Re: [squid-users] Squid 3.1.0.17<--> Google/YouTube "(101) Network is unreachable",, error???

From: Jan Houtsma <list_at_houtsma.net>
Date: Tue, 09 Mar 2010 17:03:27 +0100

Sorry, the squid config carriage return were gone. Here is a more
readable format of my config:

Config:
=======
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localhost src ::1/128
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl to_localhost dst ::1/128
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl Irc_ports port 6666-6669 # JHH -- Added
acl Msn_ports port 1863 # JHH -- Added
acl SSL_ports port 6666-6669 # JHH -- Added (IRC via http proxy)
acl SSL_ports port 443 3511 1863 # JHH -- Added
acl Safe_ports port 80 81 # http -- JHH added port 81
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/spool/squid 1000 16 256
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_mgr webmaster_at_houtsma.net
visible_hostname pegasus.houtsma.net
icp_port 3130
always_direct allow all
coredump_dir /var/spool/squid

Op 9-3-2010 16:58, Jan Houtsma schreef:
> Hi,
>
> Squid has always been working fine. All websites, except Google, still
> work fine! As far as i know nothing changed on my part, except the
> weekly Fedora updates.
>
> My internal users get this "(101) Network is unreachable" error message
> when they go through the proxy. My iptables allows ALL outgoing
> connections.
> When they hit "Reload" or ^R the page loads fine. But after a while when
> they go to google again they get the same error. Hit ^R and it works again.
> When bypassing the proxy, the connection also works fine!
>
> Only with Google! Other websites work fine!
>
> When i jump to the squid server and issue a wget to
> http://www.google.com with and without the proxy i get following results:
>
> WITH PROXY:
> ===========
>
> [16:28:root@pegasus /var/log/squid]# http_proxy=http://localhost:3128
> wget -O /dev/null -S http://www.google.com
> --2010-03-09 16:28:38-- http://www.google.com/
> Resolving localhost... ::1, 127.0.0.1
> Connecting to localhost|::1|:3128... connected.
> Proxy request sent, awaiting response...
> HTTP/1.0 503 Service Unavailable
> Server: squid/3.1.0.17
> Mime-Version: 1.0
> Date: Tue, 09 Mar 2010 15:28:38 GMT
> Content-Type: text/html
> Content-Length: 3103
> X-Squid-Error: ERR_CONNECT_FAIL 101
> Vary: Accept-Language
> Content-Language: en
> X-Cache: MISS from pegasus.houtsma.net
> X-Cache-Lookup: MISS from pegasus.houtsma.net:3128
> Via: 1.0 pegasus.houtsma.net (squid/3.1.0.17)
> Proxy-Connection: close
> 2010-03-09 16:28:38 ERROR 503: Service Unavailable.
>
> WITHOUT PROXY (DIRECT):
> ======================
>
> [16:28:root_at_pegasus /var/log/squid]# wget -O /dev/null -S
> http://www.google.com
> --2010-03-09 16:29:04-- http://www.google.com/
> Resolving www.google.com... 209.85.227.99, 209.85.227.103,
> 209.85.227.104, ...
> Connecting to www.google.com|209.85.227.99|:80... connected.
> HTTP request sent, awaiting response...
> HTTP/1.0 302 Found
> Location: http://www.google.nl/
> Cache-Control: private
> Content-Type: text/html; charset=UTF-8
> Set-Cookie:
> PREF=ID=1bfd77348d3a379c:TM=1268148544:LM=1268148544:S=_nDFRJT7tp3qefl9;
> expires=Thu, 08-Mar-2012 15:29:04 GMT; path=/; domain=.google.com
> Set-Cookie:
> NID=32=fAAVBBp0z3d7aMi1hZkzW3VQyGznOU4d3zdyqSdImAbpj-Y4y00_itgmLmg6xUxTCkhIY7cxYTJL9S15aosMYDcFAj6xXCUnCizMTLQ0_ThrCpYf9gxfV7IjOH_NK_ZG;
> expires=Wed, 08-Sep-2010 15:29:04 GMT; path=/; domain=.google.com; HttpOnly
> Date: Tue, 09 Mar 2010 15:29:04 GMT
> Server: gws
> Content-Length: 218
> X-XSS-Protection: 0
> Connection: Keep-Alive
> .....
>
>
> I am out of ideas! Any help is appreciated!
>
> -- Jan Houtsma PGP Key ID: 0x68D146B5 http://www.houtsma.net/key.asc PGP
> Fingerprint: DF5C AE86 323D 8029 DF47 EEB8 FB71 080A 68D1 46B5 Config:
> ======= acl manager proto cache_object acl localhost src 127.0.0.1/32
> acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl to_localhost dst ::1/128 acl localnet src 10.0.0.0/8 # RFC1918
> possible internal network acl localnet src 172.16.0.0/12 # RFC1918
> possible internal network acl localnet src 192.168.0.0/16 # RFC1918
> possible internal network acl localnet src fc00::/7 # RFC 4193 local
> private network range acl localnet src fe80::/10 # RFC 4291 link-local
> (directly plugged) machines acl Irc_ports port 6666-6669 # JHH -- Added
> acl Msn_ports port 1863 # JHH -- Added acl SSL_ports port 6666-6669 #
> JHH -- Added (IRC via http proxy) acl SSL_ports port 443 3511 1863 # JHH
> -- Added acl Safe_ports port 80 81 # http -- JHH added port 81 acl
> Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports
> port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port
> 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl
> Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl
> Safe_ports port 777 # multiling http acl CONNECT method CONNECT
> http_access allow manager localhost http_access deny manager http_access
> deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow
> localhost http_access allow localnet http_access deny all icp_access
> allow localnet icp_access deny all htcp_access allow localnet
> htcp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ?
> cache_dir ufs /var/spool/squid 1000 16 256 access_log
> /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?)
> 0 0% 0 refresh_pattern . 0 20% 4320 cache_mgr webmaster_at_houtsma.net
> visible_hostname pegasus.houtsma.net icp_port 3130 always_direct allow
> all coredump_dir /var/spool/squid
>
Received on Tue Mar 09 2010 - 16:03:30 MST

This archive was generated by hypermail 2.2.0 : Tue Mar 09 2010 - 12:00:02 MST