Re: [squid-users] squid upgrade issue and tunnelled ssh connections

From: Simon Beale <simon_at_minos.org.uk>
Date: Sat, 11 Jan 2014 12:06:45 +0000

Heya

Squid Cache: Version 3.4.2
configure options: '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-eui' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,LDAP_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-ssl-crtd' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=32768' '--with-dl' '--with-openssl' '--with-pthreads' '--disable-arch-native' 'build_alias=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig’

Yes, I can ssh from the proxy machine. I’ve also run the test trying to connect via squid to another host on the same vlan as the squid host, to ensure that there’s no random firewall/router/switch oddness going on, with the same results.

Thanks

Simon

On 11 Jan 2014, at 02:28, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:

> Hey Simon,
>
> What is the output of "squid -v"?
> It can be related to squid and not..
> Can you ssh from the proxy machine?
>
> Eliezer
>
> On 10/01/14 19:45, Simon Beale wrote:
>> Hi
>>
>> I'm trying to upgrade our squid proxies from 3.1.19 to 3.4.2, and have hit
>> a problem where I can no longer proxy ssh/sftp connections through after
>> the upgrade.
>>
>> For testing, I've heavily cut down my squid.conf, to the following
>> configuration on 3.1.19, 3.3.11 and 3.4.2:
>
>
Received on Sat Jan 11 2014 - 12:07:05 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 11 2014 - 12:00:04 MST