Squid Problem?
-
I set up a pfSense firewall last week for a client (to replace their firewall appliance that had just died) and have generally found it to be full of chocolately goodness. I am running into one really weird problem, though.
Any attempts to go to www.bing.com or www.yahoo.com were being turned into Google searches. That is, you try to go to Yahoo and end up on a Google search results page with the results for www.yahoo.com. I jiggled the handle a bit, and Bing seems to be working now, but Yahoo still doesn't work. For a while it was giving the Squid error screen (contact your cache administrator, etc), but now it just times out and fails.
I've tried first turning off, and then uninstalling Squid, but it still doesn't work. Going to mail.yahoo.com or search.yahoo.com works fine, but www.yahoo.com just fails. If I hook up a second gateway to the network and go out through that, bypassing pfSense, it works fine.
The only packages I've had installed are Squid, Lightsquid, Snort (currently stopped), and Bandwidthd.
Any ideas?
OK, I just tried re-installing Squid, and now I get this when I go to www.yahoo.com:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://m.www.yahoo.com/
The following error was encountered:
* Connection to Failed
The system returned:
(1) Operation not permitted
The remote host or network may be down. Please try the request again.
Your cache administrator is administrator@tssssss.com.
Generated Thu, 28 Jan 2010 18:05:26 GMT by Firewall (squid)
I have the Squid 'custom option' 'ignore_expect_100 on' set, to get around a problem with the USPS Shipping Assistant. Taking that out still gives the same error.
-
Could it be Mal/Ware on the machine?
-
Good thought, but it seems to be every computer, even a Mac, and it works fine if I go out through a different gateway.
-
Did you also install squidguard? It has some "safe search" stuff that might monkey with such things but if you disabled squid, and it still happened, that's just odd.
What DNS servers are you using? If it's OpenDNS, perhaps they are returning Google IPs for yahoo/bing/etc, but even that is unlikely.
First things first, I'd start with a PC that works and a PC that doesn't, ping www.google.com from both, then ping www.yahoo.com from both, and compare the IP addresses returned. Traceroute may also be helpful
-
Nope, no squidguard. Using internal (Windows Active Directory) domain servers. DNS returns the appropriate addresses.
With Squid off, the page just fails to load. Right now, after unstalling and reinstalling Squid, I get the '(1) Operation not permitted' error. It seems to only be www.yahoo.com that's affected.
Weird, huh?
If I can't come up with anything else by tonight, I'm going to try restarting the firewall box and see if that does anything amusing.
-
With squid stopped, your traffic is still redirected, but with no process listening on the proxy port, it hits a dead end (thus doesn't work)
What happens with squid enabled, and the IP of a workstation put into the box which bypasses the proxy on the main squid page?
-
i vaguely recollect a problem with yahoo and adobe sites at one of our offices. turned out to be a problem with the mtu setting on the wan.
-
With squid stopped, your traffic is still redirected, but with no process listening on the proxy port, it hits a dead end (thus doesn't work)
What happens with squid enabled, and the IP of a workstation put into the box which bypasses the proxy on the main squid page?
Ah, good question!
I get a straight browser 'unable to connect' without the '(1) Operation not permitted.'
But after sitting for 10 minutes, it works! And, weirdest of all, not just for that one machine, but the whole LAN now.
No, I don't have any idea either. Very strange.