PROBLEMA NO SQUID

[tiagoalgodas]

Ae Pessoal, instalei o squid pelo seu pacote tgz, nao apresenta erro durante compilação, acontece que quando o inicio (squid -D) no log de cache ele apresenta o seguinte log:

2006/08/07 11:53:23| Starting Squid Cache version 2.5.STABLE10 for i686-pc-linux-gnu...
2006/08/07 11:53:23| Process ID 4994
2006/08/07 11:53:23| With 1024 file descriptors available
2006/08/07 11:53:23| DNS Socket created at 0.0.0.0, port 32784, FD 5
2006/08/07 11:53:23| Warning: Could not find any nameservers. Trying to use localhost
2006/08/07 11:53:23| Please check your /etc/resolv.conf file
2006/08/07 11:53:23| or use the 'dns_nameservers' option in squid.conf.
2006/08/07 11:53:23| Unlinkd pipe opened on FD 10
2006/08/07 11:53:23| Swap maxSize 6291456 KB, estimated 483958 objects
2006/08/07 11:53:23| Target number of buckets: 24197
2006/08/07 11:53:23| Using 32768 Store buckets
2006/08/07 11:53:23| Max Mem size: 102400 KB
2006/08/07 11:53:23| Max Swap size: 6291456 KB
2006/08/07 11:53:23| Rebuilding storage in /var/lib/squid/cache (DIRTY)
2006/08/07 11:53:23| Using Least Load store dir selection
2006/08/07 11:53:23| Current Directory is /root
2006/08/07 11:53:23| Loaded Icons.
2006/08/07 11:53:23| Accepting HTTP connections at 0.0.0.0, port 3128, FD 11.
2006/08/07 11:53:23| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
2006/08/07 11:53:23| Accepting SNMP messages on port 3401, FD 13.
2006/08/07 11:53:23| WCCP Disabled.

Caso o problema seja o dns , nao entendo o pq , já que o dns que coloquei eh o mesmo que uso pra navegar em clientes.

Segue abaixo também, o squid.conf:

http_port 3128
visible_hostname Slackware

#Configuracao do Cache
cache_mem 100 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/lib/squid/cache 6144 16 256

cache_access_log /var/lib/squid/logs/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

cache_effective_user nobody
cache_effective_group nogroup


# Configuracao da senha para internet

acl redelocal src 192.168.10.104
http_access allow localhost
http_access allow redelocal
http_access deny all

#Proxy Transparente
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

>>> Quando o Inicio, nas maquinas clientes elas nao navegam, apesar de ecntrar o dominio, mas nao carrega, penso tb que possa ser um problema no cache. mas as permissões foram dadas para escrita ao usuário nobody

[xstefanox]

O quê está acontecendo é que o Squid quando não encontra um DNS ou a diretiva dns_nameservers não está preenchida, o Squid não inicia. Para ignorar os testes de DNS na inicalização do serviço, adicione o flag -D no script de inicialização.

Achei estranho ele estar dando este problema mesmo com o argumento. Dê uma olhada para ver se o seu resolv.conf está com os servidores DNS apontados. Lembrando que o parâmetro -D é referente aos testes iniciais de DNS, mas ele pode dar problemas depois.

Qualquer coisa, posta de novo aí pra gente.


Abraços!

[tiagoalgodas]

xstefanox ,
Realmente já havia apontado a diretiva dns_nameservers no script , no resolv.conf tb, mesmo assim nao navega. Alguma sugestão ? Espero ajuda. Abraço!

[1c3m4n]

soh pra garantir no resolv vc colocou na sintaxe correta neh?
nameserver IP
nameserver IP2
etc,etc

e nao tem nenhum firewall barrando a saida dos pacotes neh?

