LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-09-2013, 11:11 PM   #1
cli
Member
 
Registered: Apr 2013
Distribution: RedHat, Cent, Ubuntu
Posts: 80

Rep: Reputation: Disabled
squid3 is denying all http sites


Hi All,
I had set up trasparent squid proxy using Ubuntu. Everything was working fine but suddenly everyone is getting access deny error since yesterday even I have neither done any changes in squid.conf file nor updated anything and nor blocked any sites. And also replaced squid.conf file from backup which was older than couple of weeks back but still everyone is denying for all http sites including me. But no problem for https and mails, so problem may be from squid. I stoped, started, restarted, reloaded squid service with no errors, though the problem couldn't get rid. I couldn't not find out the reasons why. So begging your kind help in this. Right now I have removed the entry which was redirecting http request to squid port 3128 in PREROUTING table of NAT to be working as only router and could solved http issues. So should I uninstall and reinstall squid3 again?
I am stuck for what next? so please help.

Thanks in advance for your kind help.
 
Old 07-10-2013, 12:54 AM   #2
gdizzle
Member
 
Registered: Jul 2012
Posts: 234

Rep: Reputation: Disabled
Hi post:

Your squid.conf

Code:
/etc/squid/squid.conf
Your Iptables rules:

Code:
iptables -nvL --line-numbers
Code:
iptables -nvL -t nat --line-numbers
We cannot be of any help unless you give us more to work with.
 
Old 07-11-2013, 09:38 AM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,349

Rep: Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910
Quote:
Originally Posted by cli View Post
Hi All,
I had set up trasparent squid proxy using Ubuntu. Everything was working fine but suddenly everyone is getting access deny error since yesterday even I have neither done any changes in squid.conf file nor updated anything and nor blocked any sites.
Sorry, that's wrong. If everything was working fine, then it STOPPED working, then SOMETHING CHANGED. If you didn't change it, someone else did.
Quote:
And also replaced squid.conf file from backup which was older than couple of weeks back but still everyone is denying for all http sites including me.
Then you can determine from those symptoms that port 80 is somehow getting blocked. Have you checked port 80? Any firewall/router/switch updates further upstream? Have you looked at iptables on that system?
Quote:
But no problem for https and mails, so problem may be from squid. I stoped, started, restarted, reloaded squid service with no errors, though the problem couldn't get rid. I couldn't not find out the reasons why.
Well, have you LOOKED for any reasons?? If all you did was stop/restart the service, that's nothing in the way of looking for a problem. Start with doing basic diagnostics. If you disable squid, can you then get out to the Internet? Have you checked any log files? Gotten with your networking folks to see what (if anything) has changed? Have them help you trace the traffic? [/QUOTE]
Quote:
So begging your kind help in this. Right now I have removed the entry which was redirecting http request to squid port 3128 in PREROUTING table of NAT to be working as only router and could solved http issues.
Why would removing the redirect rule for http make it work, when it WAS working with the rule in place before??? All signs point to SOMETHING changing. Again, basic diagnostics and thought about the problem will give you clues. If you KNOW nothing changed on your proxy server (meaning Ubuntu updates, squid changes or network changes), then the problem is very obviously further upstream in your network.
Quote:
So should I uninstall and reinstall squid3 again? I am stuck for what next? so please help.
Why would re-installing something you've already got working make things better?? It'll use the same configuration as before, and STILL not work.
 
2 members found this post helpful.
Old 07-13-2013, 09:30 AM   #4
cli
Member
 
Registered: Apr 2013
Distribution: RedHat, Cent, Ubuntu
Posts: 80

Original Poster
Rep: Reputation: Disabled
Thanks for the reply gdizzle and TB0ne Guru.
Your explanations are obsolutely right. But I can't troubleshoot live by disturbing the users for http sites, so first I need to take the proxy server offline by providing direct internet access to the users and then I can troubleshoot it. So waiting for that time when my seniors says. Though I will be following the ways whichever you have explained and come back with as what was the problem if I could fixed it or come back even if I can't.

Once again thanks for your kind guidance.

Last edited by cli; 07-13-2013 at 09:32 AM.
 
Old 07-16-2013, 12:51 PM   #5
cli
Member
 
Registered: Apr 2013
Distribution: RedHat, Cent, Ubuntu
Posts: 80

Original Poster
Rep: Reputation: Disabled
Thanks TB0ne Guru.
You are absolutely right, the problem was not in the squid.conf file instead in another file(wrong ACL entry) which was defined in the ACL list in squid.conf file.

Thanks a lot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
using curl to DL files from HTTP sites with wildcard dehuszar Programming 7 09-03-2009 05:52 AM
http > https for 1 of 6 sites hivtop Fedora 1 03-11-2008 02:27 PM
Problem in browsing local http sites java-student Linux - Networking 2 12-05-2006 03:14 PM
No http response from Ubuntu sites primitive_heart Ubuntu 7 08-20-2006 10:33 AM
Can't reach some valid sites via http (FC4) kingbolete Linux - Networking 5 02-10-2006 02:51 PM


All times are GMT -5. The time now is 05:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration