I'm sleepy, so I am sure I'm missing something important here...
-JS
System:
FreeBSD 2.2.5-RELEASE
IPfilter 3.2.3
Squid 1.2b13 through b18
System: AMD 5x86/133, 36mb ram, maintains less than .20 load average
when operating normally
symptom: I catch localhost (127.0.0.1) spewing packets back toward a
customer's IP (I have two out of 120 that regularly cause this
problem).
Problem: Squid eats the CPU completly (0.0% idle) and squid gets VERY
slow, constantly eating more ram until my machine runs out of swap, then
it complains furiously for a few seconds, squid suicides, and all is
well
again.
Since it only happens when two out of 120 customers are on, I know there
is something funny going on. Between the two there doesn't seem to be
any relation concerning the software or hardware they are using (except
they both use Windows95, one is original release, the other is OSR2.1)
I've tried firewalling 127.0.0.0/24 in my border router, my PM2-ER, and
using ipfilter on the same box to try to control this, and it still
happens.
some logs and config files follow:
891037287.992 122613 206.136.25.197 TCP_MISS/504 995 GET
http://127.0.0.1/~jbart
a/idiot/idiot.html - DIRECT/127.0.0.1 -
891037288.002 122502 127.0.0.1 TCP_MISS/504 241 GET
http://127.0.0.1/~jbarta/idi
ot/idiot.html - DIRECT/127.0.0.1 -
891037288.002 122489 127.0.0.1 TCP_MISS/504 241 GET
http://127.0.0.1/~jbarta/idi
ot/idiot.html - DIRECT/127.0.0.1 -
(this repeats a few thousand times until I go kill -9 squid and ipnat
-F.)
%cat /etc/ipnat.cfg
rdr ed0 0.0.0.0/0 port 80 -> 206.136.25.20 port 80
rdr ed1 0.0.0.0/0 port 80 -> 206.136.25.20 port 80
ed0 is for my dialups, ed1 has a couple workstations on it, ed2 is PCI
NE2000 that goes to my main server network and out to the world.
ed0: 206.136.25.192/26
ed1: 206.136.25.128/26
ed2: 206.136.25.0/26
%cat /etc/ipf.cfg
block in on all proto tcp/udp from any to any port = 139
pass in on all proto tcp/udp from 206.136.25.0/26 to 206.136.25.128/26
block in on all proto udp all with frag
block in proto tcp all with short
block in on ed0 proto tcp/udp from any to any port = 139
block in on ed0 proto tcp/udp from any to any port = 138
block out on ed0 proto tcp/udp from any to any port = 139
block out on ed0 proto tcp/udp from any to any port = 138
pass in on ed0 proto tcp/udp from any to 206.136.25.12/32 port = 139
block in on le0 proto tcp from 127.0.0.1 to 127.0.0.1/32 port = 80
block in on ed0 proto tcp/udp from any to 127.0.0.0/24
block in on ed1 proto tcp/udp from any to 127.0.0.0/24
block in on ed2 proto tcp/udp from any to 127.0.0.0/24
and the startups system message:
Apr 3 18:29:36 jake squid[5739]: Starting Squid Cache version
1.2.beta18 for i3
86-unknown-freebsd2.2.5...
Apr 3 18:29:36 jake squid[5739]: Process ID 5739
Apr 3 18:29:37 jake squid[5739]: Unlinkd pipe opened on FD 14
Apr 3 18:29:39 jake squid[5739]: Ready to serve requests.
Needless to say I'm pissing off customers pretty quick... Serious
bummer. if I would have known it was this way I would have never dived
into this transparent proxy stuff.
Thanks guys,
Jacob Suter
Intrastellar Internet Service
Received on Fri Apr 03 1998 - 22:35:17 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:35 MST