Squid: проблемы с прозрачным прокси...
Добавлено: 2007-08-15 23:53:06
После запуска сквида в качестве прозрачного прокси все работает недолго, потом страницы грузиться резко перестают... 
cache.log
access.log заканчивается на ~1500 строк
store.log оканчивается примерно ~1400 строками
Правила ipfw (вклинил форвардинг до NAT'а, строками 400 и 450):
squid.conf:
Отключаю форвардинг на squid, ибо офису надо работать, и начинаю искать проблему...
Сначала грешил на kern.maxfiles, но
Потом на нехватку inode в разделе, но там:
Понятно, что снимать значения надо было во время запросов на сквид - завтра это сделаю, но может быть у кого уже есть идеи насчет проблемы?
Кстати, у провайдера тоже squid стоит в качестве прозрачного прокси...
cache.log
Код: Выделить всё
2007/08/15 16:38:12| Starting Squid Cache version 2.6.STABLE13 for i386-portbld-freebsd6.2...
2007/08/15 16:38:12| Process ID 24890
2007/08/15 16:38:12| With 3117 file descriptors available
2007/08/15 16:38:12| Using kqueue for the IO loop
2007/08/15 16:38:12| DNS Socket created at 0.0.0.0, port 56854, FD 5
2007/08/15 16:38:12| Adding nameserver 195.135.212.6 from /etc/resolv.conf
2007/08/15 16:38:12| Adding nameserver 195.135.212.5 from /etc/resolv.conf
2007/08/15 16:38:12| Unlinkd pipe opened on FD 10
2007/08/15 16:38:12| Swap maxSize 102400 KB, estimated 7876 objects
2007/08/15 16:38:12| Target number of buckets: 393
2007/08/15 16:38:12| Using 8192 Store buckets
2007/08/15 16:38:12| Max Mem size: 16384 KB
2007/08/15 16:38:12| Max Swap size: 102400 KB
2007/08/15 16:38:12| Rebuilding storage in /var/cache/squid (CLEAN)
2007/08/15 16:38:12| Using Least Load store dir selection
2007/08/15 16:38:12| Set Current Directory to /tmp
2007/08/15 16:38:12| Loaded Icons.
2007/08/15 16:38:12| Accepting proxy HTTP connections at 192.168.250.1, port 3128, FD 12.
2007/08/15 16:38:12| Accepting accelerated HTTP connections at 127.0.0.1, port 3128, FD 13.
2007/08/15 16:38:12| Ready to serve requests.
2007/08/15 16:38:13| Done reading /var/cache/squid swaplog (1726 entries)
2007/08/15 16:38:13| Finished rebuilding storage from disk.
2007/08/15 16:38:13| 1726 Entries scanned
2007/08/15 16:38:13| 0 Invalid entries.
2007/08/15 16:38:13| 0 With invalid flags.
2007/08/15 16:38:13| 1726 Objects loaded.
2007/08/15 16:38:13| 0 Objects expired.
2007/08/15 16:38:13| 0 Objects cancelled.
2007/08/15 16:38:13| 0 Duplicate URLs purged.
2007/08/15 16:38:13| 0 Swapfile clashes avoided.
2007/08/15 16:38:13| Took 0.7 seconds (2494.3 objects/sec).
2007/08/15 16:38:13| Beginning Validation Procedure
2007/08/15 16:38:13| Completed Validation Procedure
2007/08/15 16:38:13| Validated 1726 Entries
2007/08/15 16:38:13| store_swap_size = 11546k
2007/08/15 16:38:13| storeLateRelease: released 0 objects
2007/08/15 16:40:15| Reconfiguring Squid Cache (version 2.6.STABLE13)...
2007/08/15 16:40:15| FD 12 Closing HTTP connection
2007/08/15 16:40:15| FD 13 Closing HTTP connection
2007/08/15 16:40:15| Cache dir '/var/cache/squid' size remains unchanged at 102400 KB
2007/08/15 16:40:15| DNS Socket created at 0.0.0.0, port 62874, FD 8
2007/08/15 16:40:15| Adding nameserver 195.135.212.6 from /etc/resolv.conf
2007/08/15 16:40:15| Adding nameserver 195.135.212.5 from /etc/resolv.conf
2007/08/15 16:40:15| Accepting accelerated HTTP connections at 0.0.0.0, port 3128, FD 9.
2007/08/15 16:40:15| Loaded Icons.
2007/08/15 16:40:15| Ready to serve requests.
2007/08/15 16:42:02| Failed to select source for 'http://www.liscr.com/graphics/serviceson.jpg'
2007/08/15 16:42:02| always_direct = 0
2007/08/15 16:42:02| never_direct = 0
2007/08/15 16:42:02| timedout = 0
2007/08/15 16:47:36| Failed to select source for 'http://money.yandex.ru/i/logo.gif'
2007/08/15 16:47:36| always_direct = 0
2007/08/15 16:47:36| never_direct = 0
2007/08/15 16:47:36| timedout = 0
2007/08/15 16:47:36| Failed to select source for 'http://money.yandex.ru/i/logo76x33.gif'
2007/08/15 16:47:36| always_direct = 0
2007/08/15 16:47:36| never_direct = 0
2007/08/15 16:47:36| timedout = 0
2007/08/15 16:47:36| Failed to select source for 'http://www.atrium.reth.gr/images/01_29.gif'
2007/08/15 16:47:36| always_direct = 0
2007/08/15 16:47:36| never_direct = 0
2007/08/15 16:47:36| timedout = 0
2007/08/15 16:47:38| Failed to select source for 'http://65.39.131.71/'
2007/08/15 16:47:38| always_direct = 0
2007/08/15 16:47:38| never_direct = 0
2007/08/15 16:47:38| timedout = 0
... повторяется 28 раз ...
