SQUID não funciona após atualizar

Iniciado por rafatres, 24 de Setembro de 2014, 14:17

tópico anterior - próximo tópico
Imprimir
Ir para Fim Páginas1
Ações

rafatres

24 de Setembro de 2014, 14:17
Boa tarde,
Atualizamos um servidor do 10.04 para o 14.04 e deu conflito com o squid por conta da mudança de squid par squid3, o qual foi resolvido.
No entanto, o squid não está registrando os acessos.
O que eu fiz? Temos um outro servidor onde os acessos são registrados, está funcionando (mas em outra localização), peguei e copiei o squid.conf, adaptando para a rede problemática. Mesmo assim, não registra.
Segue os dados:

squid.conf (mydomain.tld foi alterado para preservar os dados):
Código Selecionar
http_port 3128 transparent
append_domain .inst.mydomain.tld
acl all src "/etc/squid3/ips-rede"
acl analistas src "/etc/squid3/ips-free"
acl servidores src 10.13.2.0/24
##acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
visible_hostname none
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 22          # voip
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl Unsafe_ports port 9666
acl purge method PURGE
acl CONNECT method CONNECT
acl download urlpath_regex "/etc/squid3/downloads"
acl blockedsites url_regex -i "/etc/squid3/proibidos"
acl blacklist-origem src "/etc/squid3/blacklist-origem"
#acl blacklist-origem url_regex -i "/etc/squid3/blacklist-origem"
acl allowedsites url_regex -i "/etc/squid3/permitidos"
acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
acl proxys url_regex -i "/etc/squid3/proxys"
acl allowall url_regex -i "/etc/squid3/allowall"
###
#cls de tempo
acl manha time MTWHF 07:00-11:45
acl almoco time MTWHF 11:45-13:30
acl tarde time MTWHF 13:30-18:00
acl noite time MTWHF 18:00-23:30
#
http_access allow manager localhost
http_access deny blacklist-origem
###
http_access allow allowtimedsites servidores almoco
http_access allow allowtimedsites servidores noite
http_access allow allowedsites servidores
http_access allow allowall
http_access allow analistas
http_access deny blockedsites
http_access deny proxys
http_access deny download
###
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny Unsafe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
##access_log /var/log/squid3/access.log squid
access_log stdio:/var/log/squid3/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
#extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid3

Após reiniciar, encontro essa entrada em /var/log/syslog:
Código Selecionar
Sep 24 10:34:56 U13S001 kernel: [ 3995.905472] init: squid3 main process (3339) killed by KILL signal

mas o processo está rodando:
Código Selecionar

# ps aux | grep squid
proxy     3296  0.0  4.2 113400 20080 ?        Ss   10:20   0:00 /usr/sbin/squid3 -N -YC -f /etc/squid3/squid.conf
root      3318  0.0  0.1  11744   892 pts/0    S+   10:33   0:00 grep --color=auto squid

e no firewall existe as regras para redirecionar para o squid:
Código Selecionar
# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 40267 packets, 7367K bytes)
pkts bytes target prot opt in out source destination
31316 1721K REDIRECT tcp -- wccp1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128

Chain INPUT (policy ACCEPT 63848 packets, 8669K bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 22295 packets, 1596K bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 22295 packets, 1596K bytes)
pkts bytes target prot opt in out source destination

Alguém poderia dar uma ideia de como resolver esse problema?
Obrigado,

acolatto

#1
25 de Setembro de 2014, 13:48
Não encontrei a regra no seu iptables para INPUT na porta 3128.

