Esteemed Squid hackers,
I've been using squid with good results at a site for about 6 months.
Then, all of the sudden, things have gotten real flaky. I've checked
everything I can think of but the problem persists. I've rewritten
the rules (or added a rule) to simplify trouble shooting. Basically,
if you are in the local subnet you *should* be good to visit anything
on the web using the cache.
Here is what happens...
We have about 30 users at any given time. The typical user is Window
XP Pro with IE. Any one of them (it appears random) may get a time
where squid stops working for them. We go visit the computer they are
working at and before we can really do anything squid starts
responding again. The logs show nothing interesting. The access log
in particular shows no attempt to access anything (no HITs or MISSes
etc.) for that user. It *seems* (and I can only say seems) to happen
more frequently when opening a new browser. That caused me to wonder
about ntlm, samba, and auth in general but even after shorting out
those things the problem remains.
The server is running iptables with traffic between the box and LAN
wide-open and those rules haven't really changed lately anyway.
Also, I have not been able to get the the cache manager. When I visit
the cachemgr I get the login screen and all seems well. After
changing the port to 81 (my server is running on that port) and
hitting "Continue..." I get this message "target localhost:81 not
allowed in cachemgr.conf" But that doesn't make sense. My
cachemgr.conf has this "localhost:81 Allow from localhost only." as
it's only line.
Below is my squid.conf and a bunch of system info. *Any* help would
be very, very appreciated. I'm at the end of my rope here!
Thanks again,
Gabe
P.S. Naturally, I would be happy to provide any additional information
that may be helpful in figuring this out.
############################################################
debug_options ALL, 9
http_port 81
cache_dir ufs /var/spool/squid 10000 16 256
maximum_object_size 50 MB
ftp_passive on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern . 0 20% 4320
coredump_dir /var/spool/squid
ie_refresh on
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param ntlm use_ntlm_negotiate on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Web Proxy / Caching Server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
deny_info CUSTOM_ALL all
# LOTS OF ACL NOT BEING USED HAVE BEEN CUT...
acl local-net src 10.0.0.0/255.255.0.0
deny_info CUSTOM_LOCAL_NET local-net
http_access allow local-net
# LOTS OF RULES SHORT CIRCUITED BY ABOVE RULE HAVE BEEN CUT...
############################################################
The server is running CentOS release 4.2 (Final)
### FDs
For file descriptors (something I've wondered about) I show this...
[root@inferno ~]# cat /proc/sys/fs/file-max
102524
[root@inferno ~]# cat /proc/sys/fs/file-nr
2205 0 102524
[root@inferno ~]# lsof | grep squid | wc -l
776
### CACHE.LOG
[root@inferno ~]# tail -14 /var/log/squid/cache.log
2005/12/28 09:45:43| Starting Squid Cache version 2.5.STABLE6 for
i686-redhat-linux-gnu...
CPU Usage: 0.616 seconds = 0.250 user + 0.366 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 1
Memory usage for squid via mallinfo():
total space in arena: 4636 KB
Ordinary blocks: 4127 KB 8 blks
Small blocks: 0 KB 5 blks
Holding blocks: 460 KB 2 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 508 KB
Total in use: 4587 KB 99%
Total free: 509 KB 11%
2005/12/28 10:32:46| Starting Squid Cache version 2.5.STABLE6 for
i686-redhat-linux-gnu...
-- Gabriel Gunderson http://gundy.orgReceived on Wed Dec 28 2005 - 11:54:27 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:03 MST