[squid-users] squid with multiple ips is listenting to some ips with port and not all of ips ??!!

Ahmed Allzaeem ahmed.zaeem at netstream.ps
Sat Dec 20 20:43:25 UTC 2014 

Hi Guys I thunk I found the reason . but didn't fix it now !!!

 

I ran squid in debug mode and I had :

014/12/20 05:38:23| WARNING: You have too many 'http_port' lines.

2014/12/20 05:38:23|          The limit is 128

2014/12/20 05:38:23| WARNING: You have too many 'http_port' lines.

2014/12/20 05:38:23|          The limit is 128

2014/12/20 05:38:23| WARNING: You have too many 'http_port' lines.

2014/12/20 05:38:23|          The limit is 128

2014/12/20 05:38:23| WARNING: You have too many 'http_port' lines.

 

 

As we see there is limitation to 128 ips ,

How can I increase this value ???

 

 

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of Ahmed Allzaeem
Sent: Saturday, December 20, 2014 11:16 AM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] squid with multiple ips is listenting to some ips
with port and not all of ips ??!!

 

Hi

 

Recently I have a squid with 256 ips installed on a proxy server.

 

The issue that we have is I added about 256 .

 

 

The ips are diversie in ranges and I can ping all of them from outside

 

 

Bur the problem is only with squid !!

 

Squid whrn it start .it only listen to sort of ips , not all of the ips.

 

I check that by the command :

Netstat -ant | grep LISTEN

 

I can see only some of ips

 

As can example , in squid.conf there is about 240 ips listening 

But the real that getting listenting is about 130 ips ??!!!

 

 

The port tanges of the ips is from 2400 tcp to 2460 

I mean , ip #  1 listen to port 2400

Ip # 2  listen to port 2401

And so on..

But im wondering why the proxy is not let the other ips up !!!

Why only 130 ips from 240 is up with ip:port and other is not working and
not connecting ??!!!

Im sure it not iptables and I checked by tcpdump , I can see that I can
reach the proxy , but the issue with ssquid that is not letting all ips in
the conf file to be up.

 

Also im sure all ips are pingable from outide !!!

 

Here is sampel of wy I have :

I made abbreviation of  long list of ips :

 

=====================================
[root at localhost ~]# cat /etc/squid/squid.conf

# Recommended minimum configuration:

#

###########Authentication######

auth_param basic children 300

auth_param basic realm "Put your pwd"

auth_param basic program /lib/squid/basic_ncsa_auth   /etc/squid/squid_user

auth_param basic credentialsttl 2 hours

auth_param basic casesensitive off

###

acl classx proxy_auth REQUIRED

http_access allow classx

###

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
machines

acl localnet src xx0.0/16 xxx0.0/16

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

 

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

 

# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager

 

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

 

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

####################################################################

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

############################################################

# And finally deny all other access to this proxy

http_access deny all

 

 

#http_port 2400

http_port xxxx:2401
.

.

.

.

.

 

http_port xxxx:2660

# Uncomment and adjust the following to add a disk cache directory.

#cache_dir ufs /var/cache/squid 100 16 256

 

# Leave coredumps in the first cache dir

coredump_dir /var/cache/squid

 

#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

###################################################

cache_effective_user squid

cache_effective_group squid

##############################

################################################

acl ip1 myip 5x.x.x.x

.

.

.

.

..

 

acl ip260 myip xxx

################################################

################################################

tcp_outgoing_address xxx ip1

.

.

.

.

.

.

tcp_outgoing_address xxx ip260

 

#####################################################

 

 

 

 

 

Version 3.4.3

configure options:  '--prefix=/usr' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc'
'--enable-cachemgr-hostname=drx' '--localstatedir=/var'
'--libexecdir=/lib/squid' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam
,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm'
'--enable-digest-auth-helpers=ldap,password'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-arp-acl'
'--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=131072'
'--with-large-files' '--with-default-user=squid' '--enable-linux-netfilter'
'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g
-Wall -O2' '--enable-ltdl-convenience'

 

 

 

 

 

 

 

Any help ???

Could it be a kernel limitations ???

 

cheers

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141220/d7da22f0/attachment.html>

More information about the squid-users mailing list