Tente adicionar a regra de liberação para INPUT dessa porta.

rafatres

#2
25 de Setembro de 2014, 14:23
Olá,
Não há necessidade de regra na tabela do INPUT pois ele trabalha na do NAT, pegando o que chega na porta 80 e redirecionando para a 3128.
Ainda aguardo ajuda para tentar solucionar esse problema.
Obrigado,

zekkerj

#3
27 de Setembro de 2014, 23:09
Citar##access_log /var/log/squid3/access.log squid
access_log stdio:/var/log/squid3/access.log squid

Essa opção "stdio:" me é estranha. Pq a primeira linha foi comentada?
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

rafatres

#4
29 de Setembro de 2014, 15:17
zekkerj,
Realmente não sei o que significa. Comentei essa linha e descomentei a anterior, mas nada. Não registra nada em /var/log/squid3/access.log.
Obrigado,

zekkerj

#5
29 de Setembro de 2014, 16:11
Execute o comando abaixo e cole o resultado aqui.

squid3 -k parse
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

rafatres

#6
30 de Setembro de 2014, 09:15 Última edição: 30 de Setembro de 2014, 17:50 por rafatres
Bom dia,
Segue:
Código Selecionar
# squid3 -k parse
2014/09/30 09:14:49| Startup: Initializing Authentication Schemes ...
2014/09/30 09:14:49| Startup: Initialized Authentication Scheme 'basic'
2014/09/30 09:14:49| Startup: Initialized Authentication Scheme 'digest'
2014/09/30 09:14:49| Startup: Initialized Authentication Scheme 'negotiate'
2014/09/30 09:14:49| Startup: Initialized Authentication Scheme 'ntlm'
2014/09/30 09:14:49| Startup: Initialized Authentication.
2014/09/30 09:14:49| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2014/09/30 09:14:49| Processing: http_port 3128 transparent
2014/09/30 09:14:49| Starting Authentication on port [::]:3128
2014/09/30 09:14:49| Disabling Authentication on port [::]:3128 (interception enabled)
2014/09/30 09:14:49| Disabling IPv6 on port [::]:3128 (interception enabled)
2014/09/30 09:14:49| Processing: append_domain .inst.myhost.com
2014/09/30 09:14:49| Processing: acl all src "/etc/squid3/ips-rede"
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /24
2014/09/30 09:14:49| WARNING: (A) '10.13.0.0/24' is a subnetwork of (B) '::/0'
2014/09/30 09:14:49| WARNING: because of this '10.13.0.0/24' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '10.13.0.0/24' from the ACL named 'all'
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /23
2014/09/30 09:14:49| WARNING: (A) '10.13.4.0/23' is a subnetwork of (B) '::/0'
2014/09/30 09:14:49| WARNING: because of this '10.13.4.0/23' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '10.13.4.0/23' from the ACL named 'all'
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /23
2014/09/30 09:14:49| WARNING: (A) '10.13.6.0/23' is a subnetwork of (B) '::/0'
2014/09/30 09:14:49| WARNING: because of this '10.13.6.0/23' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '10.13.6.0/23' from the ACL named 'all'
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /23
2014/09/30 09:14:49| WARNING: (A) '10.13.8.0/23' is a subnetwork of (B) '::/0'
2014/09/30 09:14:49| WARNING: because of this '10.13.8.0/23' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '10.13.8.0/23' from the ACL named 'all'
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /22
2014/09/30 09:14:49| WARNING: (A) '10.13.12.0/22' is a subnetwork of (B) '::/0'
2014/09/30 09:14:49| WARNING: because of this '10.13.12.0/22' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '10.13.12.0/22' from the ACL named 'all'
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /21
2014/09/30 09:14:49| WARNING: (A) '10.13.16.0/21' is a subnetwork of (B) '::/0'
2014/09/30 09:14:49| WARNING: because of this '10.13.16.0/21' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '10.13.16.0/21' from the ACL named 'all'
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /29
2014/09/30 09:14:49| WARNING: (A) '10.13.101.0/29' is a subnetwork of (B) '::/0'
2014/09/30 09:14:49| WARNING: because of this '10.13.101.0/29' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '10.13.101.0/29' from the ACL named 'all'
2014/09/30 09:14:49| Processing: acl analistas src "/etc/squid3/ips-free"
2014/09/30 09:14:49| Processing: acl servidores src 10.13.2.0/24
2014/09/30 09:14:49| Processing: acl localhost src 127.0.0.1/255.255.255.255
2014/09/30 09:14:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2014/09/30 09:14:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2014/09/30 09:14:49| WARNING: For now we will assume you meant to write /32
2014/09/30 09:14:49| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/09/30 09:14:49| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/09/30 09:14:49| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/09/30 09:14:49| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/09/30 09:14:49| Processing: acl to_localhost dst 127.0.0.0/8
