squid and bonding 1

[extremedatos]

hi,

i configured my bonding on my squid sever (debian)with no bonding configure the squid works ok, but with the bonding i cant browse and page with the squid.

any ideas?

 

[IRudebwoy]

Can you ping your squid box?

Any connectivity?

 

[extremedatos]

the debian is the squid server and there is where i configured the bonding.

thanks

 

[IRudebwoy]

From another PC, can you ping your squid box by IP address?

Or, from the squid box, can you ping anything on your network by its IP address?

Gotta learn how to crawl before you can walk.

 

[extremedatos]

yes i can,, i can ping any webpage to.

 

[IRudebwoy]

Ok good. Check your logs. The file were concerned with should be located at [green][tt]/var/log/squid/access.log[/tt][/green]. As the name implies access.log contains a log of every webpage that has been accessed through your proxy. You might want to

tail -f /var/log/squid/access.log

while you're trying to get to a website from a client.

On a side note, after enabling the bonded interface have you restarted squid. It might need to rebind to the bonded interface.

What messages do the clients report when squid is broken?

 

[extremedatos]

i rebooted the hold server and the error is that they cant open any webpage or the error "configuration proxy not detected"
the access.log is blank no info.

thanks..

 

[Annihilannic]

squid is definitely running, right? You can see it in ps -ef?

What port is it listening on, 8080? If so, can you connect to that port okay from another PC? Try telnet squidhostname 8080 and see if the connection is accepted.

What browser(s) are you using? How have you configured the proxy in those browsers? Are they set up to use auto configuration?

Annihilannic.

 

[extremedatos]

im using the default port 3128 but i change it to 8080 and same issue.
im using firefox and IE 7.0 i normaly configure the ip from the proxy with the port. and im now having this issue.
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL:

http://www.gmail.com/

The following error was encountered:
•Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is webmaster.
--------------------------------------------------------------------------------
Generated Thu, 11 Mar 2010 18:57:46 GMT by squid.grupo_trabajo (squid/2.6.STABLE5)
-----------------------------------------------------------
if i telnet the squid i have this error
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "

http://www.w3.or

g/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/
html; charset=iso-8859-1">
<TITLE>ERROR: The requested URL could not be retrieved
</TITLE>
<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:ver
dana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
</HEAD><BODY>
<H1>ERROR</H1
>
<H2>The requested URL could not be retrieved</H2>
<HR noshade size="1px">
<P>Whil e trying to process the request:
<PRE>
help
</PRE>
<P>
The following error was encountered:
<UL>
<LI>
<STRONG>
Invalid Request
</ST
RONG>
</UL>

<P>
Some aspect of the HTTP Request is invalid. Possible problems:
<UL>

<LI>Missing or unknown request method
<LI>Missing URL
<LI>Missing HTTP Identifier
(HTTP/1.0)
<LI>Request is too large
<LI>Content-Length missing for POST or PUT req
uests
<LI>Illegal character in hostname; underscores are not allowed
</UL>
<P>Your
cache administrator is <A HREF="mailto:webmaster">webmaster</A>.

<BR clear="all"
>
<HR noshade size="1px">
<ADDRESS>
Generated Thu, 11 Mar 2010 18:56:20 GMT by squi
d.grupo_trabajo (squid/2.6.STABLE5)
</ADDRESS>
</BODY></HTML>

 

[extremedatos]

i did the upgrade to 2.7 and i have this error
1268333671.523 0 192.168.1.116 TCP_DENIED/400 1548 GET error:invalid-request - NONE/- text/html
1268333671.588 3 192.168.1.116 TCP_DENIED/400 1529 GET error:invalid-request - NONE/- text/html
1268333674.582 0 192.168.1.116 TCP_DENIED/400 1559 GET error:invalid-request - NONE/- text/html
1268333780.164 108 192.168.1.116 TCP_DENIED/400 1182 NONE error:unsupported-request-method - NONE/- text/html
1268333857.438 0 192.168.1.101 TCP_DENIED/403 1448 GET

