RE: [squid-users] Squid3 on CentOS 6 and tproxy [FIXED]

From: Ritter, Nicholas <Nicholas.Ritter_at_americantv.com>
Date: Wed, 13 Jul 2011 22:47:10 -0500

I updated with the squid-3.1.10 rpm , using rpmbuild to rebuild it....I figured the squid 3.1.4 that came with cent6 was old enough to be asking for trouble.

The 3.1.10 RPM built fine, installed fine, but gave the same error on startup, but only when attempting a startup using the init script supplied by the RPM file. Doing a "service squid start" would always give the error:

2011/07/13 22:32:23| FATAL: http(s)_port: TPROXY support in the system does not work.
FATAL: Bungled squid.conf line 66: http_port 3129 tproxy
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.006 user + 0.002 sys
Maximum Resident Size: 21984 KB
Page faults with physical i/o: 0
2011/07/13 22:34:38| WARNING cache_mem is larger than total disk cache space!

(This is assuming on have http_port 3129 tproxy in /etc/squid/squid.conf)

When I started the squid process as root manually, I didn't get an error.

So I then issued the following on the root command line:

setsebool squid_connect_any=1
setsebool squid_use_tproxy=1

Note: using "=any" as noted on the squid wiki gave an illegal Boolean error from setsebool.

After doing this, I can now do "service squid start" and it doesn't error. Squid is now starting and it is registering with the router via WCCP.

Tomorrow I will test tproxy/squid operation with clients and see how things go. Assuming everything works, I will have a fairly easy centos v6 Squid/TPROXY/WCCP howto to share.

CentOS 6 has been pretty stable in testing both in the beta and the release.

Nicholas



-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Wednesday, July 13, 2011 6:28 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Squid3 on CentOS 6 and tproxy


 On Wed, 13 Jul 2011 15:54:54 -0500, Ritter, Nicholas wrote:
> In testing CentOS 6 and Squid v3.1 (as it comes with CentOS 6) I get
> the error on squid startup:
>
> 2011/07/13 15:36:45| Processing Configuration File:
> /etc/squid/squid.conf (depth 0)
> 2011/07/13 15:36:45| Starting IP Spoofing on port [::]:3129
> 2011/07/13 15:36:45| Disabling Authentication on port [::]:3129 (IP
> spoofing enabled)
> 2011/07/13 15:36:45| FATAL: http(s)_port: TPROXY support in the system
> does not work.
>
> I think this may be related to capability checking based on a
> squid-users thread I read which was dated 2/2/2010.
>
> Before I go and download and build a squid-3.1.14 rpm for CentOS 6,
> can someone comment on this issue, and any fixes, etc.?
>
> I am working on a an updated CentOS 6 with squid, TPROXY, and WCCP
> setup howto.
>
> Thanks,
>
> Nicholas

 If your version was from before the TPROXY probing was added, then an upgrade is definitely useful. If only to know what is broken. Probing added debug level 3,3 log entries about the capabilities and build now tests some library version requirements.


 Amos


Received on Thu Jul 14 2011 - 03:47:17 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 14 2011 - 12:00:02 MDT