Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection problems to upstream proxies after squid package upgrade

    Scheduled Pinned Locked Moved
    Cache/Proxy
    2
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      patrick75
      last edited by

      Dear all,

      I am running a Netgate 1541, which is configured as transparent firewall and transparent firewall. I upgraded the machine recently to "22.05-RELEASE" and squid package to 0.4.45_8 with squid-5.4.1. Squidguard is not installed.

      Squid is configured to use 2 upstream Squid proxies and following advanved config:

      never_direct allow all 
always_direct deny all

      Since the Upgrade, web access is completely unreliable, even when accessing the proxy directly via Port 3128, bypassing the transparent proxy.

      Adding

      debug_options 15,2

      gives some errors in cache.log:

      2023/02/07 16:00:01.037 kid1| TCP connection to xxx.xxx.243.53/3128 failed
    current master transaction: master6841308
2023/02/07 16:00:01.037 kid1| TCP connection to xxx.xxx.243.54/3128 failed
    current master transaction: master6841308

      There is no ressource problem with States, MBUF, Files or CPU. Squid never uses Swap. I did package captures at various points, where I do not see anything wrong.

      Any ideas? Is there a chance to upgrade or downgrade squid?

      P 2 Replies Last reply Reply Quote 0
      • P
        patrick75 @patrick75
        last edited by

        Similar issues found until now:

        https://www.spinics.net/lists/squid/msg94690.html

        1 Reply Last reply Reply Quote 0
        • P
          patrick75 @patrick75
          last edited by

          @patrick75 said in Connection problems to upstream proxies after squid package upgrade:

          I am running a Netgate 1541, which is configured as transparent firewall and transparent firewall

          Should have been:
          I am running a Netgate 1541, which is configured as transparent firewall and transparent proxy

          1 Reply Last reply Reply Quote 0
          • B
            benisfroms
            last edited by

            Ensure that the upstream Squid proxies (xxx.xxx.243.53 and xxx.xxx.243.54) are reachable and responsive. You can test this using tools like telnet or nc from the Netgate firewall. Double-check your Squid configuration settings to make sure there are no typos or misconfigurations. Pay close attention to the upstream proxy settings. Ensure that the version of Squid you are using (5.4.1) is compatible with your current environment and the other proxies. And remember, you can buy proxies quickly, but it's important to find a company you trust. Check the release notes for any known issues or updates related to your configuration. If the issue started after upgrading Squid, you might consider downgrading to a previous version that was stable in your environment. You can check the Squid release history and choose a version that was working well for you. Verify that there are no firewall rules blocking the Squid proxy from establishing connections to the upstream proxies. This includes both the Netgate firewall rules and any external firewalls.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post