http://www.google.com/

- NONE/- text/html
1268333866.879 0 192.168.1.101 TCP_DENIED/403 1446 GET

http://www.gmail.com/

- NONE/- text/html
1268334395.042 1 192.168.1.101 TCP_DENIED/403 1440 CONNECT login.live.com:443 - NONE/- text/html
1268334410.320 1 192.168.1.101 TCP_DENIED/403 1516 POST

http://www.sqm.microsoft.com/sqm/messenger/sqmserver.dll

- NONE/- text/html
1268336518.285 2 192.168.1.101 TCP_DENIED/403 1444 GET

http://www.google.com/

- NONE/- text/html
1268336833.774 1 192.168.1.101 TCP_DENIED/403 1474 GET

http://rad.msn.com/ADSAdClient31.dll?

- NONE/- text/html

 

[IRudebwoy]

You need an acl statement to allow your clients to access to proxy.

acl <acl_name> src <your.ip.client.subnet/netmask>

Then another line to use it.

http_access allow <acl_name>

 

[extremedatos]

Irudebwoy,

I did what you said and now i have this error
squid:~# tail -f /var/log/squid/access.log
1268471172.820 324 127.0.0.1 TCP_REFRESH_MISS/301 731 GET

http://www.gmail.com/

- DIRECT/209.85.195.19 text/html
1268471173.054 235 127.0.0.1 TCP_MISS/302 1144 GET

http://mail.google.com/mail/

- DIRECT/209.85.195.83 text/html
1268471173.957 573 127.0.0.1 TCP_MISS/200 3758 GET

http://crl.geotrust.com/crls/secureca.crl

- DIRECT/69.58.183.143 application/pkix-crl
1268471174.307 950 127.0.0.1 TCP_MISS/200 3487 CONNECT mail.google.com:443 - DIRECT/209.85.195.19 -
1268471238.742 65438 127.0.0.1 TCP_MISS/200 8328 CONNECT mail.google.com:443 - DIRECT/209.85.195.18 -
1268471238.742 65313 127.0.0.1 TCP_MISS/200 3839 CONNECT mail.google.com:443 - DIRECT/209.85.195.18 -
1268471238.742 65637 127.0.0.1 TCP_MISS/200 13973 CONNECT

http://www.google.com:443

- DIRECT/209.85.195.99 -
1268471238.742 65437 127.0.0.1 TCP_MISS/200 11533 CONNECT ssl.google-analytics.com:443 - DIRECT/209.85.195.97 -
1268471238.742 65338 127.0.0.1 TCP_MISS/200 7897 CONNECT mail.google.com:443 - DIRECT/209.85.195.83 -
1268471239.402 65073 127.0.0.1 TCP_MISS/200 4840 CONNECT

http://www.googleadservices.com:443

- DIRECT/209.85.195.96 -

please remember that my issue started when i did a bonding
mode=0

thanks man!!

 

[extremedatos]

this is my squid conf.

 

[IRudebwoy]

Your squid.conf works but it's a little too open for my tastes but I don't see any issues with it.

Are you trying to get more bandwidth or provide redundancy with the bonded interface?

Depending on the mode, including mode 0 (balance round-robin), you will need to configure the connecting switch(s) with Link Aggregation. Not necessarily LACP (802.3ad) but they need to function as one interface. With modes 1, 5 & 6 you don't need to do anything on the switch; active-backup, balance-tlb and balance-alb, respectively.

 

[extremedatos]

im working with mode 0 and i did the link aggregation, but still the same issue, what other mode can i use to balance the traffic?

thanks

 

[IRudebwoy]

Can you ping the bonded interface reliably?

If you have your switch(es) configured for link aggregation you should enable lacp (802.3ad) and use mode 4.

If that fails, try mode 1 or 5. I use both with no problems and I didn't have to do anything on my switches. These modes are more for reliability than increased bandwidth, including mode 6. In mode 1 one NIC is active and the other is used as backup in case the first one fails, fault tolerance. In mode 5 the transmits are load balanced while the slave receives the traffic.