LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-12-2015, 01:41 PM   #1
psix
LQ Newbie
 
Registered: Jun 2009
Posts: 20

Rep: Reputation: 0
squid and local network problem


HI ! i have problem with squid.. try access local resourcec from proxy,
my config file:

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#acl toservers src 62.213.120.176/29
acl SSL_ports port 443
acl CONNECT method CONNECT
acl ncsa_users proxy_auth REQUIRED
acl intranet src 62.213.108.196/255.255.255.224


http_access allow ncsa_users
http_access allow localhost
http_access allow intranet
#http_access allow toservers
http_access deny all

http_port 3128
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid

cache_dir ufs /squid/cache 50 8 128
cache_mem 256 MB


acl ip1 myip 212.24.35.168
tcp_outgoing_address 212.24.35.168 ip1
acl ip2 myip 212.24.35.168
tcp_outgoing_address 62.213.120.182 ip2
acl ip3 myip 212.24.35.168
tcp_outgoing_address 212.24.37.62 ip3
acl ip4 myip 212.24.35.168
tcp_outgoing_address 212.158.163.78 ip4
acl ip5 myip 212.24.35.168
tcp_outgoing_address 217.23.133.86 ip5
acl ip6 myip 212.24.35.168
tcp_outgoing_address 62.213.108.196 ip6

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

forwarded_for off
via off
[root@proxy ~]# cat /etc/squid/squid.conf
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#acl toservers src 62.213.120.176/29
acl SSL_ports port 443
acl CONNECT method CONNECT
acl ncsa_users proxy_auth REQUIRED
acl intranet src 62.213.108.196/255.255.255.224


http_access allow ncsa_users
http_access allow localhost
http_access allow intranet
#http_access allow toservers
http_access deny all

http_port 3128
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid

cache_dir ufs /squid/cache 50 8 128
cache_mem 256 MB


acl ip1 myip 212.24.35.168
tcp_outgoing_address 212.24.35.168 ip1
acl ip2 myip 212.24.35.168
tcp_outgoing_address 62.213.120.182 ip2
acl ip3 myip 212.24.35.168
tcp_outgoing_address 212.24.37.62 ip3
acl ip4 myip 212.24.35.168
tcp_outgoing_address 212.158.163.78 ip4
acl ip5 myip 212.24.35.168
tcp_outgoing_address 217.23.133.86 ip5
acl ip6 myip 212.24.35.168
tcp_outgoing_address 62.213.108.196 ip6

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

forwarded_for off
via off

when i try access server in network - 62.213.120.176/29 i have time out connection

please help !
 
Old 11-14-2015, 12:33 AM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
What is in your squid logs?
What is the result of your troubleshooting steps?
See http://wiki.squid-cache.org/SquidFaq
 
Old 11-16-2015, 02:46 AM   #3
psix
LQ Newbie
 
Registered: Jun 2009
Posts: 20

Original Poster
Rep: Reputation: 0
[root@proxy squid]# tail -f access.log | grep http://62.213.108.201/auth
1447652848.952 183253 94.153.245.138 TCP_MISS/504 4166 GET http://62.213.108.201/auth prostoy DIRECT/62.213.108.201 text/html
1447653053.404 180937 94.153.245.138 TCP_MISS/504 4130 GET http://62.213.108.201/auth prostoy DIRECT/62.213.108.201 text/html
 
Old 11-16-2015, 03:49 AM   #4
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Quote:
Originally Posted by psix View Post
[root@proxy squid]# tail -f access.log | grep http://62.213.108.201/auth
1447652848.952 183253 94.153.245.138 TCP_MISS/504 4166 GET http://62.213.108.201/auth prostoy DIRECT/62.213.108.201 text/html
1447653053.404 180937 94.153.245.138 TCP_MISS/504 4130 GET http://62.213.108.201/auth prostoy DIRECT/62.213.108.201 text/html
Why do you grep for 62.213.120.201 if the IP address with the problem is 62.213.120.176? Does the problem occur with all addresses?
TCP_MISS/504 means timeout. Most likely either the other system doesn't answer or there is a firewall issue. There may be other problems, do a web search with this string.

Finally, http://wiki.squid-cache.org/SquidFaq has a large troubleshooting section, why not start there?
 
Old 11-17-2015, 12:27 AM   #5
psix
LQ Newbie
 
Registered: Jun 2009
Posts: 20

Original Poster
Rep: Reputation: 0
Yes, problem occur with all addresses.
No, server dont have firewall.
 
Old 11-17-2015, 01:08 AM   #6
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
I just checked; I can access http://62.213.108.201/auth from my PC here. I do get a "404 not found" error - could squid try to authenticate and report a timeout rather than "not found"? I don't know enough about that, but perhaps the root of your problems is a misconfigured web server on 62.213.108.201 and the other addresses.

I can also ping that address (even the system from where the request originated, 94.153.245.138). I wonder: Can you ping 62.213.108.201 from the squid server and/or from 94.153.245.138?
Can you connect to port 80 on 62.213.108.201 (run telnet 62.213.108.201 80)?
 
Old 11-17-2015, 06:45 AM   #7
psix
LQ Newbie
 
Registered: Jun 2009
Posts: 20

Original Poster
Rep: Reputation: 0
No, this is not problem with web server, i can access from my computer and from proxy server:

[root@proxy ~]# telnet 62.213.108.201 80
Trying 62.213.108.201...
Connected to 62.213.108.201.
Escape character is '^]'.
 
Old 11-23-2015, 01:21 PM   #8
psix
LQ Newbie
 
Registered: Jun 2009
Posts: 20

Original Poster
Rep: Reputation: 0
any ideas ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
By-Pass Local domains in squid which is running in transparent mode on the network absumant Linux - Networking 3 02-17-2013 02:45 PM
Problem with Squid in local network neoinmatrix Linux - Networking 6 06-19-2010 04:52 AM
Shorewall + Squid + 111 connection refused on local network prixone Linux - Server 1 11-30-2007 11:15 AM
problem accessing local server using squid karthi26 Linux - Newbie 1 04-18-2007 03:11 AM
Squid and resolving local addresses on network lumpyhed Linux - Networking 1 03-12-2004 09:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration