Sendecho error sending to icmpv6 packet to

Getting error in SQUID in virtual machine : SendEcho ERROR:sending to ICMPv6 packet t0 [2a06:98c1:3121::8]: (101) Network is unreachable I created one virtual machine and configured squid proxy over it. While communicating to outside network i got below error many times. «SendEcho ERROR:sending to ICMPv6 packet t0 [2a06:98c1:3121::8]: (101) Network is unreachable» But this […]

Содержание

  1. Getting error in SQUID in virtual machine : SendEcho ERROR:sending to ICMPv6 packet t0 [2a06:98c1:3121::8]: (101) Network is unreachable
  2. 1 answer
  3. Thread: icmpv6_send: no reply to icmp error
  4. icmpv6_send: no reply to icmp error
  5. Re: icmpv6_send: no reply to icmp error
  6. Re: icmpv6_send: no reply to icmp error
  7. Re: icmpv6_send: no reply to icmp error
  8. Re: icmpv6_send: no reply to icmp error
  9. Re: icmpv6_send: no reply to icmp error
  10. Re: icmpv6_send: no reply to icmp error
  11. Re: icmpv6_send: no reply to icmp error
  12. Re: icmpv6_send: no reply to icmp error
  13. SquidGuard configuration file
  14. (C)2006 Serg Dvoriancev
  15. Allowed access to file transfer sites
  16. Managing partners

Getting error in SQUID in virtual machine : SendEcho ERROR:sending to ICMPv6 packet t0 [2a06:98c1:3121::8]: (101) Network is unreachable

I created one virtual machine and configured squid proxy over it. While communicating to outside network i got below error many times.

«SendEcho ERROR:sending to ICMPv6 packet t0 [2a06:98c1:3121::8]: (101) Network is unreachable»

But this happen not every time some time it make connection successful .

Can anyone help me to figure out this issue.

Thanks in Advance

1 answer

@Manish Dixit (NAV Backoffice)
I understand you have configured a squid proxy on your VM and are facing the above error.

Can you confirm if this is affecting your connectivity at all or is this simply an error you are seeing? If you are utilizing ipv4 you can enable the dns_v4_first option which might help. I don’t believe this error is caused by anything on the Azure side. You might try posting your question on StackOverflow or reaching out to the squid mailing lists for more insights into the error.

Please don’t forget to «Accept the answer» and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Источник

Thread: icmpv6_send: no reply to icmp error

Thread Tools
Display

icmpv6_send: no reply to icmp error

Hi, I’m getting this error every two minutes in my /var/log/syslog.

kernel: [392954.360034] icmpv6_send: no reply to icmp error
kernel: [393025.890027] icmpv6_send: no reply to icmp error
kernel: [393254.830033] icmpv6_send: no reply to icmp error

I don’t know what it means. Is there anything wrong with my Ubuntu 10.04 server ?

Re: icmpv6_send: no reply to icmp error

And are you running this on real hardware, or in a virtual machine?

Re: icmpv6_send: no reply to icmp error

eth0 Link encap:Ethernet direcciуnHW 00:1f:d0:bf:8d:ec
Direc. inet:150.214.196.123 Difus.:150.214.197.255 Mбsc:255.255.254.0
Direcciуn inet6: fec0::9:21f:d0ff:febf:8dec/64 Alcance:Sitio
Direcciуn inet6: 2002:96d6:c55c:9:21f:d0ff:febf:8dec/64 Alcance:Global
Direcciуn inet6: fe80::21f:d0ff:febf:8dec/64 Alcance:Enlace
ACTIVO DIFUSIУN FUNCIONANDO MULTICAST MTU:1500 Mйtrica:1
Paquetes RX:3165702 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:901161 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:1000
Bytes RX:1570952863 (1.5 GB) TX bytes:308178876 (308.1 MB)
Interrupciуn:26 Direcciуn base: 0xc000

eth1 Link encap:Ethernet direcciуnHW 00:0c:76:00:fd:d2
Direc. inet:192.168.0.1 Difus.:192.168.0.255 Mбsc:255.255.255.224
Direcciуn inet6: fe80::20c:76ff:fe00:fdd2/64 Alcance:Enlace
ACTIVO DIFUSIУN FUNCIONANDO MULTICAST MTU:1500 Mйtrica:1
Paquetes RX:593925 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:919668 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:1000
Bytes RX:110859505 (110.8 MB) TX bytes:1046700889 (1.0 GB)
Interrupciуn:21 Direcciуn base: 0x6000

Re: icmpv6_send: no reply to icmp error

You have a 2002:96d6:c55c. address, so you have 6to4 activated, right? Can you «ping6 ipv6.google.com»?

And eth0 has a public IPv4 address, so this system is directly connected to Internet? Is it a kind of gateway, as it has an eth1 (with private IPv4) too?

Re: icmpv6_send: no reply to icmp error

Not sure if I have 6to4 activated, at least it was not activated on purpose. Can be that the reason for the error?

I can’t ping «ping6 ipv6.google.com»
connect: Network is unreachable

Eth0 is directly connected to Internet and Eth1 is connected to Intranet as it is explained here: http://www.somewhereville.com/?p=1196

Re: icmpv6_send: no reply to icmp error

That 6to4 address could be the reason your system thinks there is IPv6, does something, which leads to the error message (because IPv6 is not working).

There are two ways that the 6to4 2002: address can have landed on your Linux system:
1) a router building up the 6to4 tunnel, and distributing 2002: address on your LAN. However: your system has a public IP address, so a router doing NAT is unlikely.
2) your Linux system having a 6to4 tunnel itself (although I don’t see a tunnel interface in your ifconfig). See http://ubuntuforums.org/showthread.php?p=10939087 how to create such a tunnel; hopefully it will give an idea how to remove it

Another possibility is to go *forward* and make the IPv6 working. I would prefer that (see my sig).

Re: icmpv6_send: no reply to icmp error

«rdisc6» is a nice tool to listen for IPv6-address-broadcasts:

rdisc6 -1 -r1 -q wlan0
rdisc6 -1 -r1 -q eth0

If there is a router advertising IPv6, you will get a response .

Re: icmpv6_send: no reply to icmp error

Well, I’m not sure I need IPv6, actually I’ve disabled it and the error is gone.

$ sudo nano /etc/sysctl.conf

Then these lines were added:

# IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Could this problem has something to do with avahi-daemon? I was getting errors until it was restarted.

$ sudo restart avahi-daemon

PS. I can’t ping localhost. Isn’t it weird?

Last edited by fl5x; March 27th, 2012 at 11:44 AM .

Re: icmpv6_send: no reply to icmp error

$ ifconfig | grep lo $ sudo /sbin/ifconfig lo 127.0.0.1 up
I get this:
$ ifconfig

eth0 Link encap:Ethernet direcciуnHW 00:1f:d0:bf:8d:ec
Direc. inet:150.214.196.123 Difus.:150.214.197.255 Mбsc:255.255.254.0
ACTIVO DIFUSIУN FUNCIONANDO MULTICAST MTU:1500 Mйtrica:1
Paquetes RX:4018297 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:1174822 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:1000
Bytes RX:1890428697 (1.8 GB) TX bytes:416260902 (416.2 MB)
Interrupciуn:26 Direcciуn base: 0xc000

eth1 Link encap:Ethernet direcciуnHW 00:0c:76:00:fd:d2
Direc. inet:192.168.0.1 Difus.:192.168.0.255 Mбsc:255.255.255.224
ACTIVO DIFUSIУN FUNCIONANDO MULTICAST MTU:1500 Mйtrica:1
Paquetes RX:763562 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:1129403 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:1000
Bytes RX:156109149 (156.1 MB) TX bytes:1227315193 (1.2 GB)
Interrupciуn:21 Direcciуn base: 0x6000

lo Link encap:Bucle local
Direc. inet:127.0.0.1 Mбsc:255.0.0.0
ACTIVO BUCLE FUNCIONANDO MTU:16436 Mйtrica:1
Paquetes RX:46 errores:0 perdidos:0 overruns:0 frame:0
Paquetes TX:46 errores:0 perdidos:0 overruns:0 carrier:0
colisiones:0 long.colaTX:0
Bytes RX:3385 (3.3 KB) TX bytes:3385 (3.3 KB)

Now I’m able to ping localhost.

Why didn’t «lo» show up first?

Источник

SquidGuard configuration file

(C)2006 Serg Dvoriancev

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

src Allow_all_dest <
ip 192.168.16.118
>

Allowed access to file transfer sites

src Alow_FileSharing <
ip 192.168.16.106
>

Managing partners

src Management2 <
ip 192.168.16.118
log block.log
>
.

If i enable in web console the Allow_alll_Dest ACL than it is woking just fine, the computer in case can access yahoo.
With allow all dest disabled and Management2 enabled it is not working.
First it has Allow all destionation and the last it has only Webmail allowed. This config was working just fine until a month or two. I have changed nothing beside the update.
Thank you again for your answer :-).

Can you post the corresponding acl for the Management2 src? Perhaps the complete squidGuard config?

The IP address 192.168.16.118 is listed in two group acls: Allow_all_dest and Management.
As long as this is the case, the group won’t be assigned:

2020-07-29 14:26:37 [56101] squidGuard ready for requests (1596025597.929)
2020-07-29 14:26:37 [56101] no ACL matching source, using default
ERR
2020-07-29 14:26:37 [56101] squidGuard stopped (1596025597.930)

As soon as I change one entry, it works:

2020-07-29 14:27:08 [58266] squidGuard 1.4 started (1596025628.201)
2020-07-29 14:27:08 [58266] squidGuard ready for requests (1596025628.203)
ERR
2020-07-29 14:27:08 [58266] squidGuard stopped (1596025628.203)

@coffeelover I will test this imidiatly!
But if it is like this then it is a bug because Allow all destinations it is always disabled! I use it only for investigation.

EDIT: Yes you are right! If i removed the ip form Allow_all_destinations even if this ACL is disabled then Management ACL started working again!
Thank you for thi, i have tested everything but this! 🙂

Yeah, glad to hear this.

I think it is a not a real bug: the src rules are parsed to a linked list, so order matters.

As long as the first matching entry for the source address has no associated acl, it will fall back to default. If you change the order in your configuration, it will also work again.

So this should be an issue for documentation or a plausibility check.

Thanky very much coffelover for helping me with this!
I have another issue, after upgrading pfsense to 2.4.5 series, every morning when people comes to work squid crashes.
The only options i have are:
-from cli starting squid (simple squid..no other parameters) or
-delete cache from UI and then squid automaticaliy restart without a problem or
-reboot the whole system
From services UI i can not restart the squid service. It fails.
This is a tipical log file:

How can i investigate further this problem:
«Jul 29 09:02:17 kernel pid 65891 (squid), jid 0, uid 100: exited on signal 6»

Thank you again! i will start another thread if you think it will help someone else but me.

@coffeelover I will test this imidiatly!
But if it is like this then it is a bug because Allow all destinations it is always disabled! I use it only for investigation.

EDIT: Yes you are right! If i removed the ip form Allow_all_destinations even if this ACL is disabled then Management ACL started working again!
Thank you for thi, i have tested everything but this! 🙂

Seems related to https://redmine.pfsense.org/issues/4088

@viktor_g yeah, but i don’t agree completely to the bug. It is filed very opinionated and some guesses are completely wrong.
Squidguard just resets a non-resolvable client to the default acl, which is common behaviour. If the default acl means ‘allow_all’, it is an configuration issue, it doesn’t «renders squidguard useless».

But yes, perhaps a global setting like ‘include non-linked acls in config’ would be nice or at least a warning should be shown.

  • the system resources (cpu, ram, filesystem usage)
  • the file permissions

Daily could mean that squid is not able to rotate the logs, because of wrong file permissions.

