I've installed all programs as root.
pinger has owner root and group root and both have all rights.
How can I determine wether selinux is blocking the access to ICMP port?
Peter
Amos Jeffries <squid3_at_treenet.co.nz>
12.03.2009 13:49
An
peter.mueller_at_mueller-software.de
Kopie
squid-users_at_squid-cache.org
Thema
Re: [squid-users] icmpRecv: recv: (111) Connection refused; Closing Pinger
socket on FD 43
peter.mueller_at_mueller-software.de wrote:
> I've installed squid 3.0 STABLE10 on OpenSuse 11.1 64 Bit.
>
> Some seconds after starting I get the following message in cache.log and
> squid doesnt work:
> 2009/03/11 22:30:25| icmpRecv: recv: (111) Connection refused
> 2009/03/11 22:30:25| Closing Pinger socket on FD 43
>
>
>
> Here the beginning of my squid.conf:
> http_port 3128
>
> cache_peer 127.0.0.1 parent 9080 0 no-query default no-digest
> #cache_peer 127.0.0.1 parent 9080 0 no-query default no-digest
> no-netdb-exchange
>
> #query_icmp off
>
> hierarchy_stoplist cgi_bin ?
>
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
>
> cache_mem 8 MB
>
> url_rewrite_program /usr/sbin/squidGuard -c /etc/squidguard.conf
> url_rewrite_children 8
>
> auth_param ntlm program /usr/sbin/ntlm_auth ba.lokal/sbs
> auth_param ntlm children 10
>
> auth_param basic program /usr/sbin/ntlm_auth ba.lokal/sbs
> auth_param basic children 10
> auth_param basic realm Gatekeper
> auth_param basic credentialsttl 4 hours
> auth_param basic casesensitive off
>
> authenticate_cache_garbage_interval 1 hour
> authenticate_ttl 0 seconds
> authenticate_ip_ttl 4 hours
>
>
> Here the complete cache.log:
> 2009/03/11 22:30:05| Starting Squid Cache version 3.0.STABLE13 for
> x86_64-suse-linux-gnu...
> 2009/03/11 22:30:05| Process ID 24542
> 2009/03/11 22:30:05| With 4096 file descriptors available
> 2009/03/11 22:30:05| DNS Socket created at 0.0.0.0, port 50495, FD 7
> 2009/03/11 22:30:05| Adding domain ba.lokal from /etc/resolv.conf
> 2009/03/11 22:30:05| Adding nameserver 192.168.1.1 from /etc/resolv.conf
> 2009/03/11 22:30:05| helperOpenServers: Starting 8 'squidGuard'
processes
> 2009/03/11 22:30:05| helperStatefulOpenServers: Starting 10 'ntlm_auth'
> processes
> 2009/03/11 22:30:05| helperOpenServers: Starting 10 'ntlm_auth'
processes
> 2009/03/11 22:30:05| User-Agent logging is disabled.
> 2009/03/11 22:30:05| Referer logging is disabled.
> 2009/03/11 22:30:05| Unlinkd pipe opened on FD 39
> 2009/03/11 22:30:05| Local cache digest enabled; rebuild/rewrite every
> 3600/3600 sec
> 2009/03/11 22:30:05| Swap maxSize 102400 KB, estimated 7876 objects
> 2009/03/11 22:30:05| Target number of buckets: 393
> 2009/03/11 22:30:05| Using 8192 Store buckets
> 2009/03/11 22:30:05| Max Mem size: 8192 KB
> 2009/03/11 22:30:05| Max Swap size: 102400 KB
> 2009/03/11 22:30:05| Version 1 of swap file without LFS support
> detected...
> 2009/03/11 22:30:05| Rebuilding storage in /var/cache/squid (DIRTY)
> 2009/03/11 22:30:05| Using Least Load store dir selection
> 2009/03/11 22:30:05| Set Current Directory to /var/cache/squid
> 2009/03/11 22:30:05| Loaded Icons.
> 2009/03/11 22:30:05| Accepting HTTP connections at 0.0.0.0, port 3128,
FD
> 41.
> 2009/03/11 22:30:05| HTCP Disabled.
> 2009/03/11 22:30:05| Pinger socket opened on FD 43
> 2009/03/11 22:30:05| Configuring Parent 127.0.0.1/9080/0
> 2009/03/11 22:30:05| Ready to serve requests.
> 2009/03/11 22:30:05| Done reading /var/cache/squid swaplog (39 entries)
> 2009/03/11 22:30:05| Finished rebuilding storage from disk.
> 2009/03/11 22:30:05| 39 Entries scanned
> 2009/03/11 22:30:05| 0 Invalid entries.
> 2009/03/11 22:30:05| 0 With invalid flags.
> 2009/03/11 22:30:05| 39 Objects loaded.
> 2009/03/11 22:30:05| 0 Objects expired.
> 2009/03/11 22:30:05| 0 Objects cancelled.
> 2009/03/11 22:30:05| 0 Duplicate URLs purged.
> 2009/03/11 22:30:05| 0 Swapfile clashes avoided.
> 2009/03/11 22:30:05| Took 0.02 seconds (2285.11 objects/sec).
> 2009/03/11 22:30:05| Beginning Validation Procedure
> 2009/03/11 22:30:05| Completed Validation Procedure
> 2009/03/11 22:30:05| Validated 103 Entries
> 2009/03/11 22:30:05| store_swap_size = 588
> 2009/03/11 22:30:06| storeLateRelease: released 0 objects
> 2009/03/11 22:30:25| icmpRecv: recv: (111) Connection refused
> 2009/03/11 22:30:25| Closing Pinger socket on FD 43
> 2009/03/11 23:10:05| NETDB state saved; 0 entries, 0 msec
> 2009/03/11 23:57:09| NETDB state saved; 0 entries, 0 msec
>
>
>
> The following things I tried:
> Installing squid3 STABLE13 as root -> it doesnt help
> Removing the line cache_peer from squid.config -> that helps but I need
> the second transparent proxy against virus
> Reading and testing all in the mailing list -> nothing helps
> Searching google -> no help
>
> After many, many hours of seeking and trying I believe I'll get crazy.
>
> Perhaps anybody has a solution or can help to find it.
>
> Regards,
> Peter
The pinger helper itself is failing for some reason.
Did you install it with root ownership? It needs root permission to
acces the ICMP port.
If it has the other possibility is selinux blocking it.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Thu Mar 12 2009 - 15:00:15 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 13 2009 - 12:00:03 MDT