on one of the servers i’ve just upgraded to jessie i got my squid3 bricked. i could see the process in ps, yet it did not listen on tcp\/3128:<\/p>\n
\r\nroot 27052 0.0 0.4 15616 4608 ? Ss 13:26 0:00 \/usr\/sbin\/squid3 -YC -f \/etc\/squid3\/squid.conf\r\nproxy 27055 0.0 1.8 46252 18884 ? S 13:26 0:00 \\_ (squid-1) -YC -f \/etc\/squid3\/squid.conf\r\nproxy 27346 0.0 0.1 3976 1540 ? S 13:26 0:00 \\_ (unlinkd)\r\nroot@xxx:~# netstat -lanp|grep -i squid\r\nudp 0 0 0.0.0.0:60645 0.0.0.0:* 27055\/(squid-1)\r\nudp6 0 0 ::1:47148 ::1:47700 ESTABLISHED 27055\/(squid-1)\r\nudp6 0 0 ::1:47700 ::1:47148 ESTABLISHED 27055\/(squid-1)\r\nudp6 0 0 :::57554 :::* 27055\/(squid-1)\r\nunix 2 [ ] DGRAM 51792115 27052\/squid3\r\n<\/pre>\nrestarting it did not give anything interesting in \/var\/log\/squid3\/cache.log:<\/p>\n
\r\n2015\/06\/20 13:59:42 kid1| Current Directory is \/\r\n2015\/06\/20 13:59:42 kid1| Starting Squid Cache version 3.4.8 for i586-pc-linux-gnu...\r\n2015\/06\/20 13:59:42 kid1| Process ID 16296\r\n2015\/06\/20 13:59:42 kid1| Process Roles: worker\r\n2015\/06\/20 13:59:42 kid1| With 65535 file descriptors available\r\n2015\/06\/20 13:59:42 kid1| Initializing IP Cache...\r\n2015\/06\/20 13:59:42 kid1| DNS Socket created at [::], FD 7\r\n2015\/06\/20 13:59:42 kid1| DNS Socket created at 0.0.0.0, FD 8\r\n2015\/06\/20 13:59:42 kid1| Adding domain i.mbnd.eu from \/etc\/resolv.conf\r\n2015\/06\/20 13:59:42 kid1| Adding nameserver 127.0.0.1 from \/etc\/resolv.conf\r\n2015\/06\/20 13:59:42 kid1| Logfile: opening log \/var\/log\/squid3\/access.log\r\n2015\/06\/20 13:59:42 kid1| WARNING: log name now starts with a module name. Use 'stdio:\/var\/log\/squid3\/access.log'\r\n2015\/06\/20 13:59:43 kid1| Unlinkd pipe opened on FD 13\r\n2015\/06\/20 13:59:43 kid1| Local cache digest enabled; rebuild\/rewrite every 3600\/3600 sec\r\n2015\/06\/20 13:59:43 kid1| Logfile: opening log \/var\/log\/squid3\/store.log\r\n2015\/06\/20 13:59:43 kid1| WARNING: log name now starts with a module name. Use 'stdio:\/var\/log\/squid3\/store.log'\r\n2015\/06\/20 13:59:43 kid1| Swap maxSize 1024 + 131072 KB, estimated 2641 objects\r\n2015\/06\/20 13:59:43 kid1| Target number of buckets: 132\r\n2015\/06\/20 13:59:43 kid1| Using 8192 Store buckets\r\n2015\/06\/20 13:59:43 kid1| Max Mem size: 131072 KB\r\n2015\/06\/20 13:59:43 kid1| Max Swap size: 1024 KB\r\n2015\/06\/20 13:59:43 kid1| Rebuilding storage in \/var\/spool\/squid3\/ (dirty log)\r\n2015\/06\/20 13:59:43 kid1| Using Least Load store dir selection\r\n2015\/06\/20 13:59:43 kid1| Current Directory is \/\r\n2015\/06\/20 13:59:43 kid1| Finished loading MIME types and icons.\r\n2015\/06\/20 13:59:43 kid1| HTCP Disabled.\r\n2015\/06\/20 13:59:43| pinger: Initialising ICMP pinger ...\r\n2015\/06\/20 13:59:43| pinger: ICMP socket opened.\r\n2015\/06\/20 13:59:43| pinger: ICMPv6 socket opened\r\n<\/pre>\nafter a while of clueless googling i thought – maybe there’s some problem with communication over loopback. and there it was – it seems that under wheezy it was going over 127.0.0.1 [or maybe a unix socket?] and under jessie it went via ::1; i had badly written firewall that had:<\/p>\n
\r\nip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\r\nip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\r\nip6tables -A OUTPUT -o lo -j ACCEPT\r\n<\/pre>\nbut lacked:<\/p>\n
\r\nip6tables -A INPUT -i lo -j ACCEPT\r\n<\/pre>\nproblem solved; squid works!<\/p>\n","protected":false},"excerpt":{"rendered":"
on one of the servers i’ve just upgraded to jessie i got my squid3 bricked. i could see the process in ps, yet it did not listen on tcp\/3128: root 27052 0.0 0.4 15616 4608 ? Ss 13:26 0:00 \/usr\/sbin\/squid3 -YC -f \/etc\/squid3\/squid.conf proxy 27055 0.0 1.8 46252 18884 ? S 13:26 0:00 \\_ (squid-1) […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,51],"tags":[],"class_list":["post-2509","post","type-post","status-publish","format-standard","hentry","category-tech","category-unimportant"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=2509"}],"version-history":[{"count":1,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2509\/revisions"}],"predecessor-version":[{"id":2510,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2509\/revisions\/2510"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=2509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=2509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=2509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}