And if it works after you cleaned the disk cache, it could just be the filesystem filling up.

@coffeelover Hi. Thanks for your reply.
I have checked everthing. RAM CPU Disk Space ..nothing out of the ordinary.
The file permissions seems ok because the system rotates logs at 00:00 without problems.

Squid crashes between 9 and 9:30 AM every morning. I see nothing in crontab which runs at 9.

Jul 29 14:20:26 check_reload_status Syncing firewall
Jul 29 14:20:26 check_reload_status Syncing firewall
Jul 29 14:20:31 check_reload_status Syncing firewall
Jul 29 14:20:42 php-fpm 397 /pkg_edit.php: [squid] — squid_resync function call pr:1 bp: rpc:no
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Adding cronjobs .
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Antivirus features disabled.
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 14:20:45 php-fpm 397 /pkg_edit.php: [squid] Reloading for configuration sync.
Jul 29 14:20:46 php-fpm 397 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 14:20:47 check_reload_status Reloading filter
Jul 29 15:45:17 check_reload_status Syncing firewall
Jul 29 15:45:17 check_reload_status Syncing firewall
Jul 29 15:45:28 check_reload_status Syncing firewall
Jul 29 15:45:39 php-fpm 99938 /pkg_edit.php: [squid] — squid_resync function call pr:1 bp: rpc:no
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Adding cronjobs .
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Antivirus features disabled.
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 15:45:41 php-fpm 99938 /pkg_edit.php: [squid] Reloading for configuration sync.
Jul 29 15:45:41 php-fpm 99938 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 15:45:42 check_reload_status Reloading filter
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 19 d2 28 40 00
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 07 4f 08 01 00
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
Jul 30 05:00:55 rc.gateway_alarm 7850 >>> Gateway alarm: GW_WAN (Addr:192.168.16.1 Alarm:1 RTT:1.383ms RTTsd:1.839ms Loss:21%)
Jul 30 05:00:55 check_reload_status updating dyndns GW_WAN
Jul 30 05:00:55 check_reload_status Restarting ipsec tunnels
Jul 30 05:00:55 check_reload_status Restarting OpenVPN tunnels/interfaces
Jul 30 05:00:55 check_reload_status Reloading filter
Jul 30 05:02:23 check_reload_status Linkup starting hn0
Jul 30 05:02:23 kernel hn0: network changed, change 1
Jul 30 05:02:23 kernel hn0: link state changed to DOWN
Jul 30 05:02:24 php-fpm 99938 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:24 check_reload_status Reloading filter
Jul 30 05:02:27 sshd 82200 Timeout, client not responding.
Jul 30 05:02:28 check_reload_status Linkup starting hn0
Jul 30 05:02:28 kernel hn0: link state changed to UP
Jul 30 05:02:29 php-fpm 339 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:29 check_reload_status Reloading filter
Jul 30 05:02:41 check_reload_status Linkup starting hn0
Jul 30 05:02:41 kernel hn0: network changed, change 1
Jul 30 05:02:41 kernel hn0: link state changed to DOWN
Jul 30 05:02:42 php-fpm 30623 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:42 check_reload_status Reloading filter
Jul 30 05:02:46 check_reload_status Linkup starting hn0
Jul 30 05:02:46 kernel hn0: link state changed to UP
Jul 30 05:02:47 php-fpm 338 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:47 check_reload_status Reloading filter
Jul 30 05:02:53 check_reload_status Linkup starting hn0
Jul 30 05:02:53 kernel hn0: network changed, change 1
Jul 30 05:02:53 kernel hn0: link state changed to DOWN
Jul 30 05:02:54 php-fpm 22515 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:54 check_reload_status Reloading filter
Jul 30 05:02:58 check_reload_status Linkup starting hn0
Jul 30 05:02:58 kernel hn0: link state changed to UP
Jul 30 05:02:59 php-fpm 397 /rc.linkup: Ignoring link event for bridge member without IP config
Jul 30 05:02:59 check_reload_status Reloading filter
Jul 30 05:04:14 rc.gateway_alarm 86494 >>> Gateway alarm: GW_WAN (Addr:192.168.16.1 Alarm:0 RTT:1.445ms RTTsd:1.415ms Loss:5%)
Jul 30 05:04:14 check_reload_status updating dyndns GW_WAN
Jul 30 05:04:14 check_reload_status Restarting ipsec tunnels
Jul 30 05:04:14 check_reload_status Restarting OpenVPN tunnels/interfaces
Jul 30 05:04:14 check_reload_status Reloading filter
Jul 30 09:14:55 kernel pid 3599 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:56 kernel pid 58817 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:57 kernel pid 61209 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:58 kernel pid 64892 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:14:59 kernel pid 67991 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:15:00 kernel pid 71182 (squid), jid 0, uid 100: exited on signal 6
Jul 30 09:15:22 Squid_Alarm 75627 Squid has exited. Reconfiguring filter.
Jul 30 09:15:22 Squid_Alarm 75891 Attempting restart.
Jul 30 09:15:25 Squid_Alarm 77973 Reconfiguring filter.
Jul 30 09:15:25 check_reload_status Reloading filter
Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing ‘nat’ rules.
Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing ‘pfearly’ rules.
Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing ‘filter’ rules.
Jul 30 09:19:47 php-fpm 397 /pkg_edit.php: Session timed out for user ‘admin’ from: 192.168.16.10 (Local Database)
Jul 30 09:19:49 php-fpm 397 /pkg_edit.php: Successful login for user ‘admin’ from: 192.168.16.10 (Local Database)
Jul 30 09:20:19 php-fpm 22515 /pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now.
Jul 30 09:20:19 php-fpm 22515 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 30 09:20:21 php-fpm 22515 /pkg_edit.php: [squid] Creating cache dir ‘/var/squid/cache’ .
Jul 30 09:20:21 php-fpm 22515 /pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache .
Jul 30 09:20:25 php-fpm 22515 /pkg_edit.php: [squid] Starting service.
Jul 30 09:20:25 php-fpm 22515 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 30 09:20:26 check_reload_status Syncing firewall
Jul 30 09:20:26 php-fpm 22515 /pkg_edit.php: [squid] — squid_resync function call pr:1 bp: rpc:no
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Adding cronjobs .
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Antivirus features disabled.
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 30 09:20:29 php-fpm 22515 /pkg_edit.php: [squid] Reloading for configuration sync.
Jul 30 09:20:29 php-fpm 22515 /pkg_edit.php: [squid] Starting a proxy monitor script
Jul 30 09:20:30 check_reload_status Reloading filter

What other logs should i check?
Thank you again! 🙂

Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 19 d2 28 40 00
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 07 4f 08 01 00
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)

And it works before 9? These scsi errors are from hyper-v snapshots i guess?
Perhaps try to disable these? There is no filesystem error, but i think it is worth a try.

And you should increase the debug level:

debug_options 1,5 6,5 ALL,1

Section 1 is main loop, Section 6 is disk i/o.

Hi coffelover!
Yes you are right, at that time windows backup start. But unfortuantly it is unrelated.
But today i have restarted and cleaned the cache at 8:30 AM from UI to see if it will crash again. At 9:02 it crashed . / CPU was ok, RAM also, disk space 35 GB free.
Could be an user that try to access something that crashes the whole squid? The office hours starts at 9:00 AM here..
Is there any other log that i could look into?
Thanks.

The debugging logs from squid go to /var/log/squid/cache.log

Hi. I do not have such a file..but:
/var/squid/logs/cache.log

This is the log from the time of crash. and it continuies like this. 6000 lines.
Do you see anything importand than the second log line?
Thanks
EDIT: I have problem pasting the log here. it says that contains spam. So i have uplaoded the log as an atachmentsquid.cache.log.txt

Your permissions for /var/log/squidGuard/squidGuard.log are not correct.

And i would check my generated whitelist file and possibly fix the whitelist entries.

Источник

Источник
  • Home
  • Forum
  • The Ubuntu Forum Community
  • Ubuntu Specialised Support
  • Ubuntu Servers, Cloud and Juju
  • Server Platforms
  • [ubuntu] icmpv6_send: no reply to icmp error

  1. Question icmpv6_send: no reply to icmp error

    Hi, I’m getting this error every two minutes in my /var/log/syslog.

    kernel: [392954.360034] icmpv6_send: no reply to icmp error
    kernel: [393025.890027] icmpv6_send: no reply to icmp error
    kernel: [393254.830033] icmpv6_send: no reply to icmp error

    I don’t know what it means. Is there anything wrong with my Ubuntu 10.04 server ?

    Thanks.

  2. Re: icmpv6_send: no reply to icmp error

    What’s the output of «ifconfig»?

    And are you running this on real hardware, or in a virtual machine?

  3. Re: icmpv6_send: no reply to icmp error

    It’s real hardware.

    eth0 Link encap:Ethernet direcci�nHW 00:1f:d0:bf:8d:ec
    Direc. inet:150.214.196.123 Difus.:150.214.197.255 M�sc:255.255.254.0
    Direcci�n inet6: fec0::9:21f:d0ff:febf:8dec/64 Alcance:Sitio
    Direcci�n inet6: 2002:96d6:c55c:9:21f:d0ff:febf:8dec/64 Alcance:Global
    Direcci�n inet6: fe80::21f:d0ff:febf:8dec/64 Alcance:Enlace
    ACTIVO DIFUSI�N FUNCIONANDO MULTICAST MTU:1500 M�trica:1
    Paquetes RX:3165702 errores:0 perdidos:0 overruns:0 frame:0
    Paquetes TX:901161 errores:0 perdidos:0 overruns:0 carrier:0
    colisiones:0 long.colaTX:1000
    Bytes RX:1570952863 (1.5 GB) TX bytes:308178876 (308.1 MB)
    Interrupci�n:26 Direcci�n base: 0xc000

    eth1 Link encap:Ethernet direcci�nHW 00:0c:76:00:fd:d2
    Direc. inet:192.168.0.1 Difus.:192.168.0.255 M�sc:255.255.255.224
    Direcci�n inet6: fe80::20c:76ff:fe00:fdd2/64 Alcance:Enlace
    ACTIVO DIFUSI�N FUNCIONANDO MULTICAST MTU:1500 M�trica:1
    Paquetes RX:593925 errores:0 perdidos:0 overruns:0 frame:0
    Paquetes TX:919668 errores:0 perdidos:0 overruns:0 carrier:0
    colisiones:0 long.colaTX:1000
    Bytes RX:110859505 (110.8 MB) TX bytes:1046700889 (1.0 GB)
    Interrupci�n:21 Direcci�n base: 0x6000

  4. Re: icmpv6_send: no reply to icmp error

    You have a 2002:96d6:c55c:… address, so you have 6to4 activated, right? Can you «ping6 ipv6.google.com»?

    And eth0 has a public IPv4 address, so this system is directly connected to Internet? Is it a kind of gateway, as it has an eth1 (with private IPv4) too?

  5. Re: icmpv6_send: no reply to icmp error

    Not sure if I have 6to4 activated, at least it was not activated on purpose. Can be that the reason for the error?

    I can’t ping «ping6 ipv6.google.com»
    connect: Network is unreachable

    Eth0 is directly connected to Internet and Eth1 is connected to Intranet as it is explained here: http://www.somewhereville.com/?p=1196

    Thanks for helping!

  6. Re: icmpv6_send: no reply to icmp error

    That 6to4 address could be the reason your system thinks there is IPv6, does something, which leads to the error message (because IPv6 is not working).