[tiagoalgodas]

Nao Nao amigao, Veja o Log agora depois que ajustei a diretiva dns_nameservers e o resolv.conf :

2006/08/07 20:41:52| Starting Squid Cache version 2.5.STABLE10 for i686-pc-linux-gnu...
2006/08/07 20:41:52| Process ID 6753
2006/08/07 20:41:52| With 1024 file descriptors available
2006/08/07 20:41:52| Performing DNS Tests...
2006/08/07 20:41:52| Successful DNS name lookup tests...
2006/08/07 20:41:52| DNS Socket created at 0.0.0.0, port 32801, FD 5
2006/08/07 20:41:52| Adding nameserver 200.223.0.83 from squid.conf
2006/08/07 20:41:52| Adding nameserver 200.223.0.84 from squid.conf
2006/08/07 20:41:52| Unlinkd pipe opened on FD 10
2006/08/07 20:41:52| Swap maxSize 6291456 KB, estimated 483958 objects
2006/08/07 20:41:52| Target number of buckets: 24197
2006/08/07 20:41:52| Using 32768 Store buckets
2006/08/07 20:41:52| Max Mem size: 102400 KB
2006/08/07 20:41:52| Max Swap size: 6291456 KB
2006/08/07 20:41:52| Rebuilding storage in /var/lib/squid/cache (DIRTY)
2006/08/07 20:41:52| Using Least Load store dir selection
2006/08/07 20:41:52| Current Directory is /root
2006/08/07 20:41:52| Loaded Icons.
2006/08/07 20:41:57| Accepting HTTP connections at 0.0.0.0, port 3128, FD 11.
2006/08/07 20:41:57| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
2006/08/07 20:41:57| Accepting SNMP messages on port 3401, FD 13.
2006/08/07 20:41:57| WCCP Disabled.

Mas nao navega ainda ...

[1c3m4n]

inicia o squid assim:

squid -d 6

e veja as mensagens que irao aparecer qdo sobe e qdo vc tenta navegar, se tiver algo errado vai aparecer

[tiagoalgodas]

root@darkstar:~# 2006/08/07 21:01:24| Starting Squid Cache version 2.5.STABLE10 for i686-pc-linux-gnu...
2006/08/07 21:01:24| Process ID 7826
2006/08/07 21:01:24| With 1024 file descriptors available
2006/08/07 21:01:24| Performing DNS Tests...
2006/08/07 21:01:24| Successful DNS name lookup tests...
2006/08/07 21:01:24| DNS Socket created at 0.0.0.0, port 32804, FD 5
2006/08/07 21:01:24| Adding nameserver 200.223.0.83 from squid.conf
2006/08/07 21:01:24| Adding nameserver 200.223.0.84 from squid.conf
2006/08/07 21:01:24| Unlinkd pipe opened on FD 10
2006/08/07 21:01:24| Swap maxSize 6291456 KB, estimated 483958 objects
2006/08/07 21:01:24| Target number of buckets: 24197
2006/08/07 21:01:24| Using 32768 Store buckets
2006/08/07 21:01:24| Max Mem size: 102400 KB
2006/08/07 21:01:24| Max Swap size: 6291456 KB
2006/08/07 21:01:24| Rebuilding storage in /var/lib/squid/cache (DIRTY)
2006/08/07 21:01:24| Using Least Load store dir selection
2006/08/07 21:01:24| Current Directory is /root
2006/08/07 21:01:24| Loaded Icons.
2006/08/07 21:01:30| Accepting HTTP connections at 0.0.0.0, port 3128, FD 11.
2006/08/07 21:01:30| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
2006/08/07 21:01:30| Accepting SNMP messages on port 3401, FD 13.
2006/08/07 21:01:30| WCCP Disabled.

nao navega ainda ... 1c3m4n

[1c3m4n]

mais uma coisa que caiu a ficha agora, erro nao ta dando, e vi q vc aparentemente ta usando proxy transparente, vc ativou as regras do firewall pra isso neh?