2014/09/30 09:14:49| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2014/09/30 09:14:49| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2014/09/30 09:14:49| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2014/09/30 09:14:49| Processing: visible_hostname none
2014/09/30 09:14:49| Processing: acl SSL_ports port 443          # https
2014/09/30 09:14:49| Processing: acl SSL_ports port 563          # snews
2014/09/30 09:14:49| Processing: acl SSL_ports port 873          # rsync
2014/09/30 09:14:49| Processing: acl Safe_ports port 80          # http
2014/09/30 09:14:49| Processing: acl Safe_ports port 21          # ftp
2014/09/30 09:14:49| Processing: acl Safe_ports port 22          # voip
2014/09/30 09:14:49| Processing: acl Safe_ports port 443         # https
2014/09/30 09:14:49| Processing: acl Safe_ports port 70          # gopher
2014/09/30 09:14:49| Processing: acl Safe_ports port 210         # wais
2014/09/30 09:14:49| Processing: acl Safe_ports port 1025-65535  # unregistered ports
2014/09/30 09:14:49| Processing: acl Safe_ports port 280         # http-mgmt
2014/09/30 09:14:49| Processing: acl Safe_ports port 488         # gss-http
2014/09/30 09:14:49| Processing: acl Safe_ports port 591         # filemaker
2014/09/30 09:14:49| Processing: acl Safe_ports port 777         # multiling http
2014/09/30 09:14:49| Processing: acl Safe_ports port 631         # cups
2014/09/30 09:14:49| Processing: acl Safe_ports port 873         # rsync
2014/09/30 09:14:49| Processing: acl Safe_ports port 901         # SWAT
2014/09/30 09:14:49| Processing: acl Unsafe_ports port 9666
2014/09/30 09:14:49| Processing: acl purge method PURGE
2014/09/30 09:14:49| Processing: acl CONNECT method CONNECT
2014/09/30 09:14:49| Processing: acl download urlpath_regex "/etc/squid3/downloads"
2014/09/30 09:14:49| Processing: acl blockedsites url_regex -i "/etc/squid3/proibidos"
2014/09/30 09:14:49| Processing: acl blacklist-origem src "/etc/squid3/blacklist-origem"
2014/09/30 09:14:49| Warning: empty ACL: acl blacklist-origem src "/etc/squid3/blacklist-origem"
2014/09/30 09:14:49| Processing: acl allowedsites url_regex -i "/etc/squid3/permitidos"
2014/09/30 09:14:49| Processing: acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
2014/09/30 09:14:49| Warning: empty ACL: acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
2014/09/30 09:14:49| Processing: acl proxys url_regex -i "/etc/squid3/proxys"
2014/09/30 09:14:49| Processing: acl allowall url_regex -i "/etc/squid3/allowall"
2014/09/30 09:14:49| Processing: acl manha time MTWHF 07:00-11:45
2014/09/30 09:14:49| Processing: acl almoco time MTWHF 11:45-13:30
2014/09/30 09:14:49| Processing: acl tarde time MTWHF 13:30-18:00
2014/09/30 09:14:49| Processing: acl noite time MTWHF 18:00-23:30
2014/09/30 09:14:49| Processing: http_access allow manager localhost
2014/09/30 09:14:49| Processing: http_access deny blacklist-origem
2014/09/30 09:14:49| Processing: http_access allow allowtimedsites servidores almoco
2014/09/30 09:14:49| Processing: http_access allow allowtimedsites servidores noite
2014/09/30 09:14:49| Processing: http_access allow allowedsites servidores
2014/09/30 09:14:49| Processing: http_access allow allowall
2014/09/30 09:14:49| Processing: http_access allow analistas
2014/09/30 09:14:49| Processing: http_access deny blockedsites
2014/09/30 09:14:49| Processing: http_access deny proxys
2014/09/30 09:14:49| Processing: http_access deny download
2014/09/30 09:14:49| Processing: http_access deny manager
2014/09/30 09:14:49| Processing: http_access allow purge localhost
2014/09/30 09:14:49| Processing: http_access deny purge
2014/09/30 09:14:49| Processing: http_access deny !Safe_ports
2014/09/30 09:14:49| Processing: http_access deny Unsafe_ports
2014/09/30 09:14:49| Processing: http_access deny CONNECT !SSL_ports
2014/09/30 09:14:49| Processing: http_access allow localhost
2014/09/30 09:14:49| Processing: http_access allow all
2014/09/30 09:14:49| Processing: icp_access allow all
2014/09/30 09:14:49| Processing: http_port 3128
2014/09/30 09:14:49| Processing: hierarchy_stoplist cgi-bin ?
2014/09/30 09:14:49| Processing: access_log /var/log/squid3/access.log squid
2014/09/30 09:14:49| Processing: acl QUERY urlpath_regex cgi-bin \?
2014/09/30 09:14:49| Processing: cache deny QUERY
2014/09/30 09:14:49| Processing: refresh_pattern ^ftp:           1440    20%     10080
2014/09/30 09:14:49| Processing: refresh_pattern ^gopher:        1440    0%      1440
2014/09/30 09:14:49| Processing: refresh_pattern .               0       20%     4320
2014/09/30 09:14:49| Processing: acl apache rep_header Server ^Apache
2014/09/30 09:14:49| Processing: hosts_file /etc/hosts
2014/09/30 09:14:49| Processing: coredump_dir /var/spool/squid3


