Squid stops from working

packets

I have a working proxy squid/filter setup until last week it stops from running and users cannot browse a websites. The error is:

Alert!: HTTP/1.0 504 Gateway Time-out

The requested URL could not be retrieved
    _____________________________________________________________________________________________________________________

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:
    * Connection to Failed

The system returned:
    (65) No route to host

The remote host or network may be down. Please try the request again.

I don't see any issue on the cache.log

2012/01/24 20:40:13| Reconfiguring Squid Cache (version 2.7.STABLE9)…
2012/01/24 20:40:13| FD 14 Closing HTTP connection
2012/01/24 20:40:13| FD 15 Closing HTTP connection
2012/01/24 20:40:13| FD 16 Closing HTCP socket
2012/01/24 20:40:13| FD 18 Closing SNMP socket
2012/01/24 20:40:13| logfileClose: closing log /var/squid/log/access.log
2012/01/24 20:40:13| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2012/01/24 20:40:13| Cache dir '/var/squid/cache2' size remains unchanged at 81920000 KB
2012/01/24 20:40:13| Initialising SSL.
2012/01/24 20:40:13| logfileOpen: opening log /var/squid/log/access.log
2012/01/24 20:40:13| Store logging disabled
2012/01/24 20:40:13| Referer logging is disabled.
2012/01/24 20:40:13| DNS Socket created at 0.0.0.0, port 28790, FD 13
2012/01/24 20:40:13| Adding domain le-price.com from /etc/resolv.conf
2012/01/24 20:40:13| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2012/01/24 20:40:13| Adding nameserver 208.67.222.222 from /etc/resolv.conf
2012/01/24 20:40:13| Adding nameserver 208.67.220.220 from /etc/resolv.conf
2012/01/24 20:40:13| Accepting proxy HTTP connections at 192.168.2.254, port 3128, FD 14.
2012/01/24 20:40:13| Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 15.
2012/01/24 20:40:13| Accepting HTCP messages on port 4827, FD 16.
2012/01/24 20:40:13| Accepting SNMP messages on port 3401, FD 18.
2012/01/24 20:40:13| WCCP Disabled.
2012/01/24 20:40:13| Loaded Icons.
2012/01/24 20:40:13| Ready to serve requests.

My proxy interface was LAN and I have below in my custom options

tcp_outgoing_address 127.0.0.1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

WAN and WAN2 is up so there is no issue on multi wan. However, the proxy filter is working. Sites that was listed in Proxy Filter was blocked.

I don't what could be the issue. Is this could be some sort of a bug in squid? I'm using 2.0-RELEASE (i386). My WAN got a problem but it was now fix and yet squid hasn't return back to normal as it was suppose to be after the WAN was restored.

marcelloc

Do some tests from pfsense console to see if your pfsense is working.

for example.

ping www.google.com
links www.google.com
netstat -rn

Also try a restart on squid package or a reboot.

packets

ping www.google.com
links www.google.com
netstat -rn

I don't know if this is weird but I login to shell on the console (no. 8) and when I ping, it says "No route to Host"

[2.0-RELEASE][root@fw.foo.com]/root(83): ping google.com
PING google.com (74.125.71.105): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host

Same error in squid. But when I do Diagnostics->Ping google.com from WAN and WAN2 interface, there is a reply. links google.com shows network is unreachable.

Haven't tried to reboot yet. Is there any other workaround other than reboot?

marcelloc

Your communication between firewall wan and wan's gateway is down.

Check on diagnostics if you have set a monitoring ip That is offline.

packets

My monitor IP for WAN is 8.8.8.8 and it is pingable  ???

[2.0-RELEASE][root@fw.foo.com]/root(1): ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=173.693 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=156.231 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=126.325 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 126.325/152.083/173.693/19.559 ms
[2.0-RELEASE][root@fw.foo.com]/root(2): ping google.com
PING google.com (74.125.71.147): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- google.com ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

It could not be a dns issue because when I also ping 98.139.180.149 (yahoo.com), it also fails.

[2.0-RELEASE][root@fw.foo.com]/root(3): ping yahoo.com
PING yahoo.com (98.139.180.149): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- yahoo.com ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[2.0-RELEASE][root@fw.foo.com]/root(4): ping 98.139.180.149
PING 98.139.180.149 (98.139.180.149): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host

I'll try to reboot later after working hours but it is still welcome if there are still workaround with rebooting the box.

packets

ok. rebooting pfsense resolves the issue. I don't know what could be the issue but what I'm sure is WAN got an issue but it was restored but it seems pfsense needs to reboot. I can now ping google.com and no more No route to host issue