No nameserver and Forward loop detected.

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

No nameserver and Forward loop detected.

Suhaib Ahmad
Hello all,

I am having a problem in using Squid Cache version 2.6.STABLE12 as a
reverse-proxy server for my webserver.
Webserver is running on 192.168.7.1 and squid is running on
192.168.7.3 (public-ip:67.107.xx.xx).

My hosts config. and squid.conf details are below.
First problem is when I start the squid I gets the warning about the
'localhost' as a name server, but squid starts okay and start serving
the requests.
Second problem is over a period of time I gets 'WARNING: Forwarding
loop detected for:' entry in cache.log
which causes to squid to stop working and I have to restart the squid
to make it operational.

Can you please tell me what I'm missing here. Thanks for reading such
long loglines.

Regards,
Suhaib.


---- /etc/resolv.conf ---
# Generated by dhcpcd for interface eth0
search bms.local
nameserver localhost

---- squid.conf ----
http_port 80 transparent
cache_peer 192.168.7.1 parent 81 0 no-query originserver weight=1
http_access allow all
acl all src 0.0.0.0/0.0.0.0
icp_access allow all

---- cache.log ---- part-1

2007/06/07 10:34:58| Starting Squid Cache version 2.6.STABLE12 for
i686-pc-linux-gnu...
2007/06/07 10:34:58| Process ID 8975
2007/06/07 10:34:58| With 1024 file descriptors available
2007/06/07 10:34:58| Using epoll for the IO loop
2007/06/07 10:34:58| Performing DNS Tests...
2007/06/07 10:34:58| Successful DNS name lookup tests...
2007/06/07 10:34:58| DNS Socket created at 0.0.0.0, port 35084, FD 5
2007/06/07 10:34:58| Adding domain bms.local from /etc/resolv.conf
2007/06/07 10:34:58| Adding nameserver localhost from /etc/resolv.conf
2007/06/07 10:34:58| WARNING: rejecting 'localhost' as a name server,
because it is not a numeric IP address
2007/06/07 10:34:58| Warning: Could not find any nameservers. Trying
to use localhost
2007/06/07 10:34:58| Please check your /etc/resolv.conf file
2007/06/07 10:34:58| or use the 'dns_nameservers' option in squid.conf.
2007/06/07 10:34:58| Unlinkd pipe opened on FD 10
2007/06/07 10:34:58| Swap maxSize 102400 KB, estimated 7876 objects
2007/06/07 10:34:58| Target number of buckets: 393
2

---- cache.log ---- part-2

2007/06/05 20:42:35| WARNING: Forwarding loop detected for:
Client: 67.107.xx.xx http_port: 67.107.xx.xx:80
GET http://image.xxx.com/pms/graphics/6.05.07directresponse2r1(650x90).gif
HTTP/1.0
If-Modified-Since: Tue, 05 Jun 2007 15:15:59 GMT
If-None-Match: "19577-1181056559000"
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
User-Agent: www.clamav.net
Host: image.xxxxxxx.com
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Via: 1.1 localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
localhost.localdomain:80 (squid
/2.6.STABLE12), 1.0 localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
localhost.localdomai
n:80 (squid/2.6.STABLE12), 1.0 localhost.localdomain:80
(squid/2.6.STABLE12), 1.0 localhost.localdomain:80
(squid/2.6.STABLE12), 1.0 localhost
.localdomain:80 (squid/2.6.STABLE12), 1.0 localhost.localdomain:80
(squid/2.6.STABLE12)

X-Forwarded-For: 24.164.28.34, 67.107.xx.xx, 67.107.xx.xx,
67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx,
67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx

Cache-Control: max-age=259200
Connection: keep-alive
Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Sunil K.P.
Greetings,

Try to use nameserver 127.0.0.1 in resolv.conf file.

Regards
Sunil

----- Original Message -----
From: "Suhaib Ahmad" <[hidden email]>
To: <[hidden email]>
Sent: Thursday, June 07, 2007 11:04 AM
Subject: [squid-users] No nameserver and Forward loop detected.


