LinuxQuestions.org - [SOLVED] Squid 3.2 Installation On Centos Issue

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Squid 3.2 Installation On Centos Issue - Plz Help (https://www.linuxquestions.org/questions/linux-newbie-8/squid-3-2-installation-on-centos-issue-plz-help-4175487160/)

Squid 3.2 Installation On Centos Issue - Plz Help

Hey guys, i have been trying numerous times to compile squid 3.2 version on centos 6 but miserably failing at last. Well the squid version 3.1 comes default with centos has no issue installing and it instantly process and install with the command 'yum install squid' but when i try doing own version by following this;

Code:

cd /usr/local/src

wget http://www.squid-cache.org/Versions/...3.2.0.7.tar.gz

tar -zxvf squid-3.2.0.7.tar.gz

cd squid-3.2.0.7

./configure

make all

make install

EDIT: I got it like some error codes which i pasted here:- http://pastebin.com/qAuLkbk5 plz check

also while trying with rpms some other errors coming. Do i have to install any prerequisite for squid before compilation or trying with rpms on centos? Though i have installed gcc-c++ before doing compilation so dont think like any compiling mistakes. But not so sure, since m a linux newbie and any help would be appreciated. Regards :)

Hi,

I don't see any errors, meaning that the compilation ended successfully.
The error codes like the ./pt/ERR_FTP_FORBIDDEN in the 1st line of the pasted output, are the errors in different languages produced during the normal operation of squid in response to various situations (e.g. above is the message in portugese when ftp is forbidden)
So continue with "make install" (as root) to install squid.

Regards

Hi thanks for replying. Btw i proceeded with it but atlast thr is no '/etc/squid/' directory or service squid status reverting 'squid: unrecognized service'

Well i have been trying quite a lot since day before yesterday but nothing seems to be working out. Also i have tried rpms but displaying sort of perl-authen not present but my centos is latest updated to 6.5 with all dependencies and m afraid why its so. Or if thr is no stable release of squid available other than the 3.1 version which is working fine but an itching issue of 'x-requested with header' itsnt passing. So i learnt after reading that upgrading to 3.2` only will solve the issue. After all dont knw what is faulty, if my centos has any flaw or so :D

Quote:

Btw i proceeded with it but atlast thr is no '/etc/squid/' directory or service squid status reverting 'squid: unrecognized service'

Since you've compiled/installed squid from sources, everything is installed under /usr/loca/squid.
So if you want to change configuration, you need to edit /usr/local/squid/etc/squid.conf
For the same reason there is no squid service, but you have to run /usr/local/squid/abin squid. Have a look here for details. Don't forget to use the -z option the 1st time you run the daemon in order to create the cache directories.

Regards

Hi i have installed squid and its running but m unable to connect. i been getting a proxy server refusing connection. My config is below

Quote:

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl me src xxx.xx.xx.x/32
acl you src x.xx.xx.xx/32
http_access allow me
http_access allow you
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
cache deny all

# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

any can point out the mistake plz in what m doing?

when i checked the access log m getting the following output

Quote:

[root@vps squid-3.2.0.6]# vi /usr/local/squid/var/logs/access.log

1386569006.831 0 xx.xxx.xxx.xx NONE/400 3484 GET / - HIER_NONE/- text/html
1386569008.289 0 xx.xxx.xxx.xx NONE/400 3506 GET /favicon.ico - HIER_NONE/- text/html
1386569008.883 0 xx.xxx.xxx.xx NONE/400 3506 GET /favicon.ico - HIER_NONE/- text/html
1386569027.343 0 xx.xxx.xxx.xx NONE/400 3484 GET / - HIER_NONE/- text/html
1386569802.484 xx.xxx.xxx.xx TCP_MISS/302 754 GET http://fxfeeds.mozilla.com/en-US/firefox/headlines.xml - HIER_DIRECT/72.21.91.19 text/html
1386569802.590 xx.xxx.xxx.xx TCP_MISS/302 798 GET http://fxfeeds.mozilla.com/firefox/headlines.xml - HIER_DIRECT/72.21.91.19 text/html
1386569802.804 xx.xxx.xxx.xx TCP_MISS/301 665 GET http://newsrss.bbc.co.uk/rss/newsonl...t_page/rss.xml - HIER_DIRECT/69.31.75.225 text/html
1386569803.112 xx.xxx.xxx.xx TCP_MISS/200 8899 GET http://feeds.bbci.co.uk/news/rss.xml? - HIER_DIRECT/69.31.75.177 text/xml
1386569971.840 179889 xx.xxx.xxx.xx TCP_MISS/504 4224 GET http://google.com/ - HIER_DIRECT/2607:f8b0:4009:806::1009 text/html
1386570618.252 179861 xx.xxx.xxx.xx TCP_MISS/504 4224 GET http://google.com/ - HIER_DIRECT/2607:f8b0:4009:806::1008 text/html
1386572757.613 179725 xx.xxx.xxx.xx TCP_MISS/504 4224 GET http://google.com/ - HIER_DIRECT/2607:f8b0:4009:806::1000 text/html