Obrigado,

zekkerj

#7
30 de Setembro de 2014, 12:14
Viu que apareceram vários "warnings", certo? Embora sejam apenas avisos, e assim não impedem o squid de iniciar, eles podem fazer com que ele não funcione como vc quer. Minha sugestão é que você os resolva todos.
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

rafatres

#8
02 de Outubro de 2014, 08:28
Bom dia,
Consegui resolver os erros referentes ao CIDR.
Código Selecionar
# squid3 -k parse
2014/10/02 08:25:01| Startup: Initializing Authentication Schemes ...
2014/10/02 08:25:01| Startup: Initialized Authentication Scheme 'basic'
2014/10/02 08:25:01| Startup: Initialized Authentication Scheme 'digest'
2014/10/02 08:25:01| Startup: Initialized Authentication Scheme 'negotiate'
2014/10/02 08:25:01| Startup: Initialized Authentication Scheme 'ntlm'
2014/10/02 08:25:01| Startup: Initialized Authentication.
2014/10/02 08:25:01| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2014/10/02 08:25:01| Processing: http_port 3128 transparent
2014/10/02 08:25:01| Starting Authentication on port [::]:3128
2014/10/02 08:25:01| Disabling Authentication on port [::]:3128 (interception enabled)
2014/10/02 08:25:01| Disabling IPv6 on port [::]:3128 (interception enabled)
2014/10/02 08:25:01| Processing: append_domain .inst.mydomain
2014/10/02 08:25:01| Processing: acl all src "/etc/squid3/ips-rede"
2014/10/02 08:25:01| WARNING: (A) '10.13.0.0/24' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.0.0/24' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.0.0/24' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.4.0/23' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.4.0/23' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.4.0/23' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.6.0/23' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.6.0/23' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.6.0/23' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.8.0/23' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.8.0/23' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.8.0/23' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.12.0/22' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.12.0/22' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.12.0/22' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.16.0/21' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.16.0/21' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.16.0/21' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.101.0/29' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.101.0/29' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.101.0/29' from the ACL named 'all'
2014/10/02 08:25:01| Processing: acl analistas src "/etc/squid3/ips-free"
2014/10/02 08:25:01| Processing: acl servidores src 10.13.2.0/24
2014/10/02 08:25:01| Processing: acl localhost src 127.0.0.1/32
2014/10/02 08:25:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/10/02 08:25:01| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/10/02 08:25:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/10/02 08:25:01| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/10/02 08:25:01| Processing: acl to_localhost dst 127.0.0.0/8
2014/10/02 08:25:01| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2014/10/02 08:25:01| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2014/10/02 08:25:01| Processing: visible_hostname none
2014/10/02 08:25:01| Processing: acl SSL_ports port 443          # https
2014/10/02 08:25:01| Processing: acl SSL_ports port 563          # snews
2014/10/02 08:25:01| Processing: acl SSL_ports port 873          # rsync
2014/10/02 08:25:01| Processing: acl Safe_ports port 80          # http
2014/10/02 08:25:01| Processing: acl Safe_ports port 21          # ftp
2014/10/02 08:25:01| Processing: acl Safe_ports port 22          # voip
2014/10/02 08:25:01| Processing: acl Safe_ports port 443         # https
