Squid Recusa Conexoes; plx!

daniel_4fun
(usa Debian)

Enviado em 19/05/2011 - 12:45h

Galera, tenho um squid autenticado, depois de desliga-lo para trocar o no-break em que fica ligado, ele fica recusando conexoes, ja esvaziei o cache com os seguintes comandos;
1º - rm -rf /var/log/squid/*
2º - rm -rf /var/spool/squid/*
3º - squid -z
4º - /etc/init.d/squid start

Nao sei o que pode esta acontecendo, hora ele funcionando ai do nada para e fica dando mensagem de erro..
se alguem puder me ajudar, eu agradeço desde já :D

renato_pacheco
(usa Debian)

Enviado em 19/05/2011 - 14:21h

Verifique se o seu squid está realmente rodando:

# netstat -antp | grep squid

Se não tiver, rode-o dessa forma:

# squid -NCd1

Caso ele não rode, poste a msg aki.

daniel_4fun
(usa Debian)

Enviado em 20/05/2011 - 10:58h

# netstat -antp | grep squid
tcp 0 0 0.0.0.0:3128 0.0.0.0:* OUÇA 3385/(squid)
tcp 0 0 192.168.254.1:55138 65.54.48.124:80 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.17:58606 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.20:56756 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.20:50583 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.17:58607 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.17:55661 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.17:55655 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:54506 74.125.234.104:80 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.17:58605 ESTABELECIDA 3385/(squid)
tcp 0 0 192.168.254.1:3128 192.168.254.17:55660 ESTABELECIDA 3385/(squid)

daniel_4fun
(usa Debian)

Enviado em 20/05/2011 - 11:00h

# squid -NCd1
2011/05/20 10:54:41| Squid is already running! Process ID 3385

rodei os dois comandos que mencionou, tem um detalhe que percebi hoje, as vezes quando ele começa a recusar conexoes, se eu desabilitar a internet nas maquinas e habilitar novamente, ela volta a funcionar, o que pode ser fera? VALEW!!

renato_pacheco
(usa Debian)

Enviado em 20/05/2011 - 11:04h

Pode ser algum problema em seu cache. Poste as suas regras do squid aki.

daniel_4fun
(usa Debian)

Enviado em 20/05/2011 - 11:29h

acabei de ecluir um montao de linha do meu squid.conf, todas estavam comentadas, deixei so as q nao estavam, ai vai..