Hi,

If you're getting a connection refused check if squid is up and running and if there is a firewall in between blocking port 3128.
To check your configuration for errors you can use:

Code:

/usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf -k parse

BTW the logs you've posted show normal behavior (TCP_MISS) for objects not already cached by the server.

Regards

Hi have reinstalled the squid to version 3.3.11 with a hope to get it fixed but its too showing the same error.

When i ran /usr/local/squid/sbin/squid -f

I got these functions

/usr/local/squid/sbin/squid: option requires an argument -- 'f'
Usage: squid [-cdhvzCFNRVYX] [-s | -l facility] [-f config-file] [-[au] port] [-k signal]
-a port Specify HTTP port number (default: 3128).
-d level Write debugging to stderr also.
-f file Use given config-file instead of
/usr/local/squid/etc/squid.conf
-h Print help message.
-k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
Parse configuration file, then send signal to
running copy (except -k parse) and exit.
-s | -l facility
Enable logging to syslog.
-u port Specify ICP port number (default: 3130), disable with 0.
-v Print version.
-z Create missing swap directories and then exit.
-C Do not catch fatal signals.
-D OBSOLETE. Scheduled for removal.
-F Don't serve any requests until store is rebuilt.
-N No daemon mode.
-R Do not set REUSEADDR on port.
-S Double-check swap during rebuild.
-X Force full debugging.
-Y Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload.

When i ran /usr/local/squid/etc/squid.conf -k parse

I'm getting -bash: /usr/local/squid/etc/squid.conf: Permission denied

well i guess there is nothing blocking port 3128 coz with the default squid repository in centos - squid ver 3.1 was working fine for me. But when i only compile and install versions over 3.2 m getting these issues. plz advise

Quote:

When i ran /usr/local/squid/sbin/squid -f

I got these functions

/usr/local/squid/sbin/squid: option requires an argument -- 'f'
<-snip->
When i ran /usr/local/squid/etc/squid.conf -k parse

I'm getting -bash: /usr/local/squid/etc/squid.conf: Permission denied

Please run the command as it shows in my previous post. Not split it in 2 pieces.

sry for that. i mistook it as two. here is the output

Quote:

[root@vps ~]# /usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf -k parse
2013/12/09 12:15:32| Startup: Initializing Authentication Schemes ...
2013/12/09 12:15:32| Startup: Initialized Authentication Scheme 'basic'
2013/12/09 12:15:32| Startup: Initialized Authentication Scheme 'digest'
2013/12/09 12:15:32| Startup: Initialized Authentication Scheme 'negotiate'
2013/12/09 12:15:32| Startup: Initialized Authentication Scheme 'ntlm'
2013/12/09 12:15:32| Startup: Initialized Authentication.
2013/12/09 12:15:32| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2013/12/09 12:15:32| Processing: acl me src 49.xxx.xx.xxx/32
2013/12/09 12:15:32| Processing: acl you src 5.xx.xx.x/32
2013/12/09 12:15:32| Processing: http_access allow me
2013/12/09 12:15:32| Processing: http_access allow you
2013/12/09 12:15:32| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
2013/12/09 12:15:32| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
2013/12/09 12:15:32| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
2013/12/09 12:15:32| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range
2013/12/09 12:15:32| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
2013/12/09 12:15:32| Processing: acl SSL_ports port 443
2013/12/09 12:15:32| Processing: acl Safe_ports port 80 # http
2013/12/09 12:15:32| Processing: acl Safe_ports port 21 # ftp
2013/12/09 12:15:32| Processing: acl Safe_ports port 443 # https
2013/12/09 12:15:32| Processing: acl Safe_ports port 70 # gopher
2013/12/09 12:15:32| Processing: acl Safe_ports port 210 # wais
2013/12/09 12:15:32| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2013/12/09 12:15:32| Processing: acl Safe_ports port 280 # http-mgmt
2013/12/09 12:15:32| Processing: acl Safe_ports port 488 # gss-http
2013/12/09 12:15:32| Processing: acl Safe_ports port 591 # filemaker
2013/12/09 12:15:32| Processing: acl Safe_ports port 777 # multiling http
2013/12/09 12:15:32| Processing: acl CONNECT method CONNECT
2013/12/09 12:15:32| Processing: http_access deny !Safe_ports
2013/12/09 12:15:32| Processing: http_access deny CONNECT !SSL_ports
2013/12/09 12:15:32| Processing: http_access allow localhost manager
2013/12/09 12:15:32| Processing: http_access deny manager
2013/12/09 12:15:32| Processing: http_access allow localnet
2013/12/09 12:15:32| Processing: http_access allow localhost
2013/12/09 12:15:32| Processing: http_access deny all
2013/12/09 12:15:32| Processing: http_port 3128
2013/12/09 12:15:32| Processing: cache_dir ufs /usr/local/squid/var/cache/squid 1000 16 256
2013/12/09 12:15:32| Processing: cache_effective_user nobody
2013/12/09 12:15:32| Processing: coredump_dir /usr/local/squid/var/cache/squid
2013/12/09 12:15:32| Processing: refresh_pattern ^ftp: 1440 20% 10080
2013/12/09 12:15:32| Processing: refresh_pattern ^gopher: 1440 0% 1440
2013/12/09 12:15:32| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2013/12/09 12:15:32| Processing: refresh_pattern . 0 20% 4320

The configuration file has no errors. Check if squid is running

Code:

ps -ef|grep squid

Since you're running Centos, check is it's SELinux that is not allowing access to the squid port, by setting it in permissive mode

Code:

setenforce 0

Quote:

[root@vps ~]# ps -ef|grep squid
root 3470 1 0 13:08 ? 00:00:00 /usr/local/squid/sbin/squid
nobody 3472 3470 0 13:08 ? 00:00:00 (squid-1)
nobody 3473 3472 0 13:08 ? 00:00:00 (logfile-daemon) /usr/local/squid/var/logs/access.log
root 3484 3328 0 13:18 pts/0 00:00:00 grep squid

and

Quote:

[root@vps ~]# setenforce 0
setenforce: SELinux is disabled

Hi some sites started loading on my dedi with the ip 5.xx.xx.x but my home connection still showing proxy server is refusing connections. Well any chance of permission issues for files/caches u think.

Quote:

Please note that a "Connection refused" is different from "Access denied". The former means you cannot connect to the squid server, while the latter means that you can connect but you're denied access due to the server configuration. So which one is the case here?
If you can connect from 5.xx.xx.x but not from 49.xxx.xx.xxx, then it could be a routing or other network problem.
What gives:

Code:

netstat -tanpl|grep squid

Hi i can access some sites from 5.xx but some sites like google, yahoo etc keeps on loading blank. Well from 49.xx its Proxy server refusing connection not access denied

Quote:

[root@vps ~]# netstat -tanpl|grep squid
tcp 0 0 :::3128 :::* LISTEN 3472/(squid-1)
[root@vps ~]#

Quote:

i can access some sites from 5.xx but some sites like google, yahoo etc keeps on loading blank

It doesn't make sense as per your configuration you allow access to 5.xx in a first place, before any other ACL. So you should see any site you visit.
Anyway you should check the logs for more details.

Quote:

Well from 49.xx its Proxy server refusing connection not access denied

As already stated it means that you cannot connect to the server because of some routing or other networking problem.
So check the connectivity between the 2 hosts.

Hi i checked the logs but i cant see anything unusual. Btw, i setup this thing focusing on one particular site only and that one is opening with blazing speed so doesnt matter if others behave in any means :) well majority ones are ok. only the search engines and some other ones are failing. I want to thank you especially for your kind support and ofc you the Big Guru :) i tried msgn u but no pm option thr. would like to buy u a beer if its ok. but dnt knw how to ask ur Paypal id.