Squid stops from working



  • I have a working proxy squid/filter setup until last week it stops from running and users cannot browse a websites. The error is:

    Alert!: HTTP/1.0 504 Gateway Time-out

    The requested URL could not be retrieved
        _____________________________________________________________________________________________________________________

    While trying to retrieve the URL: http://www.google.com/

    The following error was encountered:
        * Connection to Failed

    The system returned:
        (65) No route to host

    The remote host or network may be down. Please try the request again.

    I don't see any issue on the cache.log

    2012/01/24 20:40:13| Reconfiguring Squid Cache (version 2.7.STABLE9)…
    2012/01/24 20:40:13| FD 14 Closing HTTP connection
    2012/01/24 20:40:13| FD 15 Closing HTTP connection
    2012/01/24 20:40:13| FD 16 Closing HTCP socket
    2012/01/24 20:40:13| FD 18 Closing SNMP socket
    2012/01/24 20:40:13| logfileClose: closing log /var/squid/log/access.log
    2012/01/24 20:40:13| Including Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
    2012/01/24 20:40:13| Cache dir '/var/squid/cache2' size remains unchanged at 81920000 KB
    2012/01/24 20:40:13| Initialising SSL.
    2012/01/24 20:40:13| logfileOpen: opening log /var/squid/log/access.log
    2012/01/24 20:40:13| Store logging disabled
    2012/01/24 20:40:13| Referer logging is disabled.
    2012/01/24 20:40:13| DNS Socket created at 0.0.0.0, port 28790, FD 13
    2012/01/24 20:40:13| Adding domain le-price.com from /etc/resolv.conf
    2012/01/24 20:40:13| Adding nameserver 127.0.0.1 from /etc/resolv.conf
    2012/01/24 20:40:13| Adding nameserver 208.67.222.222 from /etc/resolv.conf
    2012/01/24 20:40:13| Adding nameserver 208.67.220.220 from /etc/resolv.conf
    2012/01/24 20:40:13| Accepting proxy HTTP connections at 192.168.2.254, port 3128, FD 14.
    2012/01/24 20:40:13| Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 15.
    2012/01/24 20:40:13| Accepting HTCP messages on port 4827, FD 16.
    2012/01/24 20:40:13| Accepting SNMP messages on port 3401, FD 18.
    2012/01/24 20:40:13| WCCP Disabled.
    2012/01/24 20:40:13| Loaded Icons.
    2012/01/24 20:40:13| Ready to serve requests.

    My proxy interface was LAN and I have below in my custom options

    tcp_outgoing_address 127.0.0.1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

    WAN and WAN2 is up so there is no issue on multi wan. However, the proxy filter is working. Sites that was listed in Proxy Filter was blocked.

    I don't what could be the issue. Is this could be some sort of a bug in squid? I'm using 2.0-RELEASE (i386). My WAN got a problem but it was now fix and yet squid hasn't return back to normal as it was suppose to be after the WAN was restored.



  • Do some tests from pfsense console to see if your pfsense is working.

    for example.

    ping www.google.com
    links www.google.com
    netstat -rn

    Also try a restart on squid package or a reboot.



  • ping www.google.com
    links www.google.com
    netstat -rn

    I don't know if this is weird but I login to shell on the console (no. 8) and when I ping, it says "No route to Host"

    [2.0-RELEASE][root@fw.foo.com]/root(83): ping google.com
    PING google.com (74.125.71.105): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host

    Same error in squid. But when I do Diagnostics->Ping google.com from WAN and WAN2 interface, there is a reply. links google.com shows network is unreachable.

    Haven't tried to reboot yet. Is there any other workaround other than reboot?



  • Your communication between firewall wan and wan's gateway is down.

    Check on diagnostics if you have set a monitoring ip That is offline.



  • My monitor IP for WAN is 8.8.8.8 and it is pingable  ???

    [2.0-RELEASE][root@fw.foo.com]/root(1): ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=52 time=173.693 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=156.231 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=126.325 ms
    ^C
    --- 8.8.8.8 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 126.325/152.083/173.693/19.559 ms
    [2.0-RELEASE][root@fw.foo.com]/root(2): ping google.com
    PING google.com (74.125.71.147): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ^C
    --- google.com ping statistics ---
    2 packets transmitted, 0 packets received, 100.0% packet loss
    
    

    It could not be a dns issue because when I also ping 98.139.180.149 (yahoo.com), it also fails.

    
    [2.0-RELEASE][root@fw.foo.com]/root(3): ping yahoo.com
    PING yahoo.com (98.139.180.149): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ^C
    --- yahoo.com ping statistics ---
    2 packets transmitted, 0 packets received, 100.0% packet loss
    [2.0-RELEASE][root@fw.foo.com]/root(4): ping 98.139.180.149
    PING 98.139.180.149 (98.139.180.149): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    

    I'll try to reboot later after working hours but it is still welcome if there are still workaround with rebooting the box.



  • ok. rebooting pfsense resolves the issue. I don't know what could be the issue but what I'm sure is WAN got an issue but it was restored but it seems pfsense needs to reboot. I can now ping google.com and no more No route to host issue


Log in to reply