[squid-users] squid box just stops responding

From: Chad Whitten <cwhitten@dont-contact.us>
Date: Mon, 15 Jul 2002 20:32:55 -0500

my personal squid proxy (for home network) has all of a sudden - 3 times in
the last week - just gotten plain flaky. Sites dont load, nothing gets
logged in the access.log. the only way i can get it working again is to
reboot (stopping and restarting squid doesnt work). Its squid 2.4stable6
running on suse linux 7.1. linux box is gateway and when squid stops
responding all other services (ftp, mail, etc) keep working. the proxy is
transparent compiled with the following options

./configure --prefix=/usr/local --exec_prefix=/usr/local
--bindir=/usr/local/sbin --libexecdir=/usr/local/lib/squid
--localstatedir=/var --sysconfdir=/etc/squid --disable-snmp --enable-poll
--enable-linux-netfilter --enable-gnuregex --disable-wccp

here is my startup script for iptables and squid
#!/bin/bash
#
# IP Masqing script transparent proxy

INTIF='eth0';
LOIF='lo';
IPTABLES='/usr/sbin/iptables';
INTNET='10.1.1.0/24';
INTERNET='0/0';
INTBRD='10.1.1.255';

# Enable IP Forwarding & some other stuff in the kernel
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
for pfile in /proc/sys/net/ipv4/conf/*/rp_filter
do
  echo "1" > $pfile
done
echo 1024 32768 > /proc/sys/net/ipv4/ip_local_port_range
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Raise number of file descriptors
ulimit -HSn 8192

# Setup Defaults
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

# Setup forwarding policies
$IPTABLES -A FORWARD -j ACCEPT

# Setup masquerading policies
$IPTABLES -t nat -A POSTROUTING -o $INTIF -j MASQUERADE
$IPTABLES -A FORWARD -s $INTERNET -j DROP

# Enable transparent proxying
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80 -j REDIRECT
--to-port 3128

# Block some things that should never get here
#$IPTABLES -A INPUT -i $INTIF -s 192.168.0.0/16 -j DROP
#$IPTABLES -A INPUT -i $INTIF -s 172.16.0.0/12 -j DROP
#$IPTABLES -A INPUT -i $INTIF -s 0.0.0.0/32 -j DROP
#$IPTABLES -A INPUT -i $INTIF -s 255.255.255.255/32 -j DROP
#$IPTABLES -A INPUT -i $INTIF -s $INTERNET -d 192.168.0.0/16 -j DROP
#$IPTABLES -A INPUT -i $INTIF -s $INTERNET -d 172.16.0.0/12 -j DROP
#$IPTABLES -A INPUT -i $INTIF -s $INTERNET -d 0.0.0.0/32 -j DROP
#$IPTABLES -A INPUT -i $INTIF -s $INTERNET -d 255.255.255.255/32 -j DROP

# Drop any localhost pings
#$IPTABLES -A INPUT -p icmp -d 127.0.0.1 -j DROP

# Drop any attempts to broadcast pings
#$IPTABLES -A INPUT -p icmp -i $INTIF -d $INTBRD -j DROP

# Startup Squid
/usr/local/sbin/squid

squid.conf is just the stuff needed for transparent proxy. other than that
its all defaults.

specs on box are amd 550, 256 meg ram, 40 gig ide drive, serves three clients
no apparent hardware errors on box.

See anything that could be causing a problem?

-- 
Chad Whitten
neXband Communications
cwhitten@nexband.com
Received on Mon Jul 15 2002 - 19:33:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:15 MST