[tiagoalgodas]

ta sim amigao :

Gatway 192.168.10.254

$IPTABLES -A INPUT -d 192.168.10.254 -p tcp --dport 3128 -j ACCEPT

$IPTABLES -t nat -A PREROUTING -i $U -d ! 200.189.214.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128



################ SQUID.conf ######################3


http_port 3128
visible_hostname SERPENTE

#Configuracao do Cache
cache_mem 100 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/lib/squid/cache 6144 16 256

cache_access_log /var/lib/squid/logs/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

dns_nameservers 200.223.0.83 200.223.0.84


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

cache_effective_user nobody
cache_effective_group nogroup





# Configuracao da senha para internet

acl redelocal src 192.168.10.0/24 192.168.12.0/27
http_access allow localhost
http_access allow redelocal
http_access deny all

#Proxy Transparente
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

############################ RESOLV.CONF ##############
nameserver 200.223.0.83
nameserver 200.223.0.84

[alexandrecorrea]

iptables -t nat -A PREROUTING -s 192.168.10.0/24 -j MASQUERADE

[tiagoalgodas]

Ele faz o compartilhamento normal, apenas quando peço pra fazer o proxy transparente que nao navega. Mesmo quando nao é transparente e aponto po proxy nao navega.

[tiagoalgodas]

alguém ?

[netosdr]

Confirmando:

01)No firewall:
iptables -A INPUT -i $if_lan -s 192.168.10.0/24 -p tcp --dport 3128 -j ACCEPT
iptables -t nat -A PREROUTING -i $if_lan -d 0/0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
Onde: $if_lan é declarado com a interface conectada na rede local. Ex: eth0

02) No squid.conf a porta setada é 3128?
03) Configurando o proxy manualmente nos clientes ele navega?
04) Se tentar navegar diretamente com o ip do site ao inves do nome vai? Ex: http://200.221.2.45/
05) Configurou o redirecionamento de pacotes?

[tiagoalgodas]

#LIBERA A ACESSO A PORTA 3128

$IPTABLES -A INPUT -d 192.168.10.254 -p tcp --dport 3128 -j ACCEPT
$IPTABLES -A INPUT -d 192.168.12.30 -p tcp --dport 3128 -j ACCEPT


##############################
## NAT E TRANSPARENT PROXY ##
##############################
# TRANSPARENT PROXY
$IPTABLES -t nat -A PREROUTING -i eth1 -d ! 200.189.214.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
$IPTABLES -t nat -A PREROUTING -i eth2 -d ! 200.189.214.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128


###
### NAT GERAL
###

$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.10.0/24 -j SNAT --to 192.168.10.254
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.12./27 -j SNAT --to 192.168.12.30
###
### NAT SO PARA HOSTS LIBERADOS
###
if [ -f $HOSTS_LIBERADOS ] ; then
for i in `cat $HOSTS_LIBERADOS` ; do
$IPTABLES -t nat -A POSTROUTING -s $i -j SNAT --to $IP_IF_EXT
$IPTABLES -t nat -A POSTROUTING -o $IF_EXT -s $i -j SNAT --to 192.168.10.254
$IPTABLES -t nat -A POSTROUTING -o $IF_EXT -s $i -j SNAT --to 192.168.11.254
$IPTABLES -t nat -A POSTROUTING -o $IF_EXT -s $i -j SNAT --to 192.168.12.30


done;
else
echo "ARQUIVO $CAMINHO_BASE hosts_liberados NAO ENCONTRADO"
fi;

A NAT FUNCIONA SEM PROBLEMA ... NAVEGA BLZ , MENOS QUANDO INICIO O SQUID.

[tiagoalgodas]

Alguém ... ?

[netosdr]

Código :

acl redelocal src 192.168.10.104
http_access allow localhost
http_access allow redelocal

Vc tá liberando o acesso somente para o ip 192.168.10.104
Libere para todos os ips desta subrede:

Código :

acl redelocal src 192.168.10.0/24
http_access allow localhost
http_access allow redelocal

[tiagoalgodas]

já havia feito, pra uma maquina apenas, foi pra um teste ...

[tiagoalgodas]

Alguém ... ?

[netosdr]

Responda todas as perguntas que fiz primeiro

[alexandrecorrea]

esse SNAT ai ta fora de mao...

tira isso dae !!