# Squid ignores incoming requests

## Napalm Llama

For some reason Squid is ignoring all incoming requests.  I know it isn't a firewall or client config issue, because Wireshark shows me the 3-way TCP handshake happening, and also the ACK packet from Squid in response to the client's HTTP request packet.

So Squid itself is ignoring the clients, and  I can't figure out why.

Here's my /etc/squid/squid.conf

```
http_port 3128

#http_port 3128 transparent

cache_mem 20 MB

visible_hostname muttley

# [mb diskspace to use] [how many directories to use] [subdirs]

cache_dir ufs /var/cache/squid 512 16 256

offline_mode off # Serve from cache by default

maximum_object_size 102400 KB

reload_into_ims off # Don't refetch on refresh

pipeline_prefetch on

acl my_network src 78.32.xxx.xxx/28

acl localhost src 127.0.0.1

acl all src 0.0.0.0/0

http_access allow my_network localhost

http_access deny all
```

Have I configured it wrong?  This is my first attempt at getting Squid working, so I'm probably missing something really obvious.  What do I need to fix?

Cheers  :Smile: 

----------

## di1bert

I'd start by firing it up in the foreground with some debugging to see where the problem might be

with squid -DNsYd5

Try that and see what errors (if any) it spits out...

HTH

-m

----------

## Napalm Llama

It says this as it starts up:

```
2007/11/20 14:25:30| Starting Squid Cache version 2.6.STABLE16 for powerpc-gentoo-linux-uclibc...

2007/11/20 14:25:30| Process ID 28713

2007/11/20 14:25:30| With 1024 file descriptors available

2007/11/20 14:25:30| Using epoll for the IO loop

2007/11/20 14:25:30| DNS Socket created at 0.0.0.0, port 2651, FD 6

2007/11/20 14:25:30| Adding nameserver 195.74.xxx.yyy from /etc/resolv.conf

2007/11/20 14:25:30| Adding nameserver 195.74.xxx.zzz from /etc/resolv.conf

2007/11/20 14:25:30| Adding nameserver 127.0.0.1 from /etc/resolv.conf

2007/11/20 14:25:30| User-Agent logging is disabled.

2007/11/20 14:25:30| Referer logging is disabled.

2007/11/20 14:25:30| Unlinkd pipe opened on FD 10

2007/11/20 14:25:30| Swap maxSize 524288 KB, estimated 40329 objects

2007/11/20 14:25:30| Target number of buckets: 2016

2007/11/20 14:25:30| Using 8192 Store buckets

2007/11/20 14:25:30| Max Mem  size: 20480 KB

2007/11/20 14:25:30| Max Swap size: 524288 KB

2007/11/20 14:25:30| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec

2007/11/20 14:25:30| Rebuilding storage in /var/cache/squid (CLEAN)

2007/11/20 14:25:30| Using Least Load store dir selection

2007/11/20 14:25:30| Current Directory is /root

2007/11/20 14:25:30| Loaded Icons.

2007/11/20 14:25:31| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 12.

2007/11/20 14:25:31| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.

2007/11/20 14:25:31| HTCP Disabled.

2007/11/20 14:25:31| WCCP Disabled.

2007/11/20 14:25:31| Ready to serve requests.

2007/11/20 14:25:31| Done reading /var/cache/squid swaplog (0 entries)

2007/11/20 14:25:31| Finished rebuilding storage from disk.

2007/11/20 14:25:31|         0 Entries scanned

2007/11/20 14:25:31|         0 Invalid entries.

2007/11/20 14:25:31|         0 With invalid flags.

2007/11/20 14:25:31|         0 Objects loaded.

2007/11/20 14:25:31|         0 Objects expired.

2007/11/20 14:25:31|         0 Objects cancelled.

2007/11/20 14:25:31|         0 Duplicate URLs purged.

2007/11/20 14:25:31|         0 Swapfile clashes avoided.

2007/11/20 14:25:31|   Took 1.4 seconds (   0.0 objects/sec).

2007/11/20 14:25:31| Beginning Validation Procedure

2007/11/20 14:25:31|   Completed Validation Procedure

2007/11/20 14:25:31|   Validated 0 Entries

2007/11/20 14:25:31|   store_swap_size = 0k

2007/11/20 14:25:32| storeLateRelease: released 0 objects
```

And then stays silent for every connection I make to it.

For reference, this is what I typed to make the connection:

```
dd@muttley ~ $ nc 127.0.0.1 3128

GET http://www.google.co.uk/ HTTP/1.1

Host: www.google.co.uk

Connection: close

<Wait ages, then Ctrl-C>

dd@muttley ~ $ telnet 127.0.0.1 3128

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

GET http://www.bbc.co.uk/ HTTP/1.1

Host: www.bbc.co.uk

Connection: close

```

I also tried with Firefox from a different machine, but with a similar lack of results.

