Squid on the blink.

Gabriel Gunderson gabe at gundy.org
Wed Dec 28 11:50:46 MST 2005


Esteemed Linux hackers,

I've been using squid with good results at a site for about 6 months. 
Then, all of the sudden, things have gotten real flaky.  I've checked 
everything I can think of but the problem persists.  I've rewritten the 
rules (or added a rule) to simplify trouble shooting.  Basically, if you 
are in the local subnet you *should* be good to visit anything on the 
web using the cache.

Here is what happens...
We have about 30 users at any given time.  The typical user is Window XP 
Pro with IE.  Any one of them (it appears random) may get a time where 
squid stops working for them.  We go visit the computer they are working 
at and before we can really do anything squid starts responding again. 
The logs show nothing interesting.  The access log in particular shows 
no attempt to access anything (no HITs or MISSes etc.) for that user. 
It *seems* (and I can only say seems) to happen more frequently when 
opening a new browser.  That caused me to wonder about ntlm, samba, and 
auth in general but even after shorting out those things the problem 
remains.

The server is running iptables with traffic between the box and LAN 
wide-open and those rules haven't really changed lately anyway.

Also, I have not been able to get the the cache manager.  When I visit 
the cachemgr I get the login screen and all seems well.  After changing 
the port to 81 (my server is running on that port) and hitting 
"Continue..." I get this message "target localhost:81 not allowed in 
cachemgr.conf"  But that doesn't make sense. My cachemgr.conf has this 
"localhost:81 Allow from localhost only." as it's only line.

Below is my squid.conf and a bunch of system info.  *Any* help would be 
very, very appreciated.  I'm at the end of my rope here!

Thanks again,
Gabe

P.S. Naturally, I would be happy to provide any additional information 
that may be helpful in figuring this out.

############################################################
debug_options ALL, 9
http_port 81
cache_dir ufs /var/spool/squid 10000 16 256
maximum_object_size 50 MB

ftp_passive on
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern .               0       20%     4320

coredump_dir /var/spool/squid
ie_refresh on

auth_param ntlm program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param ntlm use_ntlm_negotiate on

auth_param basic program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Web Proxy / Caching Server
auth_param basic credentialsttl 2 hours

acl all src 0.0.0.0/0.0.0.0
deny_info CUSTOM_ALL all

# LOTS OF ACL NOT BEING USED HAVE BEEN CUT...

acl local-net src 10.0.0.0/255.255.0.0
deny_info CUSTOM_LOCAL_NET local-net

http_access allow local-net

# LOTS OF RULES SHORT CIRCUITED BY ABOVE RULE HAVE BEEN CUT...
############################################################

The server is running CentOS release 4.2 (Final)

### FDs

For file descriptors (something I've wondered about) I show this...

[root at inferno ~]# cat /proc/sys/fs/file-max
102524

[root at inferno ~]# cat /proc/sys/fs/file-nr
2205    0       102524

[root at inferno ~]# lsof | grep squid | wc -l
776

### CACHE.LOG

[root at inferno ~]# tail -14 /var/log/squid/cache.log
2005/12/28 09:45:43| Starting Squid Cache version 2.5.STABLE6 for 
i686-redhat-linux-gnu...
CPU Usage: 0.616 seconds = 0.250 user + 0.366 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 1
Memory usage for squid via mallinfo():
         total space in arena:    4636 KB
         Ordinary blocks:         4127 KB      8 blks
         Small blocks:               0 KB      5 blks
         Holding blocks:           460 KB      2 blks
         Free Small blocks:          0 KB
         Free Ordinary blocks:     508 KB
         Total in use:            4587 KB 99%
         Total free:               509 KB 11%
2005/12/28 10:32:46| Starting Squid Cache version 2.5.STABLE6 for 
i686-redhat-linux-gnu...



More information about the PLUG mailing list