[squid-users] Fwd: trouble opening port on 3130/https_port

From: Gregory K. Spranger <greg_at_spranger.us>
Date: Mon, 7 Oct 2013 21:10:54 -0400

hi there .. here are my details:

squid/OS details

squid 3.3.9 compiled from source with:

    ./configure --prefix=/usr \
    --includedir=/usr/include \
    --datadir=/usr/share/squid \
    --bindir=/usr/sbin \
    --libexecdir=/usr/lib/squid \
    --localstatedir=/var/run/squid \
    --sysconfdir=/etc/squid \
    --with-default-user=squid \
    --with-logdir=/var/log/squid \
    --enable-ssl \
    --with-openssl=/usr/include/openssl/ \

using OS

Linux version 2.6.18-348.1.1.el5
(mockbuild_at_x86-010.build.bos.redhat.com) (gcc version 4.1.2 20080704
(Red Hat 4.1.2-54)) #1 SMP F
ri Dec 14 05:25:59 EST 2012

my squid.conf is very simple

debug_options ALL,6
ssl_bump client-first all
sslproxy_cert_error allow all
#sslproxy_cert_adapt setCommonName ssl::certDomainMismatch
https_port 3130 transparent ssl-bump
http_port 3128 transparent
access_log /var/log/squid/access.log squid
always_direct allow all
cache deny all
acl http proto http
acl https proto https
acl port_80 port 80
acl port_443 port 443
acl allowed_sites dstdomain "/etc/squid/allowed_domains"
http_access allow http port_80 allowed_sites
http_access allow https port_443 allowed_sites
http_access deny all
visible_hostname localhost

but this is the error i am getting:

2013/10/07 20:50:00.237 kid1| tools.cc(619) leave_suid: leave_suid:
PID 17862 giving up root, becoming 'squid'
2013/10/07 20:50:00.238 kid1| StartListening.cc(55) StartListening:
opened listen local= remote=[::] FD 11 flags=41
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(85) ScheduleCall:
StartListening.cc(56) will call
clientListenerConnectionOpened(local= remote=[::] FD 11
flags=41, err=0, HTTP Socket port=0x7c8e838) [call2]
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(18) AsyncCall: The
AsyncCall httpsAccept constructed, this=0x8233a20 [call3]
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(18) AsyncCall: The
AsyncCall clientListenerConnectionOpened constructed, this=0x8233aa0
2013/10/07 20:50:00.238 kid1| tools.cc(664) enter_suid: enter_suid:
PID 17862 taking root privileges
2013/10/07 20:50:00.238 kid1| comm.cc(554) comm_openex: comm_openex:
Attempt open socket for:
2013/10/07 20:50:00.238 kid1| comm.cc(595) comm_openex: comm_openex:
Opened socket local= remote=[::] FD 12 flags=1 : family=2,
type=1, protocol=6
2013/10/07 20:50:00.238 kid1| comm.cc(637) comm_init_opened:
local= remote=[::] FD 12 flags=1 is a new socket
2013/10/07 20:50:00.238 kid1| fd.cc(221) fd_open: fd_open() FD 12 HTTPS Socket
2013/10/07 20:50:00.238 kid1| commBind: Cannot bind socket FD 12 to (13) Permission denied
2013/10/07 20:50:00.238 kid1| comm.cc(1102) _comm_close: comm_close:
start closing FD 12
2013/10/07 20:50:00.238 kid1| comm.cc(760) commUnsetFdTimeout: Remove
timeout for FD 12
2013/10/07 20:50:00.238 kid1| comm.cc(955) commCallCloseHandlers:
commCallCloseHandlers: FD 12
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(18) AsyncCall: The
AsyncCall comm_close_complete constructed, this=0x8233c60 [call5]
2013/10/07 20:50:00.238 kid1| AsyncCall.cc(85) ScheduleCall:
comm.cc(1178) will call comm_close_complete(FD 12) [call5]

3128 opens up just fine and runs AOK .. just when i use https_port it
seems to get shot down .. yes, i did check to make sure squid user can
write to /var/run/squid -- not seeing that error .. yes, i made sure
selinux isn't blocking the port ..

sudo semanage port -l | grep 3130
http_cache_port_t udp 3130, 11211

but for some reason, it just wont work .. "funny" funny thing is i
performed the "exact" same steps on a diff server that is suppose to
be identical, and it worked AOK .. just for some reason this server
doesn't like when i try to use port 3130 -- getting that nasty
"permission denied" error and debug log doesn't seem to point me to
root cause ..

thanks for any help you can offer,

Received on Tue Oct 08 2013 - 01:11:02 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 08 2013 - 12:00:21 MDT