I'd like to better understand what squid is complaining about
when it's restarted and more importantly how/what to correct
the squid.conf entries.
What I've done thus far:
I moved the machine(corona)
from network A(miltoy) to network B(yoderst)
squid complained with: parseConfigFile: line 95
unrecognized: 'tcp_incoming_address 10.28.248.123'
since I know next to nothing about what "parseConfigFile" means
I edited line 95 to match the interfaces new IP(192.168.4.4)
and added yoderst wherever I saw miltoy
TIA
--ChuckS
output from:
root@corona <mailto:root@corona>:~# /etc/init.d/squid restart
Restarting proxy server: 2003/12/06 09:15:00| parseConfigFile: line 95
unrecognized: 'tcp_incoming_address 192.168.4.4'
2003/12/06 09:15:00| squid.conf line 1037: http_access allow manager
localhost miltoy yoderst corona
2003/12/06 09:15:00| aclParseAccessLine: ACL name 'yoderst' not found.
2003/12/06 09:15:00| squid.conf line 1046: http_access allow yoderst
2003/12/06 09:15:00| aclParseAccessLine: ACL name 'yoderst' not found.
2003/12/06 09:15:00| squid.conf line 1046: http_access allow yoderst
2003/12/06 09:15:00| aclParseAccessLine: Access line contains no
ACL's,
skippingsquid.
excerpts from squid.conf:
<snip>
# TAG: udp_incoming_address
# TAG: udp_outgoing_address
# Usage: tcp_incoming_address 10.20.30.40
# udp_outgoing_address fully.qualified.domain.name
#
# tcp_incoming_address is used for the HTTP socket which accepts
# connections from clients and other caches.
# tcp_outgoing_address is used for connections made to remote
# servers and other caches.
# udp_incoming_address is used for the ICP socket receiving packets
# from other caches.
# udp_outgoing_address is used for ICP packets sent out to other
# caches.
#
# The default behaviour is to not bind to any specific address.
#
# NOTE, udp_incoming_address and udp_outgoing_address can not
# have the same value (unless it is 0.0.0.0) since they both use
# port 3130.
#
tcp_incoming_address 192.168.4.4
#tcp_incoming_address 127.0.0.1
#tcp_outgoing_address 0.0.0.0
udp_incoming_address 192.168.4.4
#udp_outgoing_address 0.0.0.0
<snip>
# ACCESS CONTROLS
# --------------------------------------------------------------------
---------
# TAG: acl
# Defining an Access List
#
# acl aclname acltype string1 ...
# acl aclname acltype "file" ...
#
# when using "file", the file should contain one item per line
#
# acltype is one of src dst srcdomain dstdomain url_pattern
# urlpath_pattern time port proto method browser user
#
# By default, regular expressions are CASE-SENSITIVE. To make
# them case-insensitive, use the -i option.
#
# acl aclname src ip-address/netmask ... (clients IP address)
# acl aclname src addr1-addr2/netmask ... (range of addresses)
# acl aclname dst ip-address/netmask ... (URL host's IP address)
# acl aclname myip ip-address/netmask ... (local socket IP address)
#
# acl aclname srcdomain foo.com ... # reverse lookup, client IP
# acl aclname dstdomain foo.com ... # Destination server from URL
# acl aclname srcdom_regex [-i] xxx ... # regex matching client name
# acl aclname dstdom_regex [-i] xxx ... # regex matching server
# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# # based URL is used. The name "none" is used if the reverse lookup
# # fails.
#
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2
# acl aclname url_regex [-i] ^http:// ... # regex matching on whole
URL
# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL
path
# acl aclname port 80 70 21 ...
# acl aclname port 0-1024 ... # ranges allowed
# acl aclname proto HTTP FTP ...
# acl aclname method GET POST ...
# acl aclname browser [-i] regexp
# # pattern match on User-Agent header
# acl aclname ident username ...
# # string match on ident output.
# # use REQUIRED to accept any non-null ident.
# acl aclname src_as number ...
# acl aclname dst_as number ...
# # Except for access control, AS numbers can be used for
# # routing of requests to specific caches. Here's an
# # example for routing all requests for AS#1241 and only
# # those to mycache.mydomain.net:
# # acl asexample dst_as 1241
# # cache_peer_access mycache.mydomain.net allow asexample
# # cache_peer_access mycache_mydomain.net deny all
#
# acl aclname proxy_auth username ...
# # list of valid usernames
# # use REQUIRED to accept any valid username.
# #
# # NOTE: when a Proxy-Authentication header is sent but it is not
# # needed during ACL checking the username is NOT logged
# # in access.log.
# #
# # NOTE: proxy_auth requires a EXTERNAL authentication program
# # to check username/password combinations (see
# # authenticate_program).
# #
# # WARNING: proxy_auth can't be used in a transparent proxy. It
# # collides with any authentication done by origin servers. It may
# # seem like it works at first, but it doesn't.
#
# acl aclname snmp_community string ...
# # A community string to limit access to your SNMP Agent
# # Example:
# #
# # acl snmppublic snmp_community public
#
#
#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth 300
#
#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl miltoy src 192.168.4.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl corona src 192.168.4.4/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# Access to the ICP port:
# icp_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to allow
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default configuration:
#http_access deny manager
http_access allow manager localhost miltoy yoderst corona
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localhost
#http_access deny all
http_access allow miltoy
http_access allow yoderst
#http_access allow all
# TAG: icp_access
# Reply to all ICP queries we receive
#
icp_access allow all
# TAG: miss_access
# Use to force your neighbors to use you as a sibling instead of
# a parent. For example:
#
# acl localclients src 172.16.0.0/16
# miss_access allow localclients
# miss_access deny !localclients
#
# This means that only your local clients are allowed to fetch
# MISSES and all other clients can only fetch HITS.
#
# By default, allow all clients who passed the http_access rules
# to fetch MISSES from us.
miss_access allow all
# TAG: cache_peer_access
# Similar to 'cache_peer_domain' but provides more flexibility by
# using ACL elements.
#
# cache_peer_access cache-host allow|deny [!]aclname ...
#
# The syntax is identical to 'http_access' and the other lists of
# ACL elements. See the comments for 'http_access' below, or
# the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/FAQ-10.html).
# TAG: proxy_auth_realm
# Specifies the realm name which is to be reported to the client for
# proxy authentication (part of the text the user will see when
# prompted their username and password).
#
#proxy_auth_realm Squid proxy-caching web server
Received on Wed Dec 10 2003 - 14:39:49 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:09 MST