Skip to main content
Home  › ... Technotes
SuperUser Account
/ Categories: Security, Linux

Fault finding guide for the HTTP transparent proxy solution

Basic Fault Finding Guide for the Transparent Proxy Solution

1. Squid Services

The Squid service itself is configured by a text file in /etc/squid3/squid.conf. This is read at service start-up.

Are the Squid services running?

netstat –an | more

Verify that there is a listener for both port 3128 and port 8800. If not start Squid and check again.

sudo service squid3 start

2. Check that all interfaces are up

Squid uses a GRE tunnel to receive redirected traffic from the firewall. This is created on boot using the start-up script /etc/rc.local

Check interfaces - there should be 3 – lo, eth0 and wccp0

ifconfig

Check the GRE tunnels – there should be 2 – gre0 and wccp0

sudo iptunnel show

If the wccp0 interface is missing recreate it

sudo modprobe ip_gre

sudo ip tunnel add wccp0 mode gre remote a.b.c.215 local a.b.c.152 dev eth0

3. Reload firewall rules

If still not working, reapply the firewall redirection rule that redirects incoming port 80 traffic to the transparent proxy port 8800. This rule is stored in /etc/iptables/rules.v4 and is loaded automatically by the iptables-persistent service.

Reload Firewall Rules

sudo service iptables-persistent start

Or manually recreate the rule

iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j DNAT --to-destination a.b.c.152:8800

4. Check that there is disk space

Squid will stop if it cannot write to its log files. The log files are set to automatically rotate and the Squid cache is limited to 2Gb of disk space but there is only 20Gb of disk space so it would be possible to fill it over time. The Squid log is stored in /var/log/squid3/access.log 

Check disk space

df -Th

All Linux commands are case sensitive.

Previous Article HTTP Transparent Proxy using a Cisco ASA firewall and a Squid proxy server Part Two
Next Article Restoring administrative rights on a SQL installation
Print
3998 Rate this article:
No rating
Please login or register to post comments.