2007/08/15 16:47:39| Failed to select source for 'http://65.39.131.71/'
2007/08/15 16:47:39| always_direct = 0
2007/08/15 16:47:39| never_direct = 0
2007/08/15 16:47:39| timedout = 0
2007/08/15 16:47:53| Reconfiguring Squid Cache (version 2.6.STABLE13)...
2007/08/15 16:47:53| FD 9 Closing HTTP connection
2007/08/15 16:47:53| Cache dir '/var/cache/squid' size remains unchanged at 102400 KB
2007/08/15 16:47:53| DNS Socket created at 0.0.0.0, port 52065, FD 8
2007/08/15 16:47:53| Adding nameserver 195.135.212.6 from /etc/resolv.conf
2007/08/15 16:47:53| Adding nameserver 195.135.212.5 from /etc/resolv.conf
2007/08/15 16:47:53| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 9.
2007/08/15 16:47:53| Loaded Icons.
2007/08/15 16:47:53| Ready to serve requests.
2007/08/15 16:54:59| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 16:54:59| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:54:59| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 16:54:59| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:55:08| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 16:55:08| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:55:08| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 16:55:08| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:56:33| WARNING! Your cache is running out of filedescriptors
2007/08/15 16:56:49| WARNING! Your cache is running out of filedescriptors
2007/08/15 16:57:05| WARNING! Your cache is running out of filedescriptors
2007/08/15 16:57:21| WARNING! Your cache is running out of filedescriptors
2007/08/15 16:57:37| WARNING! Your cache is running out of filedescriptors
2007/08/15 16:58:04| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 16:58:04| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:58:04| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 16:58:04| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:58:40| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 16:58:40| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:58:40| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 16:58:40| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:58:45| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 16:58:45| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 16:58:45| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 16:58:45| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:00:53| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 17:00:53| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:00:53| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 17:00:53| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:03:21| parseHttpRequest: Unsupported method 'тђI=C•gЈBNп^M¦QсR‘
'
2007/08/15 17:03:21| clientReadRequest: FD 1543 (192.168.250.39:2187) Invalid Request
2007/08/15 17:14:48| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 17:14:48| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:14:48| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 17:14:48| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:15:21| WARNING! Your cache is running out of filedescriptors
2007/08/15 17:15:37| WARNING! Your cache is running out of filedescriptors
2007/08/15 17:15:53| WARNING! Your cache is running out of filedescriptors
2007/08/15 17:16:09| WARNING! Your cache is running out of filedescriptors
2007/08/15 17:16:25| WARNING! Your cache is running out of filedescriptors
2007/08/15 17:16:41| WARNING! Your cache is running out of filedescriptors
2007/08/15 17:16:49| httpAccept: FD 9: accept failure: (53) Software caused connection abort
2007/08/15 17:16:57| WARNING! Your cache is running out of filedescriptors
2007/08/15 17:16:58| parseHttpRequest: Unsupported method '=—‰{:WIYN
'
2007/08/15 17:16:58| clientReadRequest: FD 301 (192.168.250.39:2281) Invalid Request
2007/08/15 17:16:58| parseHttpRequest: Unsupported method '4[РґРcЙµ7е
'
2007/08/15 17:16:58| clientReadRequest: FD 302 (192.168.250.39:2290) Invalid Request
2007/08/15 17:16:58| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 17:16:58| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:16:58| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 17:16:58| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:17:04| comm_udp_sendto: FD 8, 195.135.212.6, port 53: (55) No buffer space available
2007/08/15 17:17:04| idnsSendQuery: FD 8: sendto: (55) No buffer space available
2007/08/15 17:17:04| comm_udp_sendto: FD 8, 195.135.212.5, port 53: (55) No buffer space available
2007/08/15 17:17:04| idnsSendQuery: FD 8: sendto: (55) No buffer space availableКод: Выделить всё
1187187423.025 179914 192.168.250.25 TCP_MISS/504 1287 GET http://65.39.131.71/ - DIRECT/65.39.131.71 text/htmlКод: Выделить всё
1187187427.064 RELEASE -1 FFFFFFFF E486DA751131C99D51DE882FA3CB7B72 504 1187187427 0 1187187427 text/html 968/968 GET http://65.39.131.71/
......
1187187598.175 RELEASE -1 FFFFFFFF AA01037D560B17F0EBEEF5B3F3E95BDD 504 1187187598 0 1187187598 text/html 968/968 GET http://65.39.131.71/Код: Выделить всё
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 fwd 127.0.0.1,3128 tcp from not me to not 192.168.0.0/24 dst-port 80
00450 allow ip from any to any
00500 divert 8668 ip4 from any to any via inet0
...Код: Выделить всё
http_port 3128 transparent
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 16 MB
maximum_object_size 8 MB
maximum_object_size_in_memory 16 KB
cache_dir ufs /var/cache/squid 100 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
shutdown_lifetime 15 seconds
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.0.0/255.255.255.0
http_access allow localhost
http_access allow lan
http_access deny all
Сначала грешил на kern.maxfiles, но
Код: Выделить всё
# pstat -T
375/8192 files
Код: Выделить всё
# df -i /var
Filesystem Size Used Avail Capacity iused ifree %iused Mounted on
/dev/ad0f 989M 341M 569M 37% 33642 107668 24% /var
Кстати, у провайдера тоже squid стоит в качестве прозрачного прокси...