Squid stops from working
-
I have a working proxy squid/filter setup until last week it stops from running and users cannot browse a websites. The error is:
Alert!: HTTP/1.0 504 Gateway Time-out
The requested URL could not be retrieved
_____________________________________________________________________________________________________________________While trying to retrieve the URL: http://www.google.com/
The following error was encountered:
* Connection to FailedThe system returned:
(65) No route to hostThe remote host or network may be down. Please try the request again.
I don't see any issue on the cache.log
2012/01/24 20:40:13| Reconfiguring Squid Cache (version 2.7.STABLE9)…
2012/01/24 20:40:13| FD 14 Closing HTTP connection
2012/01/24 20:40:13| FD 15 Closing HTTP connection
2012/01/24 20:40:13| FD 16 Closing HTCP socket
2012/01/24 20:40:13| FD 18 Closing SNMP socket
2012/01/24 20:40:13| logfileClose: closing log /var/squid/log/access.log
2012/01/24 20:40:13| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2012/01/24 20:40:13| Cache dir '/var/squid/cache2' size remains unchanged at 81920000 KB
2012/01/24 20:40:13| Initialising SSL.
2012/01/24 20:40:13| logfileOpen: opening log /var/squid/log/access.log
2012/01/24 20:40:13| Store logging disabled
2012/01/24 20:40:13| Referer logging is disabled.
2012/01/24 20:40:13| DNS Socket created at 0.0.0.0, port 28790, FD 13
2012/01/24 20:40:13| Adding domain le-price.com from /etc/resolv.conf
2012/01/24 20:40:13| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2012/01/24 20:40:13| Adding nameserver 208.67.222.222 from /etc/resolv.conf
2012/01/24 20:40:13| Adding nameserver 208.67.220.220 from /etc/resolv.conf
2012/01/24 20:40:13| Accepting proxy HTTP connections at 192.168.2.254, port 3128, FD 14.
2012/01/24 20:40:13| Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 15.
2012/01/24 20:40:13| Accepting HTCP messages on port 4827, FD 16.
2012/01/24 20:40:13| Accepting SNMP messages on port 3401, FD 18.
2012/01/24 20:40:13| WCCP Disabled.
2012/01/24 20:40:13| Loaded Icons.
2012/01/24 20:40:13| Ready to serve requests.My proxy interface was LAN and I have below in my custom options
tcp_outgoing_address 127.0.0.1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
WAN and WAN2 is up so there is no issue on multi wan. However, the proxy filter is working. Sites that was listed in Proxy Filter was blocked.
I don't what could be the issue. Is this could be some sort of a bug in squid? I'm using 2.0-RELEASE (i386). My WAN got a problem but it was now fix and yet squid hasn't return back to normal as it was suppose to be after the WAN was restored.
-
Do some tests from pfsense console to see if your pfsense is working.
for example.
ping www.google.com
links www.google.com
netstat -rnAlso try a restart on squid package or a reboot.
-
ping www.google.com
links www.google.com
netstat -rnI don't know if this is weird but I login to shell on the console (no. 8) and when I ping, it says "No route to Host"
[2.0-RELEASE][root@fw.foo.com]/root(83): ping google.com
PING google.com (74.125.71.105): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to hostSame error in squid. But when I do Diagnostics->Ping google.com from WAN and WAN2 interface, there is a reply. links google.com shows network is unreachable.
Haven't tried to reboot yet. Is there any other workaround other than reboot?
-
Your communication between firewall wan and wan's gateway is down.
Check on diagnostics if you have set a monitoring ip That is offline.
-
My monitor IP for WAN is 8.8.8.8 and it is pingable ???
[2.0-RELEASE][root@fw.foo.com]/root(1): ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=173.693 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=156.231 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=126.325 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 126.325/152.083/173.693/19.559 ms [2.0-RELEASE][root@fw.foo.com]/root(2): ping google.com PING google.com (74.125.71.147): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ^C --- google.com ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss
It could not be a dns issue because when I also ping 98.139.180.149 (yahoo.com), it also fails.
[2.0-RELEASE][root@fw.foo.com]/root(3): ping yahoo.com PING yahoo.com (98.139.180.149): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ^C --- yahoo.com ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss [2.0-RELEASE][root@fw.foo.com]/root(4): ping 98.139.180.149 PING 98.139.180.149 (98.139.180.149): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host
I'll try to reboot later after working hours but it is still welcome if there are still workaround with rebooting the box.
-
ok. rebooting pfsense resolves the issue. I don't know what could be the issue but what I'm sure is WAN got an issue but it was restored but it seems pfsense needs to reboot. I can now ping google.com and no more No route to host issue