2014/10/02 08:25:01| Processing: acl Safe_ports port 70          # gopher
2014/10/02 08:25:01| Processing: acl Safe_ports port 210         # wais
2014/10/02 08:25:01| Processing: acl Safe_ports port 1025-65535  # unregistered ports
2014/10/02 08:25:01| Processing: acl Safe_ports port 280         # http-mgmt
2014/10/02 08:25:01| Processing: acl Safe_ports port 488         # gss-http
2014/10/02 08:25:01| Processing: acl Safe_ports port 591         # filemaker
2014/10/02 08:25:01| Processing: acl Safe_ports port 777         # multiling http
2014/10/02 08:25:01| Processing: acl Safe_ports port 631         # cups
2014/10/02 08:25:01| Processing: acl Safe_ports port 873         # rsync
2014/10/02 08:25:01| Processing: acl Safe_ports port 901         # SWAT
2014/10/02 08:25:01| Processing: acl Unsafe_ports port 9666
2014/10/02 08:25:01| Processing: acl purge method PURGE
2014/10/02 08:25:01| Processing: acl CONNECT method CONNECT
2014/10/02 08:25:01| Processing: acl download urlpath_regex "/etc/squid3/downloads"
2014/10/02 08:25:01| Processing: acl blockedsites url_regex -i "/etc/squid3/proibidos"
2014/10/02 08:25:01| Processing: acl blacklist-origem src "/etc/squid3/blacklist-origem"
2014/10/02 08:25:01| Warning: empty ACL: acl blacklist-origem src "/etc/squid3/blacklist-origem"
2014/10/02 08:25:01| Processing: acl allowedsites url_regex -i "/etc/squid3/permitidos"
2014/10/02 08:25:01| Processing: acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
2014/10/02 08:25:01| Warning: empty ACL: acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
2014/10/02 08:25:01| Processing: acl proxys url_regex -i "/etc/squid3/proxys"
2014/10/02 08:25:01| Processing: acl allowall url_regex -i "/etc/squid3/allowall"
2014/10/02 08:25:01| Processing: acl manha time MTWHF 07:00-11:45
2014/10/02 08:25:01| Processing: acl almoco time MTWHF 11:45-13:30
2014/10/02 08:25:01| Processing: acl tarde time MTWHF 13:30-18:00
2014/10/02 08:25:01| Processing: acl noite time MTWHF 18:00-23:30
2014/10/02 08:25:01| Processing: http_access allow manager localhost
2014/10/02 08:25:01| Processing: http_access deny blacklist-origem
2014/10/02 08:25:01| Processing: http_access allow allowtimedsites servidores almoco
2014/10/02 08:25:01| Processing: http_access allow allowtimedsites servidores noite
2014/10/02 08:25:01| Processing: http_access allow allowedsites servidores
2014/10/02 08:25:01| Processing: http_access allow allowall
2014/10/02 08:25:01| Processing: http_access allow analistas
2014/10/02 08:25:01| Processing: http_access deny blockedsites
2014/10/02 08:25:01| Processing: http_access deny proxys
2014/10/02 08:25:01| Processing: http_access deny download
2014/10/02 08:25:01| Processing: http_access deny manager
2014/10/02 08:25:01| Processing: http_access allow purge localhost
2014/10/02 08:25:01| Processing: http_access deny purge
2014/10/02 08:25:01| Processing: http_access deny !Safe_ports
2014/10/02 08:25:01| Processing: http_access deny Unsafe_ports
2014/10/02 08:25:01| Processing: http_access deny CONNECT !SSL_ports
2014/10/02 08:25:01| Processing: http_access allow localhost
2014/10/02 08:25:01| Processing: http_access allow all
2014/10/02 08:25:01| Processing: icp_access allow all
2014/10/02 08:25:01| Processing: http_port 3128
2014/10/02 08:25:01| Processing: hierarchy_stoplist cgi-bin ?
2014/10/02 08:25:01| Processing: access_log /var/log/squid3/access.log squid
2014/10/02 08:25:01| Processing: acl QUERY urlpath_regex cgi-bin \?
2014/10/02 08:25:01| Processing: cache deny QUERY
2014/10/02 08:25:01| Processing: refresh_pattern ^ftp:           1440    20%     10080
2014/10/02 08:25:01| Processing: refresh_pattern ^gopher:        1440    0%      1440
2014/10/02 08:25:01| Processing: refresh_pattern .               0       20%     4320
2014/10/02 08:25:01| Processing: acl apache rep_header Server ^Apache
2014/10/02 08:25:01| Processing: hosts_file /etc/hosts
2014/10/02 08:25:01| Processing: coredump_dir /var/spool/squid3

