squid3 no longer working after upgrade to jessie

by .pQd
tech, unimportant

on one of the servers i’ve just upgraded to jessie i got my squid3 bricked. i could see the process in ps, yet it did not listen on tcp/3128:

root     27052  0.0  0.4  15616  4608 ?        Ss   13:26   0:00 /usr/sbin/squid3 -YC -f /etc/squid3/squid.conf
proxy    27055  0.0  1.8  46252 18884 ?        S    13:26   0:00  \_ (squid-1) -YC -f /etc/squid3/squid.conf
proxy    27346  0.0  0.1   3976  1540 ?        S    13:26   0:00      \_ (unlinkd)
root@xxx:~# netstat -lanp|grep -i squid
udp        0      0 0.0.0.0:60645           0.0.0.0:*                           27055/(squid-1)
udp6       0      0 ::1:47148               ::1:47700               ESTABLISHED 27055/(squid-1)
udp6       0      0 ::1:47700               ::1:47148               ESTABLISHED 27055/(squid-1)
udp6       0      0 :::57554                :::*                                27055/(squid-1)
unix  2      [ ]         DGRAM                    51792115 27052/squid3

restarting it did not give anything interesting in /var/log/squid3/cache.log:

2015/06/20 13:59:42 kid1| Current Directory is /
2015/06/20 13:59:42 kid1| Starting Squid Cache version 3.4.8 for i586-pc-linux-gnu...
2015/06/20 13:59:42 kid1| Process ID 16296
2015/06/20 13:59:42 kid1| Process Roles: worker
2015/06/20 13:59:42 kid1| With 65535 file descriptors available
2015/06/20 13:59:42 kid1| Initializing IP Cache...
2015/06/20 13:59:42 kid1| DNS Socket created at [::], FD 7
2015/06/20 13:59:42 kid1| DNS Socket created at 0.0.0.0, FD 8
2015/06/20 13:59:42 kid1| Adding domain i.mbnd.eu from /etc/resolv.conf
2015/06/20 13:59:42 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2015/06/20 13:59:42 kid1| Logfile: opening log /var/log/squid3/access.log
2015/06/20 13:59:42 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/log/squid3/access.log'
2015/06/20 13:59:43 kid1| Unlinkd pipe opened on FD 13
2015/06/20 13:59:43 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2015/06/20 13:59:43 kid1| Logfile: opening log /var/log/squid3/store.log
2015/06/20 13:59:43 kid1| WARNING: log name now starts with a module name. Use 'stdio:/var/log/squid3/store.log'
2015/06/20 13:59:43 kid1| Swap maxSize 1024 + 131072 KB, estimated 2641 objects
2015/06/20 13:59:43 kid1| Target number of buckets: 132
2015/06/20 13:59:43 kid1| Using 8192 Store buckets
2015/06/20 13:59:43 kid1| Max Mem  size: 131072 KB
2015/06/20 13:59:43 kid1| Max Swap size: 1024 KB
2015/06/20 13:59:43 kid1| Rebuilding storage in /var/spool/squid3/ (dirty log)
2015/06/20 13:59:43 kid1| Using Least Load store dir selection
2015/06/20 13:59:43 kid1| Current Directory is /
2015/06/20 13:59:43 kid1| Finished loading MIME types and icons.
2015/06/20 13:59:43 kid1| HTCP Disabled.
2015/06/20 13:59:43| pinger: Initialising ICMP pinger ...
2015/06/20 13:59:43| pinger: ICMP socket opened.
2015/06/20 13:59:43| pinger: ICMPv6 socket opened

after a while of clueless googling i thought – maybe there’s some problem with communication over loopback. and there it was – it seems that under wheezy it was going over 127.0.0.1 [or maybe a unix socket?] and under jessie it went via ::1; i had badly written firewall that had:

ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT

but lacked:

ip6tables -A INPUT -i lo -j ACCEPT

problem solved; squid works!

Leave a Reply

Your email address will not be published. Required fields are marked *

(Spamcheck Enabled)