    There are two ways that the 6to4 2002: address can have landed on your Linux system:
    1) a router building up the 6to4 tunnel, and distributing 2002: address on your LAN. However: your system has a public IP address, so a router doing NAT is unlikely.
    2) your Linux system having a 6to4 tunnel itself (although I don’t see a tunnel interface in your ifconfig). See http://ubuntuforums.org/showthread.php?p=10939087 how to create such a tunnel; hopefully it will give an idea how to remove it

    Another possibility is to go *forward* and make the IPv6 working. I would prefer that (see my sig).

  7. Re: icmpv6_send: no reply to icmp error

    PS:

    «rdisc6» is a nice tool to listen for IPv6-address-broadcasts:

    rdisc6 -1 -r1 -q wlan0
    rdisc6 -1 -r1 -q eth0

    If there is a router advertising IPv6, you will get a response …

  8. Re: icmpv6_send: no reply to icmp error

    Well, I’m not sure I need IPv6, actually I’ve disabled it and the error is gone.

    $ sudo nano /etc/sysctl.conf

    Then these lines were added:

    # IPv6
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    net.ipv6.conf.lo.disable_ipv6 = 1

    Could this problem has something to do with avahi-daemon? I was getting errors until it was restarted.

    $ sudo restart avahi-daemon

    PS. I can’t ping localhost. Isn’t it weird?

    Last edited by fl5x; March 27th, 2012 at 11:44 AM.

  9. Re: icmpv6_send: no reply to icmp error

    After this:

    $ ifconfig | grep lo $ sudo /sbin/ifconfig lo 127.0.0.1 up
    I get this:
    $ ifconfig

    eth0 Link encap:Ethernet direcci�nHW 00:1f:d0:bf:8d:ec
    Direc. inet:150.214.196.123 Difus.:150.214.197.255 M�sc:255.255.254.0
    ACTIVO DIFUSI�N FUNCIONANDO MULTICAST MTU:1500 M�trica:1
    Paquetes RX:4018297 errores:0 perdidos:0 overruns:0 frame:0
    Paquetes TX:1174822 errores:0 perdidos:0 overruns:0 carrier:0
    colisiones:0 long.colaTX:1000
    Bytes RX:1890428697 (1.8 GB) TX bytes:416260902 (416.2 MB)
    Interrupci�n:26 Direcci�n base: 0xc000

    eth1 Link encap:Ethernet direcci�nHW 00:0c:76:00:fd:d2
    Direc. inet:192.168.0.1 Difus.:192.168.0.255 M�sc:255.255.255.224
    ACTIVO DIFUSI�N FUNCIONANDO MULTICAST MTU:1500 M�trica:1
    Paquetes RX:763562 errores:0 perdidos:0 overruns:0 frame:0
    Paquetes TX:1129403 errores:0 perdidos:0 overruns:0 carrier:0
    colisiones:0 long.colaTX:1000
    Bytes RX:156109149 (156.1 MB) TX bytes:1227315193 (1.2 GB)
    Interrupci�n:21 Direcci�n base: 0x6000

    lo Link encap:Bucle local
    Direc. inet:127.0.0.1 M�sc:255.0.0.0
    ACTIVO BUCLE FUNCIONANDO MTU:16436 M�trica:1
    Paquetes RX:46 errores:0 perdidos:0 overruns:0 frame:0
    Paquetes TX:46 errores:0 perdidos:0 overruns:0 carrier:0
    colisiones:0 long.colaTX:0
    Bytes RX:3385 (3.3 KB) TX bytes:3385 (3.3 KB)

    Now I’m able to ping localhost.

    Why didn’t «lo» show up first?

Bookmarks

Bookmarks


Posting Permissions

Источник
  • Вся активность

  • Публикации

    24

  • Зарегистрирован

    22 января, 2022

  • Посещение

    16 мая, 2022

  1. OpenWRT только ночнушка с nftables.

    По сути крутит только DHCP и все.

    Управление траффиком потеряно.

  2. 2022/03/09 08:42:51 kid1| Pinger socket opened on FD 26
    2022/03/09 08:42:51 kid1| Configuring Parent 10.0.48.52/3128/3130
    2022/03/09 08:42:51 kid1| Squid plugin modules loaded: 0
    2022/03/09 08:42:51 kid1| Adaptation support is off.
    2022/03/09 08:42:51 kid1| Accepting HTTP Socket connections at conn13 local=[::]:3130 remote=[::] FD 22 flags=9
    2022/03/09 08:42:51 kid1| Accepting NAT intercepted HTTP Socket connections at conn15 local=[::]:3128 remote=[::] FD 23 flags=41
    2022/03/09 08:42:51 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at conn17 local=[::]:3129 remote=[::] FD 24 flags=41
    2022/03/09 08:42:52| pinger: Initialising ICMP pinger …
    2022/03/09 08:42:52| pinger: ICMP socket opened.
    2022/03/09 08:42:52| pinger: ICMPv6 socket opened
    2022/03/09 08:42:52 kid1| storeLateRelease: released 0 objects
    2022/03/09 08:43:28 kid1| ICP is disabled! Cannot send ICP request to peer.
    2022/03/09 08:57:34 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on conn25 local=10.48.46.165:3128 remote=10.48.46.2:50975 FD 11 flags=33: (92) Protocol not available
    listening port: 3128
    2022/03/09 08:57:34 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on conn25 local=10.48.46.165:3128 remote=10.48.46.2:50975 FD 11 flags=33
    listening port: 3128
    2022/03/09 08:57:35 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on conn26 local=10.48.46.165:3129 remote=10.48.46.2:50979 FD 11 flags=33: (92) Protocol not available
    listening port: 3129
    2022/03/09 08:57:35 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on conn26 local=10.48.46.165:3129 remote=10.48.46.2:50979 FD 11 flags=33
    listening port: 3129

    Udavf, в общем, если схема маршрутизатор -> DNAT -> сервер Squid работать не будет.

    Нужно Squid делать на самом маршрутизаторе.

  3. Суть другая.

    — не устанавливать сертификат РТК

    — не прописывать proxy вручную и использовать parent РТК upstrem proxy

    — все это дело в прозрачном виде (настройки и сертификат для каждого устройства доставляются автоматически)

  4. Есть у кого какие новости о прозрачном Squid+parent без подмены сертификата?



  6. Udavf, судя по Вашему, приведенному выше сообщению, я не могу на маршрутизаторе DNAT-ом перенаправлять трафик на Squid и такая схема нерабочая (как-то не удобно совсем выходит)?

    Получается HTTPS заработает, если шлюзом (и DHCP опционально для ЕСПД) должен быть сам сервер Squid и из схемы исключаем маршрутизатор. Если я правильно понял или нет?

    fedukonelove, у меня тупо как swith все настроено, IP адреса раздаются по DHCP из открытого сегмента РКТ (они не NAT-ятся), шлюз так-же указан РТК.

    А вот для Squid пришлось сделать в nat цепочки postrouting masquerade

  7. так и есть

    http_port 3128 accel vhost allow-direct

    https_port 3129 intercept ssl-bump cert=/etc/squid/squidCA.pem

    never_direct allow all

    sslproxy_cert_error allow all

    ssl_bump peek all

    ssl_bump splice all

    sslcrtd_program /usr/libexec/security_file_certgen -s /var/cache/squid/ssl_db -M 4MB

    cache_peer 10.0.48.52 parent 3128 0 no-query default

    nslookup проверю.

    Трафик DNAT-ом перекидываю firewall-ом маршрутизатора

    80 порт на 3128

    443 порт на 3129

    в мой локальный proxy сервер Squid.

    В логе получаю:

    2022/02/25 12:36:38 kid1| Pinger socket opened on FD 25
    2022/02/25 12:36:38 kid1| Configuring Parent 10.0.48.52/3128/0
    2022/02/25 12:36:38 kid1| Squid plugin modules loaded: 0
    2022/02/25 12:36:38 kid1| Adaptation support is off.
    2022/02/25 12:36:38 kid1| Accepting reverse-proxy HTTP Socket connections at local=[::]:3128 remote=[::] FD 22 flags=9
    2022/02/25 12:36:38 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3129 remote=[::] FD 23 flags=41
    2022/02/25 12:36:38| pinger: Initialising ICMP pinger …
    2022/02/25 12:36:38| pinger: ICMP socket opened.
    2022/02/25 12:36:38| pinger: ICMPv6 socket opened
    2022/02/25 12:36:38 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.48.46.165:3129 remote=10.48.46.2:50815 FD 11 flags=33: (2) No such file or directory
    2022/02/25 12:36:38 kid1| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=10.48.46.165:3129 remote=10.48.46.2:50815 FD 11 flags=33
    2022/02/25 12:36:39 kid1| storeLateRelease: released 0 objects
    2022/02/25 12:37:32 kid1| temporary disabling (Forbidden) digest from 10.0.48.52
    2022/02/25 12:37:32| SendEcho ERROR: sending to ICMPv6 packet to [2a02:28:2:e::2]: (101) Network is unreachable
    2022/02/25 12:38:12| SendEcho ERROR: sending to ICMPv6 packet to [2a00:1450:4010:c09::5e]: (101) Network is unreachable
    2022/02/25 12:42:32 kid1| temporary disabling (Forbidden) digest from 10.0.48.52
    2022/02/25 12:44:01| SendEcho ERROR: sending to ICMPv6 packet to [2a02:26f0:d0::217:a763]: (101) Network is unreachable

    Погуглил и нашел такую трактовку:

    > 2006/09/29 21:41:32| temporary disabling (Forbidden) digest from squid2
    > 2006/09/29 21:42:32| temporary disabling (Forbidden) digest from squid3

    Looks like the squid2 and squid3 does not allow digest exchanges.



  8. Прозрачный прокси сервер как parent (родительский) без подмены сертификата не будет работать из-за отсутствия секции PRIVATE KEY в сертификате ЕСПД.

    Поэтому сайты по HTTP работают, а из-за отсутствие ключа от сертификата ЕСПД по HTTPS нет.

    Написал в поддержку ЕСПД и в Минцифры. Шанс получения ключа равен 0, но попытка не пытка. Может кто из сообщества раздобудет ключ и поделится им.

    В СЗО имеются ЕГЭ/ОГЭ программы, которые требуют PRIVATE KEY для передачи зашифрованных сведений по каналам Интернет.

    Просим Вас предоставить PRIVATE KEY (выслать содержимое ключа) от сертификата ЕСПД https://espd.rt.ru/cert/ca.root.crt

    так как в сертификате ca.root.crt отсутствует секция PRIVATE KEY, содержится только:

    ——BEGIN CERTIFICATE——
    здесь содержимое сертификата
    ——END CERTIFICATE——

    должно быть:
    ——BEGIN PRIVATE KEY——
    здесь содержимое ключа
    ——END PRIVATE KEY——
    ——BEGIN CERTIFICATE——
    здесь содержимое сертификата
    ——END CERTIFICATE——

  9. У меня HTTPS не заработал по схеме прозрачный Squid + parent прокси РТК. HTTP открывает, а HTTPS нет.

  10. Нашел наш случай и как правильно оформить правило DNAT — подробнее см. здесь https://forum.ubuntu.ru/index.php?topic=238849.0

  11. По крайней мере YouTube открывался без проблем на том же ЕСПД.

    Глубже не тестировал, так как не было времени разбираться почему видео звонок в Skype не заработал.

  12. TurboBlaze


    TurboBlaze изменил свою фотографию     9 февраля, 2022

  13. Хотеть не вредно, goodbidpi в помощь ;)

  14. Udavf, не пробовал, так как лицей полностью закрыли на дистант с 8 по 17 февраля включительно. Пришлось назад PPPoE подключения из бэкапа восстанавливать, так как Skype не завелся с ЕСПД.