----------

## di1bert

Does anything come up in your cache.log or access.log files ?

-m

----------

## Napalm Llama

access.log isn't there.  Squid doesn't seem to add anything to cache.log other than its startup and shutdown messages, and also this right at the end:

```
1195491351.596 RELEASE -1 FFFFFFFF CB32EC47E84FD6BE07BE49F3ECA0C605  200 1195487751 1195487751 1195491351 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195494951.598 RELEASE -1 FFFFFFFF E4415336896EB5D05C51530CDCA096EC  200 1195491351 1195491351 1195494951 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195498551.599 RELEASE -1 FFFFFFFF ADFC7264576A37F58E95EDE3CFB4DFDC  200 1195494951 1195494951 1195498551 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195502151.601 RELEASE -1 FFFFFFFF 43B38406D625E24B97F22BF4A44B4739  200 1195498551 1195498551 1195502151 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195505751.602 RELEASE -1 FFFFFFFF 0800B64D0C31E9F334E380CC98BFFEDE  200 1195502151 1195502151 1195505751 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195509351.603 RELEASE -1 FFFFFFFF 8F8C7CE40B3A27159A85A16B4317EE9B  200 1195505751 1195505751 1195509351 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195512951.605 RELEASE -1 FFFFFFFF A63E0C651ECC12F9FCAEBCC1ADCB9A66  200 1195509351 1195509351 1195512951 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195516551.606 RELEASE -1 FFFFFFFF F9CA9A3D03543623EBAF6DA16FCAD66F  200 1195512951 1195512951 1195516551 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest

1195520151.608 RELEASE -1 FFFFFFFF 470D0A42D364E06CC39FF2D84C2389FA  200 1195516551 1195516551 1195520151 application/cache-digest 144/144 GET internal://muttley/squid-internal-periodic/store_digest
```

Also, I just noticed the console after Ctl-C 'ing the server:

```
2007/11/20 14:56:08| Preparing for shutdown after 0 requests

2007/11/20 14:56:08| Waiting 0 seconds for active connections to finish

2007/11/20 14:56:08| FD 12 Closing HTTP connection

2007/11/20 14:56:08| Shutting down...

2007/11/20 14:56:08| FD 13 Closing ICP connection

2007/11/20 14:56:08| Closing unlinkd pipe on FD 10

2007/11/20 14:56:08| storeDirWriteCleanLogs: Starting...

2007/11/20 14:56:08|   Finished.  Wrote 0 entries.

2007/11/20 14:56:08|   Took 0.0 seconds (   0.0 entries/sec).

2007/11/20 14:56:08| Squid Cache (Version 2.6.STABLE16): Exiting normally.
```

Note the first line.  It thinks it hasn't recevied any requests...

----------

## Napalm Llama

Well I've just tried to set up Squid again, on the same server, and I'm running into exactly the same problem I had 7 months ago (I gave up last time).

Does anyone know why this might be happening?  Please?

[edit:]

Just noticed the last line in dmesg:

```
grsec: From <my IP address>: signal 6 sent to /usr/sbin/squid[squid:19354] uid/euid:31/31 gid/egid:31/31, parent /usr/sbin/squid[squid:19353] uid/euid:31/31 gid/egid:31/31
```

I don't know if that's the incoming connection tripping up on some bug and causing the server process to crash, or my Ctrl-C'ing of the foregrounded server in debug mode.  I've done both things multiple times but the line in dmesg only appears once.

----------

## mortagon

I have a Squid running on my home router (hardened-gentoo). My squid.conf looks like this:

```

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl allowed_hosts src <HOME_NETWORK_ADDRESS>/24

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl Safe_ports port 901         # SWAT

acl purge method PURGE

acl CONNECT method CONNECT

visible_hostname Kthulhut

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

http_access allow allowed_hosts

http_access deny all

icp_access allow localhost allowed_hosts

icp_access deny all

# Squid normally listens to port 3128

http_port 3128 transparent

#We recommend you to use at least the following line.

hierarchy_stoplist cgi-bin ?

#       Note: 2.6.STABLE14 and earlier only supports a slightly different

#       and undocumented format with all uppercase LOG_FACILITY|LOG_PRIORITY

access_log /var/log/squid/access.log squid

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern .               0       20%     4320

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

forwarded_for off

# Leave coredumps in the first cache dir

coredump_dir /var/cache/squid

# change this path to somewhere you have enough diskspace

cache_dir ufs /usr/tmp/squid 256 16 256

```

I also have the following rule in my firewall:

```

iptables -t nat -A PREROUTING -i <INTERNAL_NETWORK_INTERFACE> -p tcp --dport 80 -j REDIRECT --to-port 3128

```

Hope that helps.

----------

