. I have a new thread for that, kindly suggest.

http://www.linuxquestions.org/questi...d.php?t=586886
 
Old 09-24-2007, 05:28 PM   #8
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by shobhit View Post
You need only one of those not both, I realize that now :-)
I will remove one.
I was going through various documentation and web sites to fix this and I put that in to try to get it to work.
If this is only for localhost then you don't need any 192.168.x.x lines at all. Also, I'd change the "http_port 3128" line to "http_port 127.0.0.1:3128" to make sure it only listens on localhost, and I'd remove the "icp_access" lines and use a "icp_port 0" line to disable ICP entirely.

Quote:
Is there any way to ensure that all inter net connection goes through squid only. Right now, I can choose to use the proxy setting for Firefox and therefore go through squid or connect directly. I have a new thread for that, kindly suggest.

http://www.linuxquestions.org/questi...d.php?t=586886
I'm headed that way right now.
 
Old 09-25-2007, 07:52 AM   #9
shobhit
Member
 
Registered: Sep 2003
Location: kolkata
Distribution: Fedora 7
Posts: 60

Original Poster
Rep: Reputation: 15
What do you know, it is working without icp enabled too :-)
As I said I just put that in from somewhere, I have a long way to go with squid.
Its working without the 192.168.x.x lines too.
I guess that is because the squid server and client (Firefox) are both on localhost. If I want other machine I will have to put in that ip.
 
Old 10-03-2007, 12:05 PM   #10
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
Quote:
Originally Posted by shobhit View Post

Is there any way to ensure that all inter net connection goes through squid only. Right now, I can choose to use the proxy setting for Firefox and therefore go through squid or connect directly. I have a new thread for that, kindly suggest.
[/url]
well you can do it if you're using transparent proxy...
 
Old 10-03-2007, 10:11 PM   #11
shobhit
Member
 
Registered: Sep 2003
Location: kolkata
Distribution: Fedora 7
Posts: 60

Original Poster
Rep: Reputation: 15
I tried setting up a transparent proxy, but its not working. And I am still trying to fix it.
Kindly have a look at
http://www.linuxquestions.org/questi...d.php?t=586886
and let me know your thoughts.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid FATAL: Could not determine fully qualified hostname. Please set 'visible_hostn tarakthakor Linux - Networking 5 12-04-2010 05:29 AM
Squid DNS cache HiOctane21 *BSD 8 03-13-2007 05:19 AM
Madrake 10.1 Set Hostname + Update DNS TotalDefiance Linux - Networking 0 11-03-2004 12:27 PM
Hostname not set with DNS server bcrisler Linux - Networking 3 03-18-2004 02:38 PM
Squid 2.4 DNS cache refreshing siapliw Linux - Networking 0 09-26-2003 01:47 AM


All times are GMT -5. The time now is 11:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration