Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
We had Squid 2.5 from the CENTOS build CDs loaded and running on the linux server we have in place at work. The problem was one of our team deleted the /var/logs/squid/access.log when it got too big (instead of the squid -k rotate command). Of course Squid barfed... and would never start back up. I was reading on the Squid pages and I saw where basically a reinstallation was required. Dumby me trusted the person I asked to uninstall the software, did not so when I deployed the install of the updated verison of Squid (2.5 Stable14) it loaded fine and runs... the problem... the proxy is not working at all on the clients... My iptables is as follows:
So my question is this... should I uninstall both verisons of Squid and reload the stable14 verison fresh (saving my squid.conf file of course) or is there a way to make this work without the hassle of a dual uninstall (I know to run make uninstall for the stabe14 verison but I'm not sure how to remove the verison that came with the installation CDs)???
squid has *NOTHING* to do with ip tables... i don't understand why you're mixing the two... the tables there list "squid" as it'[s just a well known port, 3128 == squid. there's no reason to uninstall squid in the first place. deleting the access.log is trivial and will in no way stop it reloading at all. you need to actually look at your logs in more detail. by installing squid you presumably actually upgraded squid, maybe you replaced the personalised squid.conf with the factory defaults??
But the iptables have a great deal to do with the squid operations... i.e. open the ports to the proxy itself... that is in every help file I have seen. I made a copy of my squid.conf and moved it... once I reloaded the software I migrated the original squid.conf back to /etc/squid/ directory. In webmin I can see the configuration file perfectly. The problem is absolutely NO client on my network can see the internet at all (no sites) if I try to push the proxy information to them. That is my concern and problem.
What I can find this maybe solely an iptables issue, but I'm not sure. the logs are useless since they do not state anything outside of the SARG requests I'm making against the Proxy server. Everything was working perfectly until the access.log file was deleted in squid. In addition, during a reboot the iptables lost it's configuration as well. I have to run an iptables-restore command to get that back (took forever!), but once I did iptables was fine, but no squid.
I need to find some solution or a point in point in the right direction to figure this issue out. Because I'm lost as to why everything looks right, but no client can use the proxy.
well as above, screwing with squid will not be able to affect iptables in any way at all. obviously the two come into collision if you are blocking it, but it's either an issue with squid or with iptables. is squid running? Can you access squid through localhost? can you telnet to port 3128 locally and remotely? if you can't get that remotely then yes that would suggest iptables certainly, but if you do get a tcp socket opening then iptables will have no part to play in the issue you have, in which case you're back to squid. that test *should* be enough to at least confirm which part of the equation is at fault.
well actually ssh will work too, just won't look as pretty. wget, indeed *anything* that can open a tcp port. best actually would be nmap... by defualt it's do a TCP handshake to many common ports, and i'd be sure 3128 woudl be included. if not, just tell it to use that port directly.