Home / server / Questions / 566948
In Process
nass
Asked: 2014-01-14 08:47:05 +0800 CST

squid transparent proxy seems to "break" internet connectivity (http - port 80 only)

  • 772

I have had a firewall & proxy server running for the past 2 years. it is based on slackware64 - v14.0 and has generally been up long periods of time between reboots. Up until recently it was working fine. No one else has access to this system and I had not fiddled with it for about 60 days.

Recently I was setting up a new laptop and realised that internet was SLOW while accessing webpages on it. Indeed http (port 80) sites would not load at all, https and other services/ports worked though.

Looking into it I realised that by restarting the squid proxy server everything works normally and it does for a while again. Then again after some time no http websites... I tried remove the whole proxy cache and re-setting up the cache using squid -z to no avail. The problem seems to return.

the logs say nothing out of the ordinary (just TCP hits and misses mostly) , but it was weird that the log was 907MB in size (even though I have a logrotate for squid logs enabled from squid.conf). It could not find anything wrong in it, apart from why the rotation (which was working until 60 days ago) is not working.. Even though I did a manual rotate the problem still comes back, so I have disable the use of squid for the moment (by disabling the firewall redirection of port 80).

This is Most weird though and I don't know where to start looking. Has anyone had any problems with it?

Some updates:

The problem of breaking starts when I try to access any http website from a specific laptop (which connects to the internal wifi). There are other laptops, and mobile devices that connect to the internet through this wifi and even a desktop pc with a usb-wifi dongle, but when this laptop tries to access a webpage there is no http internet for anyone anymore.

firewall redirect line is the following:

$IPT -t nat -A PREROUTING -p tcp -i $LOCAL_IFACE -s $LOCAL_NET --destination-port 80 -j REDIRECT --to-ports 3128 #TRANSP PROXY

If I don't "touch" squid at all after it has stopped working, and I just comment the above line out and restart the firewall, internet is back up again.

Say then I uncomment it again. internet is gone once again.

while squid is "in the loop" : sar 1 1000 returns: 

02:56:51 AM     all      4.52      0.00      1.01      0.00      0.00     94.47
02:56:52 AM     all      5.00      0.00      1.00      0.00      0.00     94.00
02:56:53 AM     all      5.00      0.00      1.00      2.50      0.00     91.50
02:56:54 AM     all      4.50      0.00      1.50      0.00      0.00     94.00
02:56:55 AM     all      4.50      0.00      1.50      0.00      0.00     94.00
02:56:56 AM     all      4.52      0.00      1.01      0.00      0.00     94.47
02:56:57 AM     all      4.98      0.00      1.49      0.00      0.00     93.53

while squid is not "in the loop", sar returns :

02:58:36 AM     CPU     %user     %nice   %system   %iowait    %steal     %idle
02:58:37 AM     all      1.01      0.00      0.50      0.00      0.00     98.49
02:58:38 AM     all      2.00      0.00      0.50      2.00      0.00     95.50
02:58:39 AM     all      1.00      0.00      0.50      0.00      0.00     98.50
02:58:40 AM     all      2.00      0.00      0.00      0.00      0.00     98.00
02:58:41 AM     all      1.50      0.00      0.00      0.00      0.00     98.50

so user cpu usages is a little lower.

while all this is happening iotop shows 0.00% disk usages for the squid threads...

additionally, the squid latest entries, seen with : tail -f access.log are:

1389834351.849    382 192.168.18.25 TCP_MISS/200 335 POST http://serverfault.com/posts/validate-body - DIRECT/198.252.206.16 application/json
1389834353.197    388 192.168.18.25 TCP_MISS/200 335 POST http://serverfault.com/posts/validate-body - DIRECT/198.252.206.16 application/json
1389834372.791    453 192.168.18.25 TCP_MISS/200 349 POST http://serverfault.com/posts/566948/editor-heartbeat/edit - DIRECT/198.252.206.16 application/json

the above is copied while squid is "out of the loop". and while squid is enabled through firewall:

1389834586.593    364 192.168.18.25 TCP_MISS/302 1538 GET http://log.dmtry.com/redir/140952/0/3316/100544580/55099663/210599/0/0/0/1.ver? - DIRECT/54.243.105.45 -
1389834586.634    167 192.168.18.25 TCP_MISS/200 38559 GET http://public.oneallcdn.com/img/api/socialize/providers/logo/sprite_35_35.png - DIRECT/93.184.220.20 image/png
1389834586.639    410 192.168.18.25 TCP_MISS/302 1563 GET http://log.dmtry.com/redir/560228/0/3316/100544579/55097980/858012/0/0/0/1.ver? - DIRECT/54.243.105.45 -

then I try to access something from the laptop (has ip address 192.168.18.186) and I get this http://pastebin.com/FM9QLtRC

so I don't understand what is different before and after...

Moreover, when there is no internet, I can not even access the website of my ADSL modem which sits on the inet interface of my firewall / gateway server !

hope all these help someone with more knowledge on server administration

http

0 Answers