Re: [squid-users] Squid.conf deleting host...

From: Amos Jeffries <squid3@dont-contact.us>
Date: Thu, 31 Jan 2008 09:50:18 +1300 (NZDT)

> Environment: Openbsd 3.9 with pf redirecting web requests to
> squid.
>
> kerberos# squid -v
> Squid Cache: Version 2.5.STABLE12
> configure options: --datadir=/usr/local/share/squid
> '--enable-auth=basic digest' '--enable-basic-auth-helpers=NCSA
> YP' --enable-digest-auth-helpers=password
> '--enable-external-acl-helpers=ip_user unix_group'
> '--enable-removal-policies=lru heap' --enable-ssl
> '--enable-storeio=ufs diskd' --localstatedir=/var/squid
> --enable-pf-transparent --prefix=/usr/local --sysconfdir=/etc
>
>
>
> Background: This started because certain files wouldn't
> download. They would start, but would stall either immediately or
> 30K into the file. Same type of file would have no problems from
> other sources. If I went to a computer outside our firewall,
> there was no problem. I figured that before I asked the list for
> help, I should have the courtesy of using the current release.
> (3.0 Stable 1)
>
> In mangling my file for the new version, I obviously over mangled
> it. (It complained about unknown options.)
>
> Rolling back to the old version didn't help.
>
> I've also destroyed and recreated the cache directories thinking
> that it might be some subtle form of cache corruption.
>
> Anyway, your help appreciated.
>
> Starting from scratch with a copy of the default squid.conf file,
> I can reproduce the problem with the following changes to the
> default conf file:
>
> http_port 127.0.0.1:3128
>
> cache_mem 64 MB
>
> cache_dir ufs /opt/squidcache 100 10 60
>
> acl our_networks src 192.168.1.0/24 192.168.2.0/24
> http_access allow our_networks
>

Hmm, not changes that should interfere with file sizes.
Is this reproducable with certain URL? What headers does squidclient show
for those URL?

>
> Relevant section of pf.conf. Pixel should be 'any' but
> this version limits the problem to a single host. All other
> hosts are non-proxied. $lan is the internal interface.
> # squid redirection
>
> rdr on $lan inet proto tcp from pixel to any \
> port www -> 127.0.0.1 port 3128
> pass in quick on $lan inet proto tcp from any to 127.0.0.1 \
> port 3128 keep state #label "web"
>

I'm not familiar with PF, but other FW have known problems with the rule
order and transparency. Are you sure PF is permitting squids external port
80 requests out without interference?

Amos
Received on Wed Jan 30 2008 - 13:50:21 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST