RE: [squid-users] It stopped denying sites!

Removing $int_if from that line seems to have solved my problem...

> -----Original Message-----
> From: Davan Wong [mailto:davan@worldhealthclub.com]
> Sent: January 25, 2008 10:46 AM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] It stopped denying sites!
>
> I've narrowed it down....
>
> It would appear that when I turned on the ipsec VPN, internet
> traffic now seems to by bypassing the transparent squid...
>
> I've narrowed it down to this line, in pf.conf:
>
> set skip on { lo $int_if enc0 } # VPN
>
> With that line commented out, Squid works as it should, but
> the VPN doesn't work.
>
> Ideas?
>
> Davan Wong
> World Health Club
> Information Technology Department
>
>
>
> > -----Original Message-----
> > From: Davan Wong [mailto:davan@worldhealthclub.com]
> > Sent: January 25, 2008 8:54 AM
> > To: squid-users@squid-cache.org
> > Subject: RE: [squid-users] It stopped denying sites!
> >
> > Resurrecting an old thread.... This box did it again. As
> of January
> > 15th, it stopped denying sites again.
> >
> > What I find really odd, I noticed this time around that it also
> > stopped writing to access.log and store.log on that same date.
> >
> > Any ideas why this would be happening? Any info I can provide that
> > would be of help?
> >
> > Davan Wong
> > World Health Club
> > Information Technology Department
> >
> >
> >
> > > -----Original Message-----
> > > From: Davan Wong [mailto:davan@worldhealthclub.com]
> > > Sent: January 2, 2008 4:08 PM
> > > To: 'Chris Robertson'; squid-users@squid-cache.org
> > > Subject: RE: [squid-users] It stopped denying sites!
> > >
> > > > Davan Wong wrote:
> > > > > Hello group,
> > > > >
> > > > > Something odd occurred last week. I am running squid
> > > > 2.6stable13 on
> > > > > several openBSD 4.2 boxes ( I manage several remote
> > > > locations ). My
> > > > > current ACL rules deny everything except internal
> > company sites.
> > > > > Well, last week one of the boxes stopped denying sites.
> > > >
> > > > Obvious question: what changed?
> > >
> > > Absolutely nothing. Last time the box was touched was Nov
> > 21st. It
> > > stopped denying sites on Dec 18.
> > >
> > > >
> > > > > So users are getting everything and anything they request.
> > > > > Everything looks like it should still be working. I see no
> > > > > problems in any of the log files.
> > > > >
> > > >
> > > > Except the fact that requests are being responded to with a 200
> > > > instead of a 403...
> > >
> > > True...
> > >
> > > >
> > > > >
> > > > > Any ideas why this would happen? Are there any log file
> > > > entries I can
> > > > > post here that would be of some help?
> > > > >
> > > >
> > > > Sadly the logs don't reveal what configuration file is
> > > actually being
> > > > used (is that a debug option?), so not much is going to
> > be gleaned
> > > > from the logs. You can see the current running
> > > configuration (if you
> > > > have specified a cachemgr_passwd), or might try explicitly
> > > specifying
> > > > the conf file to use when you start Squid (if you
> aren't already).
> > > > Otherwise, you can increase the debugging on ACL processing
> > > ( as seen
> > > > in the FAQ entry:
> > > > http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-57ab8844e90
> > > 60937c4a654e1aa7568f87cb25aef)
> > > > and see if that gives you any clues.
> > >
> > > I'll give that a try...
> > >
> > > What I've done is stop squid, rotate the log files, then
> > restart it.
> > > It seems to be working as I expect it to now...
> > >
> > > Thanks!
> > >
> > > >
> > > > >
> > > > > TIA! :)
> > > > >
> > > > >
> > > > > Davan Wong
> > > > > World Health Club
> > > > > Information Technology Department
> > > > >
> > > >
> > > > Chris
> > > >
> > >
> >
>
Received on Fri Jan 25 2008 - 11:26:13 MST