    У Вас маршрутизатор работает на OpenWRT? Там проще с firewall и iptables. Приблизительные правила я написал в этом сообщении (хотя, по ходу, нужно использовать правило с DNAT)

    как по мне дичь, но нужно было быстро придумать схему. Пошел по легкому пути.

    он и на PPPoE хорошо фильтруется до сих пор — провайдер тот же РТК.

    а почему бы и не подключить (задачи бывают разные)?

    У нас интерактивные панели на Android + учителей музыки моноблоки на Mac OS и как воспользоваться интернетом от Ростелекома? Правильно, через одно место xD

    Это не только на телефоне, но и везде (в частности наблюдал на ПК).

  15. Распил денег под Новый Год и захват школ под свое влияние.

    WPAD это костыль, как и все остальные подходы к ЕСПД.

    Можно пойти по пути своего Squid на отдельном АРМ, родительским приписывать РТК Proxy, с последующим заворотом трафика на внутренний Squid.

  16. Трафик редиректится через WPAD (настроено у меня), телефоны, планшеты не понимают WPAD (требуется ручная настройка proxy).

    Провайдер в танке :)

Источник

This topic has been deleted. Only users with topic management privileges can see it.

  • Hi guys! SquidGuard Group ACL stopped working for me, i presume after an pfsense update (the latest i think).
    So the whitelist rules are not working, only the Common ACL applies.
    Is anyone expirience the same problem?

    This update (2.4.5_p1) also introduced squid stabillity problems for me..at least ones a day it crashes . I have to restart the whole FW in order for it to start again.
    Thank you.

  • We are running a single pfsense vm with 600+ concurrent users and 30+ ldap based group acls. After applying a change, squids need a few minutes to work again.
    This is our only issue at the moment.

    The system now runs for about 2 weeks without reboot using 2.4.5p1, squid package 0.4.44_30 and squidguard package 1.16.18_6.

    I think you have a (syntax) error or similar issue in your config.

    The log tab will tell you, also you can test squidguard using the config from the command line.

    http://www.squidguard.org/Doc/verify.html

  • Hi, i have checked using the verify command from the site.
    The problem is that the ACL source is not identified, it is using a single IP..so it should not be difficult. The ACL should baypass blocking rule from default and allow acces…

    2020-07-29 13:59:08 [6564] squidGuard 1.4 started (1596020348.432)
    2020-07-29 13:59:08 [6564] squidGuard ready for requests (1596020348.443)
    2020-07-29 13:59:08 [6564] no ACL matching source, using default
    2020-07-29 13:59:08 [6564] Request(default/Webmail/-) http://www.yahoo.com 192.168.16.118/- — — REDIRECT
    OK rewrite-url=»http://vspfw.example.com:88/sgerror.php?url=403″
    2020-07-29 13:59:08 [6564] squidGuard stopped (1596020348.444)

    This is a sample from the config:

    ============================================================

    SquidGuard configuration file

    This file generated automaticly with SquidGuard configurator

    (C)2006 Serg Dvoriancev

    email: dv_serg@mail.ru

    ============================================================

    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard

    src Allow_all_dest {
    ip 192.168.16.118
    }

    Allowed access to file transfer sites

    src Alow_FileSharing {
    ip 192.168.16.106
    }

    Managing partners

    src Management2 {
    ip 192.168.16.118
    log block.log
    }
    …..

    If i enable in web console the Allow_alll_Dest ACL than it is woking just fine, the computer in case can access yahoo.
    With allow all dest disabled and Management2 enabled it is not working.
    First it has Allow all destionation and the last it has only Webmail allowed. This config was working just fine until a month or two. I have changed nothing beside the update…
    Thank you again for your answer :-).

  • Can you post the corresponding acl for the Management2 src? Perhaps the complete squidGuard config?

  • This post is deleted!

  • The IP address 192.168.16.118 is listed in two group acls: Allow_all_dest and Management.
    As long as this is the case, the group won’t be assigned:

    2020-07-29 14:26:37 [56101] squidGuard ready for requests (1596025597.929)
    2020-07-29 14:26:37 [56101] no ACL matching source, using default
    ERR
    2020-07-29 14:26:37 [56101] squidGuard stopped (1596025597.930)

    As soon as I change one entry, it works:

    2020-07-29 14:27:08 [58266] squidGuard 1.4 started (1596025628.201)
    2020-07-29 14:27:08 [58266] squidGuard ready for requests (1596025628.203)
    ERR
    2020-07-29 14:27:08 [58266] squidGuard stopped (1596025628.203)

  • @coffeelover I will test this imidiatly!
    But if it is like this then it is a bug because Allow all destinations it is always disabled! I use it only for investigation.!!

    EDIT: Yes you are right! If i removed the ip form Allow_all_destinations even if this ACL is disabled then Management ACL started working again!
    Thank you for thi, i have tested everything but this! :-)

  • Yeah, glad to hear this.

    I think it is a not a real bug: the src rules are parsed to a linked list, so order matters.

    As long as the first matching entry for the source address has no associated acl, it will fall back to default. If you change the order in your configuration, it will also work again.

    So this should be an issue for documentation or a plausibility check.

  • Thanky very much coffelover for helping me with this!
    I have another issue, after upgrading pfsense to 2.4.5 series, every morning when people comes to work squid crashes.
    The only options i have are:
    -from cli starting squid (simple squid..no other parameters) or
    -delete cache from UI and then squid automaticaliy restart without a problem or
    -reboot the whole system
    From services UI i can not restart the squid service. It fails.
    This is a tipical log file:

    How can i investigate further this problem:
    «Jul 29 09:02:17 kernel pid 65891 (squid), jid 0, uid 100: exited on signal 6»

    Jul 29 05:04:11 	check_reload_status 		Restarting ipsec tunnels
Jul 29 05:04:11 	check_reload_status 		Restarting OpenVPN tunnels/interfaces
Jul 29 05:04:11 	check_reload_status 		Reloading filter
Jul 29 09:02:17 	kernel 		pid 65891 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:03 	kernel 		pid 67277 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:05 	kernel 		pid 39788 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:06 	kernel 		pid 43264 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:07 	kernel 		pid 46291 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:08 	kernel 		pid 49802 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:09 	kernel 		pid 52665 (squid), jid 0, uid 100: exited on signal 6
Jul 29 09:05:10 	Squid_Alarm 	56905 	Squid has exited. Reconfiguring filter.
Jul 29 09:05:10 	Squid_Alarm 	57086 	Attempting restart...
Jul 29 09:05:13 	Squid_Alarm 	59138 	Reconfiguring filter...
Jul 29 09:05:13 	check_reload_status 		Reloading filter
Jul 29 09:05:14 	php-fpm 	397 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Jul 29 09:05:14 	php-fpm 	397 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Jul 29 09:05:15 	php-fpm 	397 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules.
Jul 29 09:36:16 	php-fpm 	30623 	/pkg_edit.php: Session timed out for user 'admin' from: 192.168.16.10 (Local Database)
Jul 29 09:36:18 	php-fpm 	30623 	/pkg_edit.php: Successful login for user 'admin' from: 192.168.16.10 (Local Database)
Jul 29 09:36:52 	php-fpm 	339 	/pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now...
Jul 29 09:36:52 	php-fpm 	339 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 09:36:53 	php-fpm 	339 	/pkg_edit.php: [squid] Creating cache dir '/var/squid/cache' ...
Jul 29 09:36:53 	php-fpm 	339 	/pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache ...
Jul 29 09:36:56 	php-fpm 	339 	/pkg_edit.php: [squid] Starting service...
Jul 29 09:36:56 	php-fpm 	339 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 09:36:57 	check_reload_status 		Syncing firewall
Jul 29 09:36:57 	php-fpm 	339 	/pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Adding cronjobs ...
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Antivirus features disabled.
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 29 09:36:59 	php-fpm 	339 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 29 09:37:00 	php-fpm 	339 	/pkg_edit.php: [squid] Reloading for configuration sync...
Jul 29 09:37:00 	php-fpm 	339 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 29 09:37:01 	check_reload_status 		Reloading filter
Jul 29 09:39:28 	sshd 	82200 	user root login class [preauth]
Jul 29 09:39:28 	sshd 	82200 	user root login class [preauth]
Jul 29 09:39:31 	sshd 	82200 	Accepted keyboard-interactive/pam for root from 192.168.16.10 port 50956 ssh2
Jul 29 09:49:43 	kernel 		pid 332 (squid), jid 0, uid 100: exited on signal 6
Jul 29 10:02:13 	kernel 		pid 32699 (squid), jid 0, uid 100: exited on signal 6

    Thank you again! i will start another thread if you think it will help someone else but me.

  • @mdalacu said in SquidGuard Group ACL not working:

    @coffeelover I will test this imidiatly!
    But if it is like this then it is a bug because Allow all destinations it is always disabled! I use it only for investigation.!!

    EDIT: Yes you are right! If i removed the ip form Allow_all_destinations even if this ACL is disabled then Management ACL started working again!
    Thank you for thi, i have tested everything but this! :-)

    Seems related to https://redmine.pfsense.org/issues/4088

  • @viktor_g yeah, but i don’t agree completely to the bug. It is filed very opinionated and some guesses are completely wrong.
    Squidguard just resets a non-resolvable client to the default acl, which is common behaviour. If the default acl means ‘allow_all’, it is an configuration issue, it doesn’t «renders squidguard useless».

    But yes, perhaps a global setting like ‘include non-linked acls in config’ would be nice or at least a warning should be shown.

  • @mdalacu i would check:

    • the system resources (cpu, ram, filesystem usage)
    • the file permissions

    Daily could mean that squid is not able to rotate the logs, because of wrong file permissions.

    And if it works after you cleaned the disk cache, it could just be the filesystem filling up.

  • @coffeelover Hi. Thanks for your reply.
    I have checked everthing…RAM CPU Disk Space ..nothing out of the ordinary.
    The file permissions seems ok because the system rotates logs at 00:00 without problems.

    Squid crashes between 9 and 9:30 AM every morning. I see nothing in crontab which runs at 9…

    [2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: ls -l
total 296544
-rw-r-----  1 squid  proxy  27603284 Jul 30 12:07 access.log
-rw-r-----  1 squid  proxy  95043059 Jul 30 00:00 access.log.0
-rw-r-----  1 squid  proxy  90147081 Jul 29 00:00 access.log.1
-rw-r-----  1 squid  proxy  82716598 Jul 28 00:00 access.log.2
-rw-r-----  1 squid  proxy    620734 Jul 30 11:38 cache.log
-rw-r-----  1 squid  proxy   1139736 Jul 29 17:33 cache.log.0
-rw-r-----  1 squid  proxy   1189305 Jul 28 17:27 cache.log.1
-rw-r-----  1 squid  proxy   3545291 Jul 27 22:47 cache.log.2
-rw-r-----  1 squid  proxy   1210310 Jul 30 11:47 netdb.state
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: df -h
Filesystem                                         Size    Used   Avail Capacity  Mounted on
/dev/gptid/d5335474-d186-11e9-b43e-00155d105a07     45G    2.3G     39G     5%    /
devfs                                              1.0K    1.0K      0B   100%    /dev
/dev/md0                                           3.4M    108K    3.0M     3%    /var/run
devfs                                              1.0K    1.0K      0B   100%    /var/dhcpd/dev
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: ls -ltr ../cache/
total 68
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 00
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 01
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 02
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 03
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 04
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 05
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 06
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 07
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 08
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 09
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0A
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0B
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0C
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0D
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0E
drwxr-x---  258 squid  proxy  3584 Jul 30 09:20 0F
-rw-r-----    1 squid  proxy    72 Jul 30 09:43 swap.state
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: cat /etc/cro
cron.d/  crontab
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/logs: cat /etc/crontab
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD$
#
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
#
#minute hour    mday    month   wday    who     command
#
#*/5    *       *       *       *       root    /usr/libexec/atrun
#
# Save some entropy so that /dev/random can re-seed on boot.
#*/11   *       *       *       *       operator /usr/libexec/save-entropy
#
# Rotate log files every hour, if necessary.
#0      *       *       *       *       root    newsyslog
#
# Perform daily/weekly/monthly maintenance.
#1      3       *       *       *       root    periodic daily
#15     4       *       *       6       root    periodic weekly
#30     5       1       *       *       root    periodic monthly
#
# Adjust the time zone if the CMOS clock keeps local time, as opposed to
# UTC time.  See adjkerntz(8) for details.
#1,31   0-5     *       *       *       root    adjkerntz -a
#
# pfSense specific crontab entries
# Created: July 28, 2020, 8:51 am
#

1,31    0-5     *       *       *       root    /usr/bin/nice -n20 adjkerntz -a
1       3       1       *       *       root    /usr/bin/nice -n20 /etc/rc.update_bogons.sh
1       1       *       *       *       root    /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60    *       *       *       *       root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
30      12      *       *       *       root    /usr/bin/nice -n20 /etc/rc.update_urltables
1       0       *       *       *       root    /usr/bin/nice -n20 /etc/rc.update_pkg_metadata
0       0       *       *       *       root    /usr/bin/nice -n20 /usr/local/etc/rc.d/squidGuard_logrotate
30      1       *       *       *       root    /root/squidGuard_blacklist_update.sh
0       0       *       *       *       root    /usr/local/sbin/squid -k rotate -f /usr/local/etc/squid/squid.conf
15      0       *       *       *       root    /usr/local/pkg/swapstate_check.php
0       */12    *       *       *       root    /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl today
15      0       *       *       *       root    /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl yesterday
#
# If possible do not add items to this file manually.
# If done so, this file must be terminated with a blank line (e.g. new line)
#

This is the log from today whan it crashed at 9:14.

    Jul 29 14:20:26 check_reload_status Syncing firewall
    Jul 29 14:20:26 check_reload_status Syncing firewall
    Jul 29 14:20:31 check_reload_status Syncing firewall
    Jul 29 14:20:42 php-fpm 397 /pkg_edit.php: [squid] — squid_resync function call pr:1 bp: rpc:no
    Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Adding cronjobs …
    Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Antivirus features disabled.
    Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Removing freshclam cronjob.
    Jul 29 14:20:44 php-fpm 397 /pkg_edit.php: [squid] Stopping any running proxy monitors
    Jul 29 14:20:45 php-fpm 397 /pkg_edit.php: [squid] Reloading for configuration sync…
    Jul 29 14:20:46 php-fpm 397 /pkg_edit.php: [squid] Starting a proxy monitor script
    Jul 29 14:20:47 check_reload_status Reloading filter
    Jul 29 15:45:17 check_reload_status Syncing firewall
    Jul 29 15:45:17 check_reload_status Syncing firewall
    Jul 29 15:45:28 check_reload_status Syncing firewall
    Jul 29 15:45:39 php-fpm 99938 /pkg_edit.php: [squid] — squid_resync function call pr:1 bp: rpc:no
    Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Adding cronjobs …
    Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Antivirus features disabled.
    Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Removing freshclam cronjob.
    Jul 29 15:45:40 php-fpm 99938 /pkg_edit.php: [squid] Stopping any running proxy monitors
    Jul 29 15:45:41 php-fpm 99938 /pkg_edit.php: [squid] Reloading for configuration sync…
    Jul 29 15:45:41 php-fpm 99938 /pkg_edit.php: [squid] Starting a proxy monitor script
    Jul 29 15:45:42 check_reload_status Reloading filter
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 19 d2 28 40 00
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 07 4f 08 01 00
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
    Jul 30 05:00:55 rc.gateway_alarm 7850 >>> Gateway alarm: GW_WAN (Addr:192.168.16.1 Alarm:1 RTT:1.383ms RTTsd:1.839ms Loss:21%)
    Jul 30 05:00:55 check_reload_status updating dyndns GW_WAN
    Jul 30 05:00:55 check_reload_status Restarting ipsec tunnels
    Jul 30 05:00:55 check_reload_status Restarting OpenVPN tunnels/interfaces
    Jul 30 05:00:55 check_reload_status Reloading filter
    Jul 30 05:02:23 check_reload_status Linkup starting hn0
    Jul 30 05:02:23 kernel hn0: network changed, change 1
    Jul 30 05:02:23 kernel hn0: link state changed to DOWN
    Jul 30 05:02:24 php-fpm 99938 /rc.linkup: Ignoring link event for bridge member without IP config
    Jul 30 05:02:24 check_reload_status Reloading filter
    Jul 30 05:02:27 sshd 82200 Timeout, client not responding.
    Jul 30 05:02:28 check_reload_status Linkup starting hn0
    Jul 30 05:02:28 kernel hn0: link state changed to UP
    Jul 30 05:02:29 php-fpm 339 /rc.linkup: Ignoring link event for bridge member without IP config
    Jul 30 05:02:29 check_reload_status Reloading filter
    Jul 30 05:02:41 check_reload_status Linkup starting hn0
    Jul 30 05:02:41 kernel hn0: network changed, change 1
    Jul 30 05:02:41 kernel hn0: link state changed to DOWN
    Jul 30 05:02:42 php-fpm 30623 /rc.linkup: Ignoring link event for bridge member without IP config
    Jul 30 05:02:42 check_reload_status Reloading filter
    Jul 30 05:02:46 check_reload_status Linkup starting hn0
    Jul 30 05:02:46 kernel hn0: link state changed to UP
    Jul 30 05:02:47 php-fpm 338 /rc.linkup: Ignoring link event for bridge member without IP config
    Jul 30 05:02:47 check_reload_status Reloading filter
    Jul 30 05:02:53 check_reload_status Linkup starting hn0
    Jul 30 05:02:53 kernel hn0: network changed, change 1
    Jul 30 05:02:53 kernel hn0: link state changed to DOWN
    Jul 30 05:02:54 php-fpm 22515 /rc.linkup: Ignoring link event for bridge member without IP config
    Jul 30 05:02:54 check_reload_status Reloading filter
    Jul 30 05:02:58 check_reload_status Linkup starting hn0
    Jul 30 05:02:58 kernel hn0: link state changed to UP
    Jul 30 05:02:59 php-fpm 397 /rc.linkup: Ignoring link event for bridge member without IP config
    Jul 30 05:02:59 check_reload_status Reloading filter
    Jul 30 05:04:14 rc.gateway_alarm 86494 >>> Gateway alarm: GW_WAN (Addr:192.168.16.1 Alarm:0 RTT:1.445ms RTTsd:1.415ms Loss:5%)
    Jul 30 05:04:14 check_reload_status updating dyndns GW_WAN
    Jul 30 05:04:14 check_reload_status Restarting ipsec tunnels
    Jul 30 05:04:14 check_reload_status Restarting OpenVPN tunnels/interfaces
    Jul 30 05:04:14 check_reload_status Reloading filter
    Jul 30 09:14:55 kernel pid 3599 (squid), jid 0, uid 100: exited on signal 6
    Jul 30 09:14:56 kernel pid 58817 (squid), jid 0, uid 100: exited on signal 6
    Jul 30 09:14:57 kernel pid 61209 (squid), jid 0, uid 100: exited on signal 6
    Jul 30 09:14:58 kernel pid 64892 (squid), jid 0, uid 100: exited on signal 6
    Jul 30 09:14:59 kernel pid 67991 (squid), jid 0, uid 100: exited on signal 6
    Jul 30 09:15:00 kernel pid 71182 (squid), jid 0, uid 100: exited on signal 6
    Jul 30 09:15:22 Squid_Alarm 75627 Squid has exited. Reconfiguring filter.
    Jul 30 09:15:22 Squid_Alarm 75891 Attempting restart…
    Jul 30 09:15:25 Squid_Alarm 77973 Reconfiguring filter…
    Jul 30 09:15:25 check_reload_status Reloading filter
    Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing ‘nat’ rules.
    Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing ‘pfearly’ rules.
    Jul 30 09:15:26 php-fpm 22515 /rc.filter_configure_sync: [squid] Installed but not started. Not installing ‘filter’ rules.
    Jul 30 09:19:47 php-fpm 397 /pkg_edit.php: Session timed out for user ‘admin’ from: 192.168.16.10 (Local Database)
    Jul 30 09:19:49 php-fpm 397 /pkg_edit.php: Successful login for user ‘admin’ from: 192.168.16.10 (Local Database)
    Jul 30 09:20:19 php-fpm 22515 /pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now…
    Jul 30 09:20:19 php-fpm 22515 /pkg_edit.php: [squid] Stopping any running proxy monitors
    Jul 30 09:20:21 php-fpm 22515 /pkg_edit.php: [squid] Creating cache dir ‘/var/squid/cache’ …
    Jul 30 09:20:21 php-fpm 22515 /pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache …
    Jul 30 09:20:25 php-fpm 22515 /pkg_edit.php: [squid] Starting service…
    Jul 30 09:20:25 php-fpm 22515 /pkg_edit.php: [squid] Starting a proxy monitor script
    Jul 30 09:20:26 check_reload_status Syncing firewall
    Jul 30 09:20:26 php-fpm 22515 /pkg_edit.php: [squid] — squid_resync function call pr:1 bp: rpc:no
    Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Adding cronjobs …
    Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Antivirus features disabled.
    Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Removing freshclam cronjob.
    Jul 30 09:20:28 php-fpm 22515 /pkg_edit.php: [squid] Stopping any running proxy monitors
    Jul 30 09:20:29 php-fpm 22515 /pkg_edit.php: [squid] Reloading for configuration sync…
    Jul 30 09:20:29 php-fpm 22515 /pkg_edit.php: [squid] Starting a proxy monitor script
    Jul 30 09:20:30 check_reload_status Reloading filter

    What other logs should i check?
    Thank you again! :-)

  • @mdalacu said in SquidGuard Group ACL not working:

    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 19 d2 28 40 00
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
    Jul 30 01:30:25 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): WRITE(6). CDB: 0a 07 4f 08 01 00
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): CAM status: SCSI Status Error
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI status: Check Condition
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): SCSI sense: UNIT ATTENTION asc:3f,2 (Changed operating definition)
    Jul 30 02:08:03 kernel (da0:storvsc0:0:0:0): Retrying command (per sense data)

    And it works before 9? These scsi errors are from hyper-v snapshots i guess?
    Perhaps try to disable these? There is no filesystem error, but i think it is worth a try.

    And you should increase the debug level:

    debug_options 1,5 6,5 ALL,1

    Section 1 is main loop, Section 6 is disk i/o.

  • Hi coffelover!
    Yes you are right, at that time windows backup start. But unfortuantly it is unrelated.
    But today i have restarted and cleaned the cache at 8:30 AM from UI to see if it will crash again. At 9:02 it crashed …:/ CPU was ok, RAM also, disk space 35 GB free…
    Could be an user that try to access something that crashes the whole squid? The office hours starts at 9:00 AM here..
    Is there any other log that i could look into?
    Thanks.

    Jul 31 08:42:06 	php-fpm 	28232 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 08:42:07 	check_reload_status 		Reloading filter
Jul 31 09:02:56 	kernel 		pid 43401 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:57 	kernel 		pid 52412 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:58 	kernel 		pid 55101 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:02:59 	kernel 		pid 58638 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:00 	kernel 		pid 61188 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:01 	kernel 		pid 63750 (squid), jid 0, uid 100: exited on signal 6
Jul 31 09:03:17 	Squid_Alarm 	68674 	Squid has exited. Reconfiguring filter.
Jul 31 09:03:17 	Squid_Alarm 	68975 	Attempting restart...
Jul 31 09:03:20 	Squid_Alarm 	71372 	Reconfiguring filter...
Jul 31 09:03:20 	check_reload_status 		Reloading filter
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Jul 31 09:03:22 	php-fpm 	28232 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules.
Jul 31 09:13:27 	php-fpm 	338 	/pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now...
Jul 31 09:13:27 	php-fpm 	338 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 31 09:13:28 	php-fpm 	338 	/pkg_edit.php: [squid] Creating cache dir '/var/squid/cache' ...
Jul 31 09:13:28 	php-fpm 	338 	/pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache ...
Jul 31 09:13:31 	php-fpm 	338 	/pkg_edit.php: [squid] Starting service...
Jul 31 09:13:31 	radiusd 	63099 	(109) Login OK: [DSP03] (from client T2600G-52TS_01 port 0 via TLS tunnel)
Jul 31 09:13:31 	radiusd 	63099 	(110) Login OK: [DSP03] (from client T2600G-52TS_01 port 3 cli f4-4d-30-6b-80-ce)
Jul 31 09:13:32 	php-fpm 	338 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 09:13:33 	check_reload_status 		Syncing firewall
Jul 31 09:13:33 	php-fpm 	338 	/pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Adding cronjobs ...
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Antivirus features disabled.
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 31 09:13:34 	php-fpm 	338 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 31 09:13:35 	php-fpm 	338 	/pkg_edit.php: [squid] Reloading for configuration sync...
Jul 31 09:13:35 	php-fpm 	338 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 09:13:36 	check_reload_status 		Reloading filter
Jul 31 09:15:03 	check_reload_status 		Syncing firewall
Jul 31 09:15:03 	check_reload_status 		Syncing firewall
Jul 31 09:15:11 	check_reload_status 		Syncing firewall
Jul 31 09:15:22 	php-fpm 	28232 	/pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Adding cronjobs ...
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Antivirus features disabled.
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Removing freshclam cronjob.
Jul 31 09:15:23 	php-fpm 	28232 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Jul 31 09:15:24 	php-fpm 	28232 	/pkg_edit.php: [squid] Reloading for configuration sync...
Jul 31 09:15:24 	php-fpm 	28232 	/pkg_edit.php: [squid] Starting a proxy monitor script
Jul 31 09:15:25 	check_reload_status 		Reloading filter
Jul 31 09:15:27 	radiusd 	63099 	(121) Login OK: [MCV18] (from client T2600G-52TS_01 port 0 via TLS tunnel)
Jul 31 09:15:27 	radiusd 	63099 	(122) Login OK: [MCV18] (from client T2600G-52TS_01 port 14 cli a4-ae-e4-7d-b5-f1)

  • The debugging logs from squid go to /var/log/squid/cache.log

  • Hi. I do not have such a file..but:
    /var/squid/logs/cache.log

    This is the log from the time of crash…and it continuies like this…6000 lines…
    Do you see anything importand than the second log line?
    Thanks
    EDIT: I have problem pasting the log here…it says that contains spam. So i have uplaoded the log as an atachmentsquid.cache.log.txt

    2020-07-31 08:46:56 [45559] logfile not allowed in acl other than default
2020/07/31 09:02:56 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/07/31 09:02:56 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/07/31 09:02:56 kid1| Service Name: squid
2020-07-31 09:02:56 [53246] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log
2020-07-31 09:02:56 [53246] New setting: logdir: /var/squidGuard/log
2020-07-31 09:02:56 [53246] New setting: dbhome: /var/db/squidGuard
2020-07-31 09:02:56 [53246] init domainlist /var/db/squidGuard/blk_blacklists_ads/domains
2020-07-31 09:02:56 [53246] loading dbfile /var/db/squidGuard/blk_blacklists_ads/domains.db
2020-07-31 09:02:56 [53246] init urllist /var/db/squidGuard/blk_blacklists_ads/urls
2020-07-31 09:02:56 [53246] loading dbfile /var/db/squidGuard/blk_blacklists_ads/urls.db

  • Your permissions for /var/log/squidGuard/squidGuard.log are not correct.

    And i would check my generated whitelist file and possibly fix the whitelist entries.

  • This post is deleted!

  • @coffeelover
    Hi This ar the permission for the file. Are those wrong?

    [2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/log/squidGuard: ls -ltr
total 1632
-rw-r--r--  1 root  squid  1624971 Aug  3 01:30 squidGuard.log
[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/log/squidGuard:

    The whitelists are only modified in the UI…
    this is the file:

    [2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/acl: cat whitelist.acl
microsoft.com
download.microsoft.com
download.windowsupdate.com
update.microsoft.com
dl.delivery.mp.microsoft.com
emdl.ws.microsoft.com
update.microsoft.com.akadns.net
update.microsoft.com.nsatc.net
windowsupdate.com
windowsupdate.microsoft.com
ntservicepack.microsoft.com
wustat.windows.com
facebook.com
decl.anaf.mfinante.gov.ro
anaf.ro[2.4.5-RELEASE][root@VSPFW.suciupopa.ro]/var/squid/acl:

    Is there anything wrong? Thx.

  • The owner / groups needs to be «squid:squid» so squidGuard is able to write to this file.

    The whitelist is included as type dstdom_regex, so the entries have to be regular expressions.

    So you have at least to escape the dots and add the $ to the line end to match the end of the domain. And to be on safe side, just need to change the entries, that they start either with beginning of line or with a dot. Otherwise an entry like «facebook.com$» matches «badfacebook.com»

    I changed your list, removed redundant entries and ordered the remaining by alphabet:

    (^|.)anaf.ro$
(^|.)decl.anaf.mfinante.gov.ro$
(^|.)facebook.com$
(^|.)microsoft.com$
(^|.)update.microsoft.com.akadns.net$
(^|.)update.microsoft.com.nsatc.net$
(^|.)windowsupdate.com$
(^|.)wustat.windows.com$

  • @coffeelover Thank you for your time and patience.
    I have done the modifications whitelist + changing sguidGuard.log permissions and ownership. I will see in the morning if squid stops crashing.
    The whitelist file was functioning properly, for those sites the certificate was not changed with the one from our internal CA.
    I will report back!
    Have a nice day! :-)

  • @coffeelover
    Hi ..in the morinig..same problem:
    For sure it is not a cron job because in WE, when nobody (but me :/ ) is at the office squid does not crash.
    I think some user is trying to access a site which crashes squid, but i can find who or what.
    Any ideeas?
    Thanks again.

    Aug 4 07:57:37 	radiusd 	28195 	(48) Login OK: [DSP03] (from client T2600G-52TS_01 port 0 via TLS tunnel)
Aug 4 07:57:37 	radiusd 	28195 	(49) Login OK: [DSP03] (from client T2600G-52TS_01 port 3 cli f4-4d-30-6b-80-ce)
Aug 4 08:41:47 	php-fpm 	338 	/status_logs.php: Session timed out for user 'admin' from: 192.168.16.10 (Local Database)
Aug 4 08:41:50 	php-fpm 	338 	/status_logs.php: Successful login for user 'admin' from: 192.168.16.10 (Local Database)
Aug 4 09:00:36 	kernel 		pid 56671 (squid), jid 0, uid 100: exited on signal 6
Aug 4 09:00:37 	kernel 		pid 84027 (squid), jid 0, uid 100: exited on signal 6
Aug 4 09:00:39 	kernel 		pid 89031 (squid), jid 0, uid 100: exited on signal 6
Aug 4 09:00:40 	kernel 		pid 92708 (squid), jid 0, uid 100: exited on signal 6
Aug 4 09:00:41 	kernel 		pid 95868 (squid), jid 0, uid 100: exited on signal 6
Aug 4 09:00:42 	kernel 		pid 98402 (squid), jid 0, uid 100: exited on signal 6
Aug 4 09:01:31 	Squid_Alarm 	21806 	Squid has exited. Reconfiguring filter.
Aug 4 09:01:31 	Squid_Alarm 	22203 	Attempting restart...
Aug 4 09:01:34 	Squid_Alarm 	24558 	Reconfiguring filter...
Aug 4 09:01:35 	check_reload_status 		Reloading filter
Aug 4 09:01:36 	php-fpm 	339 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules.
Aug 4 09:01:36 	php-fpm 	339 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules.
Aug 4 09:01:36 	php-fpm 	339 	/rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules.
Aug 4 09:35:20 	php-fpm 	338 	/pkg_edit.php: [squid] Clear disk cache forced via GUI. Clearing cache now...
Aug 4 09:35:20 	php-fpm 	338 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Aug 4 09:35:21 	php-fpm 	338 	/pkg_edit.php: [squid] Creating cache dir '/var/squid/cache' ...
Aug 4 09:35:21 	php-fpm 	338 	/pkg_edit.php: [squid] Creating Squid cache subdirs in /var/squid/cache ...
Aug 4 09:35:25 	php-fpm 	338 	/pkg_edit.php: [squid] Starting service...
Aug 4 09:35:26 	php-fpm 	338 	/pkg_edit.php: [squid] Starting a proxy monitor script
Aug 4 09:35:27 	check_reload_status 		Syncing firewall
Aug 4 09:35:27 	php-fpm 	338 	/pkg_edit.php: [squid] - squid_resync function call pr:1 bp: rpc:no
Aug 4 09:35:28 	php-fpm 	338 	/pkg_edit.php: [squid] Adding cronjobs ...
Aug 4 09:35:28 	php-fpm 	338 	/pkg_edit.php: [squid] Antivirus features disabled.
Aug 4 09:35:28 	php-fpm 	338 	/pkg_edit.php: [squid] Removing freshclam cronjob.
Aug 4 09:35:28 	php-fpm 	338 	/pkg_edit.php: [squid] Stopping any running proxy monitors
Aug 4 09:35:29 	php-fpm 	338 	/pkg_edit.php: [squid] Reloading for configuration sync...
Aug 4 09:35:29 	php-fpm 	338 	/pkg_edit.php: [squid] Starting a proxy monitor script
Aug 4 09:35:30 	check_reload_status 		Reloading filter

  • @coffeelover said in SquidGuard Group ACL not working:

    debug_options 1,5 6,5 ALL,1

    I think the only option to find the cause is to increase the debug level.

  • @coffeelover Hi, but in what file should i put the line? Thanks.