Só que esse tipo de erro:
Código Selecionar
2014/10/02 08:25:01| WARNING: (A) '10.13.0.0/24' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.0.0/24' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.0.0/24' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.4.0/23' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.4.0/23' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.4.0/23' from the ACL named 'all'
2014/10/02 08:25:01| WARNING: (A) '10.13.6.0/23' is a subnetwork of (B) '::/0'
2014/10/02 08:25:01| WARNING: because of this '10.13.6.0/23' is ignored to keep splay tree searching predictable
2014/10/02 08:25:01| WARNING: You should probably remove '10.13.6.0/23' from the ACL named 'all'
Não sei como resolver, pois pelo que vi teria que apagar boa parte das configurações, ou seja, iria alterar os bloqueios.
Basicamente, pelos erros, eu teria que refazer o squid.conf, procede?
Obrigado,

zekkerj

#9
02 de Outubro de 2014, 14:15
Vc tem a ACL "all" no seu squid.conf? Se tiver, retire-a e tente novamente.
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

rafatres

#10
07 de Outubro de 2014, 09:17
Bom dia,
Código Selecionar
3# squid3 -k parse
2014/10/07 09:14:00| Startup: Initializing Authentication Schemes ...
2014/10/07 09:14:00| Startup: Initialized Authentication Scheme 'basic'
2014/10/07 09:14:00| Startup: Initialized Authentication Scheme 'digest'
2014/10/07 09:14:00| Startup: Initialized Authentication Scheme 'negotiate'
2014/10/07 09:14:00| Startup: Initialized Authentication Scheme 'ntlm'
2014/10/07 09:14:00| Startup: Initialized Authentication.
2014/10/07 09:14:00| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2014/10/07 09:14:00| Processing: http_port 3128 transparent
2014/10/07 09:14:00| Starting Authentication on port [::]:3128
2014/10/07 09:14:00| Disabling Authentication on port [::]:3128 (interception enabled)
2014/10/07 09:14:00| Disabling IPv6 on port [::]:3128 (interception enabled)
2014/10/07 09:14:00| Processing: append_domain .inst.mydomain.com
2014/10/07 09:14:00| Processing: acl analistas src "/etc/squid3/ips-free"
2014/10/07 09:14:00| Processing: acl servidores src 10.13.2.0/24
2014/10/07 09:14:00| Processing: acl localhost src 127.0.0.1/32
2014/10/07 09:14:00| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/10/07 09:14:00| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/10/07 09:14:00| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/10/07 09:14:00| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/10/07 09:14:00| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/10/07 09:14:00| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/10/07 09:14:00| Processing: acl to_localhost dst 127.0.0.0/8
2014/10/07 09:14:00| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2014/10/07 09:14:00| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2014/10/07 09:14:00| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2014/10/07 09:14:00| Processing: visible_hostname none
2014/10/07 09:14:00| Processing: acl SSL_ports port 443          # https
2014/10/07 09:14:00| Processing: acl SSL_ports port 563          # snews
2014/10/07 09:14:00| Processing: acl SSL_ports port 873          # rsync
2014/10/07 09:14:00| Processing: acl Safe_ports port 80          # http
2014/10/07 09:14:00| Processing: acl Safe_ports port 21          # ftp
2014/10/07 09:14:00| Processing: acl Safe_ports port 22          # voip
2014/10/07 09:14:00| Processing: acl Safe_ports port 443         # https
2014/10/07 09:14:00| Processing: acl Safe_ports port 70          # gopher
2014/10/07 09:14:00| Processing: acl Safe_ports port 210         # wais
2014/10/07 09:14:00| Processing: acl Safe_ports port 1025-65535  # unregistered ports