##################################################################
# LIBERANDO PROXY PARA AUTENTICACAO #
##################################################################
auth_param basic program /usr/bin/ncsa_auth /etc/squid/passwd
#
#
###############################################################
#LIBERANDO PROXY PARA AUTENTICACAO #
###############################################################
auth_param basic children 5
#
#
###############################################################
#LIBERANDO PROXY PARA AUTENTICACAO #
###############################################################
auth_param basic realm Digite sua senha
#
#
##################################################################
## LIBERANDO PROXY PARA AUTENTICACAO #
##################################################################
auth_param basic credentialsttl 2 hours
#
#
##################################################################
## LIBERANDO PROXY PARA AUTENTICACAO - DESCOMENTAR LINHA ABAIXO ##
##################################################################
auth_param basic casesensitive off
#
#
#
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
###################################
# ACLS FEITAS PELO ADMIN DA ReDe #
###################################
###################################
acl redelocal src 192.168.254.0/24
#
#
#
#
################################################
# ESTA ACL FAZ COM QUE O PROXY PECA AUTENTICACAO
################################################
#
acl autenticados proxy_auth REQUIRED
#
#
#
#
#######################################################
# ESTA ACL LIBERA ACESSO AOS SITES DO ARQUIVO LIBERADOS
#######################################################
#
acl liberados url_regex -i "/etc/squid/liberados"
#
#
#
#
#############################################################
# ESTA ACL INDICA O SITES BLOQUEADOS PELO ARQUIVO OPERACIONAL
#############################################################
#
acl operacional url_regex -i "/etc/squid/operacional"
#
#
#
#
############################
# ESTA ACL BLOQUEIA DOWNLOAD
############################
#
acl nodown urlpath_regex -i "/etc/squid/nodown"
#
#
#
#
#################################################
# ESTA ACL LIBERA ACESSO A ALGUMS SITES NO ALMOCO
#################################################
acl entretenimento url_regex "/etc/squid/entretenimento"
acl intervalo time MTWHF 12:00-13:15
#
http_access allow entretenimento intervalo
#
#
################################################
# USUARIOS COM ACESSO LIVRE
################################################
# basta criar o usuario com o comando htpasswd passwd user_name
# depois inserir o nome do usuario no arquivo usr_livre
#
acl acesso_livre proxy_auth "/etc/squid/listas/usr_livre"
#
http_access allow acesso_livre
#
#
#
#
################################################
# USUARIOS COM ACESSO CONTROLADO
################################################
#
# acl acesso_restrito proxy_auth "/etc/squid/listas/usr_restrito"
# acl url_bloqueado url_regex -i "/etc/squid/listas/url_bloqueado"
#
# http_access deny url_bloqueado
# http_access allow acesso_restrito !url_bloqueado
#
#
#
#
#
################################################
# USUARIOS COM ACESSO APENAS AOS SITES LIBERADOS
################################################
#
# acl acesso_bloqueado proxy_auth "/etc/squid/listas/usr_bloqueado"
# acl url_liberados url_regex -i "/etc/squid/listas/url_liberados"
#
#http_access allow url_liberado
#http_access deny acesso_bloqueado !url_liberado
#
#
#
#
################################################
# ESTA ACL BLOQUEIA STREAMING
################################################
#
#
acl streaming req_mime_type ^video/x-ms-asf
#acl proibir_musica urlpath_regex -i "/etc/squid/streaming"
acl proibir_musica urlpath_regex -i .aif$ .aifc$ .aiff$ .asf$ .asx$ .avi$ .au$ .flv$ .m3u$ .med$ .mp3$ .m1v$ .mp2$ .mp2v$ .mpa$ .mov$ .mpe$ .mpg$ .mpeg$ .ogg$ .pls$ .ram$ .ra$ .ram$ .snd$ .wma$ .wmv$ .wvx$ .mid$ .midi$ .rmi$
#
#
# AQUI SE ENCERRAM AS ACL's #############
#
#
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
#http_access allow localnet
http_access allow localhost
#
#
#
#######################################
# REGRAS INSERIDAS PELO ADMIN DA REDE #
#######################################
#
#
#
#
#
http_access allow liberados
http_access deny operacional
http_access deny nodown
http_access deny proibir_musica
http_reply_access deny streaming
http_access allow autenticados
http_access allow redelocal
http_access deny all
#
#
#
#
#
#
#
#
#Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
# PORTA DO SQUID
http_port 3128
# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------

# ----- MEMORIA RESERVADA PARA O CACHE ---- #
#
#
cache_mem 512 MB
#
#Default:
maximum_object_size_in_memory 1024 KB

## Para ele limpar o cache RAM e cache DISCO automaticamente ##
memory_replacement_policy lru

# DISK CACHE OPTIONS
#Para ele limpar a memoria CACHE no DISCO
cache_replacement_policy lru

#
#Default:
cache_dir ufs /var/spool/squid 10000 16 256

#Maximo tamanho dos arquivos cache no HD
maximum_object_size 20480 KB
#
# REGRA QUE COMECA A ESVAZIAR/SUBSTITUIR ARQUIVOS NO CACHE EM 95 %
cache_swap_low 90
cache_swap_high 95

# Logs do Squid
access_log /var/log/squid/access.log squid

#
cache_log /var/log/squid/cache.log
#
#Default:
# mime_table /usr/share/squid/mime.conf
#
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
#
# Don't upgrade ShoutCast responses to HTTP
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
#
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#
# You can add up to 20 additional "extension" methods here.
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# -----------------------------------------------------------------------------

# cache_mgr webmaster
#Default:
# hosts_file /etc/hosts
#
hosts_file /etc/hosts

renato_pacheco
(usa Debian)

Enviado em 20/05/2011 - 11:50h

Eu não vi muito problema ae, mas acho q a memória do cache deveria ser maior:

cache_mem 1024 MB

Talvez o problema não seja esse, mas se eu fosse vc, faria um squid.conf basicão e iria acrescentando as regras uma a uma pra v aonde q tá o problema.

daniel_4fun
(usa Debian)

Enviado em 20/05/2011 - 12:19h

hmm; valew pela atenção aew fera :D
vou continuar tentando rsrs
abç