Fault finding guide for the HTTP transparent proxy solution
Basic Fault Finding Guide for the Transparent Proxy Solution
1. Squid Services
The Squid service itself is configured by a text file in /etc/squid3/squid.conf. This is read at service start-up.
Are the Squid services running?
netstat –an | more
Verify that there is a listener for both port 3128 and port 8800. If not start Squid and check again.
sudo service squid3 start
2. Check that all interfaces are up
Squid uses a GRE tunnel to receive redirected traffic from the firewall. This is created on boot using the start-up script /etc/rc.local
Check interfaces - there should be 3 – lo, eth0 and wccp0
Check the GRE tunnels – there should be 2 – gre0 and wccp0
sudo iptunnel show
If the wccp0 interface is missing recreate it
sudo modprobe ip_gre
sudo ip tunnel add wccp0 mode gre remote a.b.c.215 local a.b.c.152 dev eth0
3. Reload firewall rules
If still not working, reapply the firewall redirection rule that redirects incoming port 80 traffic to the transparent proxy port 8800. This rule is stored in /etc/iptables/rules.v4 and is loaded automatically by the iptables-persistent service.
Reload Firewall Rules
sudo service iptables-persistent start
Or manually recreate the rule
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j DNAT --to-destination a.b.c.152:8800
4. Check that there is disk space
Squid will stop if it cannot write to its log files. The log files are set to automatically rotate and the Squid cache is limited to 2Gb of disk space but there is only 20Gb of disk space so it would be possible to fill it over time. The Squid log is stored in /var/log/squid3/access.log
Check disk space
All Linux commands are case sensitive.