2014/10/07 09:14:00| Processing: acl Safe_ports port 280         # http-mgmt
2014/10/07 09:14:00| Processing: acl Safe_ports port 488         # gss-http
2014/10/07 09:14:00| Processing: acl Safe_ports port 591         # filemaker
2014/10/07 09:14:00| Processing: acl Safe_ports port 777         # multiling http
2014/10/07 09:14:00| Processing: acl Safe_ports port 631         # cups
2014/10/07 09:14:00| Processing: acl Safe_ports port 873         # rsync
2014/10/07 09:14:00| Processing: acl Safe_ports port 901         # SWAT
2014/10/07 09:14:00| Processing: acl Unsafe_ports port 9666
2014/10/07 09:14:00| Processing: acl purge method PURGE
2014/10/07 09:14:00| Processing: acl CONNECT method CONNECT
2014/10/07 09:14:00| Processing: acl download urlpath_regex "/etc/squid3/downloads"
2014/10/07 09:14:00| Processing: acl blockedsites url_regex -i "/etc/squid3/proibidos"
2014/10/07 09:14:00| Processing: acl blacklist-origem src "/etc/squid3/blacklist-origem"
2014/10/07 09:14:00| Warning: empty ACL: acl blacklist-origem src "/etc/squid3/blacklist-origem"
2014/10/07 09:14:00| Processing: acl allowedsites url_regex -i "/etc/squid3/permitidos"
2014/10/07 09:14:00| Processing: acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
2014/10/07 09:14:00| Warning: empty ACL: acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
2014/10/07 09:14:00| Processing: acl proxys url_regex -i "/etc/squid3/proxys"
2014/10/07 09:14:00| Processing: acl allowall url_regex -i "/etc/squid3/allowall"
2014/10/07 09:14:00| Processing: acl manha time MTWHF 07:00-11:45
2014/10/07 09:14:00| Processing: acl almoco time MTWHF 11:45-13:30
2014/10/07 09:14:00| Processing: acl tarde time MTWHF 13:30-18:00
2014/10/07 09:14:00| Processing: acl noite time MTWHF 18:00-23:30
2014/10/07 09:14:00| Processing: http_access allow manager localhost
2014/10/07 09:14:00| Processing: http_access deny blacklist-origem
2014/10/07 09:14:00| Processing: http_access allow allowtimedsites servidores almoco
2014/10/07 09:14:00| Processing: http_access allow allowtimedsites servidores noite
2014/10/07 09:14:00| Processing: http_access allow allowedsites servidores
2014/10/07 09:14:00| Processing: http_access allow allowall
2014/10/07 09:14:00| Processing: http_access allow analistas
2014/10/07 09:14:00| Processing: http_access deny blockedsites
2014/10/07 09:14:00| Processing: http_access deny proxys
2014/10/07 09:14:00| Processing: http_access deny download
2014/10/07 09:14:00| Processing: http_access deny manager
2014/10/07 09:14:00| Processing: http_access allow purge localhost
2014/10/07 09:14:00| Processing: http_access deny purge
2014/10/07 09:14:00| Processing: http_access deny !Safe_ports
2014/10/07 09:14:00| Processing: http_access deny Unsafe_ports
2014/10/07 09:14:00| Processing: http_access deny CONNECT !SSL_ports
2014/10/07 09:14:00| Processing: http_access allow localhost
2014/10/07 09:14:00| Processing: http_access allow all
2014/10/07 09:14:00| Processing: icp_access allow all
2014/10/07 09:14:00| Processing: http_port 3128
2014/10/07 09:14:00| Processing: hierarchy_stoplist cgi-bin ?
2014/10/07 09:14:00| Processing: access_log /var/log/squid3/access.log squid
2014/10/07 09:14:00| Processing: acl QUERY urlpath_regex cgi-bin \?
2014/10/07 09:14:00| Processing: cache deny QUERY
2014/10/07 09:14:00| Processing: refresh_pattern ^ftp:           1440    20%     10080
2014/10/07 09:14:00| Processing: refresh_pattern ^gopher:        1440    0%      1440
2014/10/07 09:14:00| Processing: refresh_pattern .               0       20%     4320
2014/10/07 09:14:00| Processing: acl apache rep_header Server ^Apache
2014/10/07 09:14:00| Processing: hosts_file /etc/hosts
2014/10/07 09:14:00| Processing: coredump_dir /var/spool/squid3