  • You have to put this line in general -> show advanced options -> «Custom Options (Before Auth)»

  • @coffeelover Thank for this.
    I have done it and of course today in the morning, it crashed…
    This is the cache.log. In access.log i see nothing special, i have tested all the sites and they do not crash squid..
    Maybe you see something useful in the log, i didn’t.. :/
    Thank you again for your time coffelover :-) 

    2020/08/10 09:03:47| SendEcho ERROR: sending to ICMPv6 packet to [2a00:1450:4013:c07::bd]: (65) No route to host
2020/08/10 09:05:43| SendEcho ERROR: sending to ICMPv6 packet to [2a00:1450:4013:c08::bd]: (65) No route to host
2020/08/10 09:05:59 kid1| Starting new redirector helpers...
2020/08/10 09:05:59 kid1| helperOpenServers: Starting 4/16 'squidGuard' processes
2020/08/10 09:07:30| SendEcho ERROR: sending to ICMPv6 packet to [2a00:1450:4013:c01::bd]: (65) No route to host
2020/08/10 09:09:31| SendEcho ERROR: sending to ICMPv6 packet to [2a00:1450:4013:c07::bd]: (65) No route to host
2020/08/10 09:09:34| SendEcho ERROR: sending to ICMPv6 packet to [2a00:1450:4013:c00::bd]: (65) No route to host
2020/08/10 09:09:34| SendEcho ERROR: sending to ICMPv6 packet to [2a00:1450:4013:c04::bd]: (65) No route to host
2020/08/10 09:10:45 kid1| Error negotiating SSL connection on FD 51: error:00000001:lib(0):func(0):reason(1) (1/0)
2020/08/10 09:10:47 kid1| Error negotiating SSL connection on FD 48: error:00000001:lib(0):func(0):reason(1) (1/0)
2020/08/10 09:10:49 kid1| Error negotiating SSL connection on FD 48: error:00000001:lib(0):func(0):reason(1) (1/0)
2020/08/10 09:10:52 kid1| Error negotiating SSL connection on FD 69: error:00000001:lib(0):func(0):reason(1) (1/0)
2020/08/10 09:10:56 kid1| Error negotiating SSL connection on FD 153: error:00000001:lib(0):func(0):reason(1) (1/0)
2020/08/10 09:10:58 kid1| Error negotiating SSL connection on FD 167: error:00000001:lib(0):func(0):reason(1) (1/0)
2020/08/10 09:11:45 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/08/10 09:11:46 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:46 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/08/10 09:11:46 kid1| Service Name: squid
2020/08/10 09:11:46 kid1| Process ID 25066
2020/08/10 09:11:46 kid1| Process Roles: worker
2020/08/10 09:11:46 kid1| With 57276 file descriptors available
2020/08/10 09:11:46 kid1| Initializing IP Cache...
2020/08/10 09:11:46 kid1| DNS Socket created at [::], FD 5
2020/08/10 09:11:46 kid1| DNS Socket created at 0.0.0.0, FD 9
2020/08/10 09:11:46 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2020/08/10 09:11:46 kid1| Adding nameserver 192.168.16.12 from /etc/resolv.conf
2020/08/10 09:11:46 kid1| Adding nameserver 192.168.16.1 from /etc/resolv.conf
2020/08/10 09:11:46 kid1| Adding domain suciupopa.ro from /etc/resolv.conf
2020/08/10 09:11:46 kid1| helperOpenServers: Starting 5/128 'security_file_certgen' processes
2020/08/10 09:11:46 kid1| helperOpenServers: Starting 8/16 'squidGuard' processes
2020/08/10 09:11:46 kid1| Logfile: opening log /var/squid/logs/access.log
2020/08/10 09:11:46 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/squid/logs/access.log'
2020/08/10 09:11:46 kid1| Unlinkd pipe opened on FD 42
2020/08/10 09:11:46 kid1| Store logging disabled
2020/08/10 09:11:46 kid1| Swap maxSize 102400 + 65536 KB, estimated 12918 objects
2020/08/10 09:11:46 kid1| Target number of buckets: 645
2020/08/10 09:11:46 kid1| Using 8192 Store buckets
2020/08/10 09:11:46 kid1| Max Mem  size: 65536 KB
2020/08/10 09:11:46 kid1| Max Swap size: 102400 KB
2020/08/10 09:11:46 kid1| Rebuilding storage in /var/squid/cache (clean log)
2020/08/10 09:11:46 kid1| Using Least Load store dir selection
2020/08/10 09:11:46 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:46 kid1| Finished loading MIME types and icons.
2020/08/10 09:11:46 kid1| HTCP Disabled.
2020/08/10 09:11:46 kid1| Pinger socket opened on FD 48
2020/08/10 09:11:46 kid1| NETDB state reloaded; 703 entries, 47 msec
2020/08/10 09:11:46 kid1| Squid plugin modules loaded: 0
2020/08/10 09:11:46 kid1| Adaptation support is off.
2020/08/10 09:11:46 kid1| Accepting SSL bumped HTTP Socket connections at local=192.168.16.22:3128 remote=[::] FD 45 flags=9
2020/08/10 09:11:46 kid1| Accepting HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 46 flags=9
2020/08/10 09:11:46 kid1| Done reading /var/squid/cache swaplog (0 entries)
2020/08/10 09:11:46 kid1| Store rebuilding is 0.00% complete
2020/08/10 09:11:46 kid1| Finished rebuilding storage from disk.
2020/08/10 09:11:46 kid1|         0 Entries scanned
2020/08/10 09:11:46 kid1|         0 Invalid entries.
2020/08/10 09:11:46 kid1|         0 With invalid flags.
2020/08/10 09:11:46 kid1|         0 Objects loaded.
2020/08/10 09:11:46 kid1|         0 Objects expired.
2020/08/10 09:11:46 kid1|         0 Objects cancelled.
2020/08/10 09:11:46 kid1|         0 Duplicate URLs purged.
2020/08/10 09:11:46 kid1|         0 Swapfile clashes avoided.
2020/08/10 09:11:46 kid1|   Took 0.07 seconds (  0.00 objects/sec).
2020/08/10 09:11:46 kid1| Beginning Validation Procedure
2020/08/10 09:11:46 kid1|   Completed Validation Procedure
2020/08/10 09:11:46 kid1|   Validated 0 Entries
2020/08/10 09:11:46 kid1|   store_swap_size = 0.00 KB
2020/08/10 09:11:46| pinger: Initialising ICMP pinger ...
2020/08/10 09:11:46| pinger: ICMP socket opened.
2020/08/10 09:11:46| pinger: ICMPv6 socket opened
2020/08/10 09:11:46 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/08/10 09:11:47 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:47 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/08/10 09:11:47 kid1| Service Name: squid
2020/08/10 09:11:47 kid1| Process ID 27819
2020/08/10 09:11:47 kid1| Process Roles: worker
2020/08/10 09:11:47 kid1| With 57276 file descriptors available
2020/08/10 09:11:47 kid1| Initializing IP Cache...
2020/08/10 09:11:47 kid1| DNS Socket created at [::], FD 5
2020/08/10 09:11:47 kid1| DNS Socket created at 0.0.0.0, FD 9
2020/08/10 09:11:47 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2020/08/10 09:11:47 kid1| Adding nameserver 192.168.16.12 from /etc/resolv.conf
2020/08/10 09:11:47 kid1| Adding nameserver 192.168.16.1 from /etc/resolv.conf
2020/08/10 09:11:47 kid1| Adding domain suciupopa.ro from /etc/resolv.conf
2020/08/10 09:11:47 kid1| helperOpenServers: Starting 5/128 'security_file_certgen' processes
2020/08/10 09:11:47 kid1| helperOpenServers: Starting 8/16 'squidGuard' processes
2020/08/10 09:11:47 kid1| Logfile: opening log /var/squid/logs/access.log
2020/08/10 09:11:47 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/squid/logs/access.log'
2020/08/10 09:11:47 kid1| Unlinkd pipe opened on FD 42
2020/08/10 09:11:47 kid1| Store logging disabled
2020/08/10 09:11:47 kid1| Swap maxSize 102400 + 65536 KB, estimated 12918 objects
2020/08/10 09:11:47 kid1| Target number of buckets: 645
2020/08/10 09:11:47 kid1| Using 8192 Store buckets
2020/08/10 09:11:47 kid1| Max Mem  size: 65536 KB
2020/08/10 09:11:47 kid1| Max Swap size: 102400 KB
2020/08/10 09:11:47 kid1| Rebuilding storage in /var/squid/cache (dirty log)
2020/08/10 09:11:47 kid1| Using Least Load store dir selection
2020/08/10 09:11:47 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:47 kid1| Finished loading MIME types and icons.
2020/08/10 09:11:47 kid1| HTCP Disabled.
2020/08/10 09:11:47| pinger: Initialising ICMP pinger ...
2020/08/10 09:11:47| pinger: ICMP socket opened.
2020/08/10 09:11:47| pinger: ICMPv6 socket opened
2020/08/10 09:11:47 kid1| Pinger socket opened on FD 48
2020/08/10 09:11:47 kid1| NETDB state reloaded; 703 entries, 47 msec
2020/08/10 09:11:47 kid1| Squid plugin modules loaded: 0
2020/08/10 09:11:47 kid1| Adaptation support is off.
2020/08/10 09:11:47 kid1| Accepting SSL bumped HTTP Socket connections at local=192.168.16.22:3128 remote=[::] FD 45 flags=9
2020/08/10 09:11:47 kid1| Accepting HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 46 flags=9
2020/08/10 09:11:47 kid1| Done reading /var/squid/cache swaplog (0 entries)
2020/08/10 09:11:47 kid1| Store rebuilding is 0.00% complete
2020/08/10 09:11:47 kid1| Finished rebuilding storage from disk.
2020/08/10 09:11:47 kid1|         0 Entries scanned
2020/08/10 09:11:47 kid1|         0 Invalid entries.
2020/08/10 09:11:47 kid1|         0 With invalid flags.
2020/08/10 09:11:47 kid1|         0 Objects loaded.
2020/08/10 09:11:47 kid1|         0 Objects expired.
2020/08/10 09:11:47 kid1|         0 Objects cancelled.
2020/08/10 09:11:47 kid1|         0 Duplicate URLs purged.
2020/08/10 09:11:47 kid1|         0 Swapfile clashes avoided.
2020/08/10 09:11:47 kid1|   Took 0.07 seconds (  0.00 objects/sec).
2020/08/10 09:11:47 kid1| Beginning Validation Procedure
2020/08/10 09:11:47 kid1|   Completed Validation Procedure
2020/08/10 09:11:47 kid1|   Validated 0 Entries
2020/08/10 09:11:47 kid1|   store_swap_size = 0.00 KB
2020/08/10 09:11:48| SendEcho ERROR: sending to ICMPv6 packet to [2a01:111:f100:9001::1761:945a]: (65) No route to host
2020/08/10 09:11:48 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/08/10 09:11:48 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:48 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/08/10 09:11:48 kid1| Service Name: squid
2020/08/10 09:11:48 kid1| Process ID 31602
2020/08/10 09:11:48 kid1| Process Roles: worker
2020/08/10 09:11:48 kid1| With 57276 file descriptors available
2020/08/10 09:11:48 kid1| Initializing IP Cache...
2020/08/10 09:11:48 kid1| DNS Socket created at [::], FD 5
2020/08/10 09:11:48 kid1| DNS Socket created at 0.0.0.0, FD 9
2020/08/10 09:11:48 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2020/08/10 09:11:48 kid1| Adding nameserver 192.168.16.12 from /etc/resolv.conf
2020/08/10 09:11:48 kid1| Adding nameserver 192.168.16.1 from /etc/resolv.conf
2020/08/10 09:11:48 kid1| Adding domain suciupopa.ro from /etc/resolv.conf
2020/08/10 09:11:48 kid1| helperOpenServers: Starting 5/128 'security_file_certgen' processes
2020/08/10 09:11:48 kid1| helperOpenServers: Starting 8/16 'squidGuard' processes
2020/08/10 09:11:48 kid1| Logfile: opening log /var/squid/logs/access.log
2020/08/10 09:11:48 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/squid/logs/access.log'
2020/08/10 09:11:48 kid1| Unlinkd pipe opened on FD 42
2020/08/10 09:11:48 kid1| Store logging disabled
2020/08/10 09:11:48 kid1| Swap maxSize 102400 + 65536 KB, estimated 12918 objects
2020/08/10 09:11:48 kid1| Target number of buckets: 645
2020/08/10 09:11:48 kid1| Using 8192 Store buckets
2020/08/10 09:11:48 kid1| Max Mem  size: 65536 KB
2020/08/10 09:11:48 kid1| Max Swap size: 102400 KB
2020/08/10 09:11:48 kid1| Rebuilding storage in /var/squid/cache (dirty log)
2020/08/10 09:11:48 kid1| Using Least Load store dir selection
2020/08/10 09:11:48 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:48 kid1| Finished loading MIME types and icons.
2020/08/10 09:11:48 kid1| HTCP Disabled.
2020/08/10 09:11:48 kid1| Pinger socket opened on FD 48
2020/08/10 09:11:49| pinger: Initialising ICMP pinger ...
2020/08/10 09:11:49| pinger: ICMP socket opened.
2020/08/10 09:11:49| pinger: ICMPv6 socket opened
2020/08/10 09:11:49 kid1| NETDB state reloaded; 703 entries, 59 msec
2020/08/10 09:11:49 kid1| Squid plugin modules loaded: 0
2020/08/10 09:11:49 kid1| Adaptation support is off.
2020/08/10 09:11:49 kid1| Accepting SSL bumped HTTP Socket connections at local=192.168.16.22:3128 remote=[::] FD 45 flags=9
2020/08/10 09:11:49 kid1| Accepting HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 46 flags=9
2020/08/10 09:11:49 kid1| Done reading /var/squid/cache swaplog (0 entries)
2020/08/10 09:11:49 kid1| Store rebuilding is 0.00% complete
2020/08/10 09:11:49 kid1| Finished rebuilding storage from disk.
2020/08/10 09:11:49 kid1|         0 Entries scanned
2020/08/10 09:11:49 kid1|         0 Invalid entries.
2020/08/10 09:11:49 kid1|         0 With invalid flags.
2020/08/10 09:11:49 kid1|         0 Objects loaded.
2020/08/10 09:11:49 kid1|         0 Objects expired.
2020/08/10 09:11:49 kid1|         0 Objects cancelled.
2020/08/10 09:11:49 kid1|         0 Duplicate URLs purged.
2020/08/10 09:11:49 kid1|         0 Swapfile clashes avoided.
2020/08/10 09:11:49 kid1|   Took 0.08 seconds (  0.00 objects/sec).
2020/08/10 09:11:49 kid1| Beginning Validation Procedure
2020/08/10 09:11:49 kid1|   Completed Validation Procedure
2020/08/10 09:11:49 kid1|   Validated 0 Entries
2020/08/10 09:11:49 kid1|   store_swap_size = 0.00 KB
2020/08/10 09:11:49| SendEcho ERROR: sending to ICMPv6 packet to [2a01:111:f100:9001::1761:945a]: (65) No route to host
2020/08/10 09:11:49 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/08/10 09:11:49 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:49 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/08/10 09:11:49 kid1| Service Name: squid
2020/08/10 09:11:49 kid1| Process ID 39820
2020/08/10 09:11:49 kid1| Process Roles: worker
2020/08/10 09:11:49 kid1| With 57276 file descriptors available
2020/08/10 09:11:49 kid1| Initializing IP Cache...
2020/08/10 09:11:49 kid1| DNS Socket created at [::], FD 5
2020/08/10 09:11:49 kid1| DNS Socket created at 0.0.0.0, FD 9
2020/08/10 09:11:49 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2020/08/10 09:11:49 kid1| Adding nameserver 192.168.16.12 from /etc/resolv.conf
2020/08/10 09:11:49 kid1| Adding nameserver 192.168.16.1 from /etc/resolv.conf
2020/08/10 09:11:49 kid1| Adding domain suciupopa.ro from /etc/resolv.conf
2020/08/10 09:11:49 kid1| helperOpenServers: Starting 5/128 'security_file_certgen' processes
2020/08/10 09:11:49 kid1| helperOpenServers: Starting 8/16 'squidGuard' processes
2020/08/10 09:11:49 kid1| Logfile: opening log /var/squid/logs/access.log
2020/08/10 09:11:49 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/squid/logs/access.log'
2020/08/10 09:11:50 kid1| Unlinkd pipe opened on FD 42
2020/08/10 09:11:50 kid1| Store logging disabled
2020/08/10 09:11:50 kid1| Swap maxSize 102400 + 65536 KB, estimated 12918 objects
2020/08/10 09:11:50 kid1| Target number of buckets: 645
2020/08/10 09:11:50 kid1| Using 8192 Store buckets
2020/08/10 09:11:50 kid1| Max Mem  size: 65536 KB
2020/08/10 09:11:50 kid1| Max Swap size: 102400 KB
2020/08/10 09:11:50 kid1| Rebuilding storage in /var/squid/cache (dirty log)
2020/08/10 09:11:50 kid1| Using Least Load store dir selection
2020/08/10 09:11:50 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:50 kid1| Finished loading MIME types and icons.
2020/08/10 09:11:50 kid1| HTCP Disabled.
2020/08/10 09:11:50| pinger: Initialising ICMP pinger ...
2020/08/10 09:11:50| pinger: ICMP socket opened.
2020/08/10 09:11:50| pinger: ICMPv6 socket opened
2020/08/10 09:11:50 kid1| Pinger socket opened on FD 48
2020/08/10 09:11:50 kid1| NETDB state reloaded; 703 entries, 48 msec
2020/08/10 09:11:50 kid1| Squid plugin modules loaded: 0
2020/08/10 09:11:50 kid1| Adaptation support is off.
2020/08/10 09:11:50 kid1| Accepting SSL bumped HTTP Socket connections at local=192.168.16.22:3128 remote=[::] FD 45 flags=9
2020/08/10 09:11:50 kid1| Accepting HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 46 flags=9
2020/08/10 09:11:50 kid1| Done reading /var/squid/cache swaplog (0 entries)
2020/08/10 09:11:50 kid1| Store rebuilding is 0.00% complete
2020/08/10 09:11:50 kid1| Finished rebuilding storage from disk.
2020/08/10 09:11:50 kid1|         0 Entries scanned
2020/08/10 09:11:50 kid1|         0 Invalid entries.
2020/08/10 09:11:50 kid1|         0 With invalid flags.
2020/08/10 09:11:50 kid1|         0 Objects loaded.
2020/08/10 09:11:50 kid1|         0 Objects expired.
2020/08/10 09:11:50 kid1|         0 Objects cancelled.
2020/08/10 09:11:50 kid1|         0 Duplicate URLs purged.
2020/08/10 09:11:50 kid1|         0 Swapfile clashes avoided.
2020/08/10 09:11:50 kid1|   Took 0.07 seconds (  0.00 objects/sec).
2020/08/10 09:11:50 kid1| Beginning Validation Procedure
2020/08/10 09:11:50 kid1|   Completed Validation Procedure
2020/08/10 09:11:50 kid1|   Validated 0 Entries
2020/08/10 09:11:50 kid1|   store_swap_size = 0.00 KB
2020/08/10 09:11:50 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"
2020/08/10 09:11:50 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:50 kid1| Starting Squid Cache version 4.10 for amd64-portbld-freebsd11.3...
2020/08/10 09:11:50 kid1| Service Name: squid
2020/08/10 09:11:50 kid1| Process ID 42924
2020/08/10 09:11:50 kid1| Process Roles: worker
2020/08/10 09:11:50 kid1| With 57276 file descriptors available
2020/08/10 09:11:50 kid1| Initializing IP Cache...
2020/08/10 09:11:50 kid1| DNS Socket created at [::], FD 5
2020/08/10 09:11:50 kid1| DNS Socket created at 0.0.0.0, FD 9
2020/08/10 09:11:50 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2020/08/10 09:11:50 kid1| Adding nameserver 192.168.16.12 from /etc/resolv.conf
2020/08/10 09:11:50 kid1| Adding nameserver 192.168.16.1 from /etc/resolv.conf
2020/08/10 09:11:50 kid1| Adding domain suciupopa.ro from /etc/resolv.conf
2020/08/10 09:11:50 kid1| helperOpenServers: Starting 5/128 'security_file_certgen' processes
2020/08/10 09:11:50 kid1| helperOpenServers: Starting 8/16 'squidGuard' processes
2020/08/10 09:11:50 kid1| Logfile: opening log /var/squid/logs/access.log
2020/08/10 09:11:50 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/squid/logs/access.log'
2020/08/10 09:11:51 kid1| Unlinkd pipe opened on FD 42
2020/08/10 09:11:51 kid1| Store logging disabled
2020/08/10 09:11:51 kid1| Swap maxSize 102400 + 65536 KB, estimated 12918 objects
2020/08/10 09:11:51 kid1| Target number of buckets: 645
2020/08/10 09:11:51 kid1| Using 8192 Store buckets
2020/08/10 09:11:51 kid1| Max Mem  size: 65536 KB
2020/08/10 09:11:51 kid1| Max Swap size: 102400 KB
2020/08/10 09:11:51 kid1| Rebuilding storage in /var/squid/cache (dirty log)
2020/08/10 09:11:51 kid1| Using Least Load store dir selection
2020/08/10 09:11:51 kid1| Current Directory is /usr/local/www
2020/08/10 09:11:51 kid1| Finished loading MIME types and icons.
2020/08/10 09:11:51 kid1| HTCP Disabled.
2020/08/10 09:11:51| pinger: Initialising ICMP pinger ...
2020/08/10 09:11:51| pinger: ICMP socket opened.
2020/08/10 09:11:51| pinger: ICMPv6 socket opened
2020/08/10 09:11:51 kid1| Pinger socket opened on FD 48
2020/08/10 09:11:51 kid1| NETDB state reloaded; 703 entries, 47 msec
2020/08/10 09:11:51 kid1| Squid plugin modules loaded: 0
2020/08/10 09:11:51 kid1| Adaptation support is off.
2020/08/10 09:11:51 kid1| Accepting SSL bumped HTTP Socket connections at local=192.168.16.22:3128 remote=[::] FD 45 flags=9
2020/08/10 09:11:51 kid1| Accepting HTTP Socket connections at local=127.0.0.1:3128 remote=[::] FD 46 flags=9
2020/08/10 09:11:51 kid1| Done reading /var/squid/cache swaplog (0 entries)
2020/08/10 09:11:51 kid1| Store rebuilding is 0.00% complete
2020/08/10 09:11:51 kid1| Finished rebuilding storage from disk.
2020/08/10 09:11:51 kid1|         0 Entries scanned
2020/08/10 09:11:51 kid1|         0 Invalid entries.
2020/08/10 09:11:51 kid1|         0 With invalid flags.
2020/08/10 09:11:51 kid1|         0 Objects loaded.
2020/08/10 09:11:51 kid1|         0 Objects expired.
2020/08/10 09:11:51 kid1|         0 Objects cancelled.
2020/08/10 09:11:51 kid1|         0 Duplicate URLs purged.
2020/08/10 09:11:51 kid1|         0 Swapfile clashes avoided.
2020/08/10 09:11:51 kid1|   Took 0.07 seconds (  0.00 objects/sec).
2020/08/10 09:11:51 kid1| Beginning Validation Procedure
2020/08/10 09:11:51 kid1|   Completed Validation Procedure
2020/08/10 09:11:51 kid1|   Validated 0 Entries
2020/08/10 09:11:51 kid1|   store_swap_size = 0.00 KB
2020/08/10 09:11:51 kid1| assertion failed: http.cc:1533: "!Comm::MonitorsRead(serverConnection->fd)"

  • @coffeelover I have finally found the problem. I have isolated a computer from the internal network which had a «Adobe Creative Cloud» client installed ant put in autostart. Every time that program launched it would crash squid. I was not able (i dodn’t have the time) to investigate all that addresses that program was trying to reach. As soon as i uninstalled the program 9’o clock squid crash disappeared!
    I so over the internet similar problems with different sites but does did not manifest on my squid version.
    The squid crashed befor it could write in log the offending url and only with FW logging was to cumber stone to find out.
    Thank you again.

    • Источник

    Понравилась статья? Поделить с друзьями:
  • Send unlock command error
  • Send error txt to kernel server
  • Send error response java
  • Send error laravel
  • Send error 1103