squid.conf:
Código Selecionar
http_port 3128 transparent
append_domain .inst.mydomain
#acl all src "/etc/squid3/ips-rede"
acl analistas src "/etc/squid3/ips-free"
acl servidores src 10.13.2.0/24
##acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
visible_hostname none
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 22          # voip
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl Unsafe_ports port 9666
acl purge method PURGE
acl CONNECT method CONNECT
acl download urlpath_regex "/etc/squid3/downloads"
acl blockedsites url_regex -i "/etc/squid3/proibidos"
acl blacklist-origem src "/etc/squid3/blacklist-origem"
#acl blacklist-origem url_regex -i "/etc/squid3/blacklist-origem"
acl allowedsites url_regex -i "/etc/squid3/permitidos"
acl allowtimedsites url_regex -i "/etc/squid3/allowtimedsites"
acl proxys url_regex -i "/etc/squid3/proxys"
acl allowall url_regex -i "/etc/squid3/allowall"
###
###
#cls de tempo
acl manha time MTWHF 07:00-11:45
acl almoco time MTWHF 11:45-13:30
acl tarde time MTWHF 13:30-18:00
acl noite time MTWHF 18:00-23:30
#
http_access allow manager localhost
http_access deny blacklist-origem
###
http_access allow allowtimedsites servidores almoco
http_access allow allowtimedsites servidores noite
http_access allow allowedsites servidores
http_access allow allowall
http_access allow analistas
http_access deny blockedsites
http_access deny proxys
http_access deny download
###
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny Unsafe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
##access_log stdio:/var/log/squid3/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
#extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid3


Att.,

zekkerj

#11
07 de Outubro de 2014, 14:31
Ainda há alguns warnings.
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D
Imprimir
Ir para Topo Páginas1
Ações