> Hello all,
>
> I am having a problem in using Squid Cache version 2.6.STABLE12 as a
> reverse-proxy server for my webserver.
> Webserver is running on 192.168.7.1 and squid is running on
> 192.168.7.3 (public-ip:67.107.xx.xx).
>
> My hosts config. and squid.conf details are below.
> First problem is when I start the squid I gets the warning about the
> 'localhost' as a name server, but squid starts okay and start serving
> the requests.
> Second problem is over a period of time I gets 'WARNING: Forwarding
> loop detected for:' entry in cache.log
> which causes to squid to stop working and I have to restart the squid
> to make it operational.
>
> Can you please tell me what I'm missing here. Thanks for reading such
> long loglines.
>
> Regards,
> Suhaib.
>
>
> ---- /etc/resolv.conf ---
> # Generated by dhcpcd for interface eth0
> search bms.local
> nameserver localhost
>
> ---- squid.conf ----
> http_port 80 transparent
> cache_peer 192.168.7.1 parent 81 0 no-query originserver weight=1
> http_access allow all
> acl all src 0.0.0.0/0.0.0.0
> icp_access allow all
>
> ---- cache.log ---- part-1
>
> 2007/06/07 10:34:58| Starting Squid Cache version 2.6.STABLE12 for
> i686-pc-linux-gnu...
> 2007/06/07 10:34:58| Process ID 8975
> 2007/06/07 10:34:58| With 1024 file descriptors available
> 2007/06/07 10:34:58| Using epoll for the IO loop
> 2007/06/07 10:34:58| Performing DNS Tests...
> 2007/06/07 10:34:58| Successful DNS name lookup tests...
> 2007/06/07 10:34:58| DNS Socket created at 0.0.0.0, port 35084, FD 5
> 2007/06/07 10:34:58| Adding domain bms.local from /etc/resolv.conf
> 2007/06/07 10:34:58| Adding nameserver localhost from /etc/resolv.conf
> 2007/06/07 10:34:58| WARNING: rejecting 'localhost' as a name server,
> because it is not a numeric IP address
> 2007/06/07 10:34:58| Warning: Could not find any nameservers. Trying
> to use localhost
> 2007/06/07 10:34:58| Please check your /etc/resolv.conf file
> 2007/06/07 10:34:58| or use the 'dns_nameservers' option in squid.conf.
> 2007/06/07 10:34:58| Unlinkd pipe opened on FD 10
> 2007/06/07 10:34:58| Swap maxSize 102400 KB, estimated 7876 objects
> 2007/06/07 10:34:58| Target number of buckets: 393
> 2
>
> ---- cache.log ---- part-2
>
> 2007/06/05 20:42:35| WARNING: Forwarding loop detected for:
> Client: 67.107.xx.xx http_port: 67.107.xx.xx:80
> GET http://image.xxx.com/pms/graphics/6.05.07directresponse2r1(650x90).gif
> HTTP/1.0
> If-Modified-Since: Tue, 05 Jun 2007 15:15:59 GMT
> If-None-Match: "19577-1181056559000"
> Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
> User-Agent: www.clamav.net
> Host: image.xxxxxxx.com
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> Via: 1.1 localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
> localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
> localhost.localdomain:80 (squid
> /2.6.STABLE12), 1.0 localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
> localhost.localdomain:80 (squid/2.6.STABLE12), 1.0
> localhost.localdomai
> n:80 (squid/2.6.STABLE12), 1.0 localhost.localdomain:80
> (squid/2.6.STABLE12), 1.0 localhost.localdomain:80
> (squid/2.6.STABLE12), 1.0 localhost
> .localdomain:80 (squid/2.6.STABLE12), 1.0 localhost.localdomain:80
> (squid/2.6.STABLE12)
>
> X-Forwarded-For: 24.164.28.34, 67.107.xx.xx, 67.107.xx.xx,
> 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx,
> 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx, 67.107.xx.xx
>
> Cache-Control: max-age=259200
> Connection: keep-alive

Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Henrik Nordström
In reply to this post by Suhaib Ahmad
tor 2007-06-07 klockan 15:04 +0500 skrev Suhaib Ahmad:
> Hello all,
>
> I am having a problem in using Squid Cache version 2.6.STABLE12 as a
> reverse-proxy server for my webserver.

> http_port 80 transparent

The transparent option is for transparently intercepting Internet proxy
setups, not reverse proxying.

For reverse proxying you should use

http_port 80 accel defaultsite=your.main.website

and also the vhost option if you have multiple domains/sites.

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Suhaib Ahmad
Thanks Henrik, but without mentioning

http_port 80 accel defaultsite=your.main.website

it was working with paras
http_port 80 transparent

And any idea why the WARNING: Forwarding loop detected for:. Is this
anything todo with dns settings.

Regards,
Suhaib.






On 6/7/07, Henrik Nordstrom <[hidden email]> wrote:

> tor 2007-06-07 klockan 15:04 +0500 skrev Suhaib Ahmad:
> > Hello all,
> >
> > I am having a problem in using Squid Cache version 2.6.STABLE12 as a
> > reverse-proxy server for my webserver.
>
> > http_port 80 transparent
>
> The transparent option is for transparently intercepting Internet proxy
> setups, not reverse proxying.
>
> For reverse proxying you should use
>
> http_port 80 accel defaultsite=your.main.website
>
> and also the vhost option if you have multiple domains/sites.
>
> Regards
> Henrik
>
>
Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Slacker-4
Suhaib Ahmad, on 06/07/2007 08:37 PM [GMT+500], wrote :
>
>
> And any idea why the WARNING: Forwarding loop detected for:. Is this
> anything todo with dns settings.
check visible_hostname directive you may be sharing same names for two
proxies within same network?

Regards.
Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Henrik Nordström
In reply to this post by Suhaib Ahmad
tor 2007-06-07 klockan 20:37 +0500 skrev Suhaib Ahmad:
> Thanks Henrik, but without mentioning
>
> http_port 80 accel defaultsite=your.main.website
>
> it was working with paras
> http_port 80 transparent

transparent is almost equal to accel vhost, but not entirely. The
differences are
  - transparent supports transparent interception
  - accel requires the use of a cache_peer to forward the request.
  - transparent knows it's supposed to act as a proxy and not authorized
by the web server, therefore HTTP authentication to Squid is not allowed
to make sure the proxy admin don't unintentionally crash the HTTP
protocol.


If you are a reverse proxy you SHOULD NOT use transparent, instead use
the accelerator options (vhost, defaultsite etc..).

If you are a intercepting forward Internet proxy then you SHOULD use
transparent.

> And any idea why the WARNING: Forwarding loop detected for:. Is this
> anything todo with dns settings.

It's because your Squid thinks it is an Internet proxy and not a reverse
proxy, and therefore tries to go direct when it doesn't look like there
would be any benefit of forwarding the request via other cache peers..
and when going direct DNS tells it to talk to itself..

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Suhaib Ahmad
thanks a ton Henrik this really clears out many things. I was banging
my head for a while with this problem. Could not find the ans. on the
web. Really appreciate it.

Regards,
Suhaib.

On 6/7/07, Henrik Nordstrom <[hidden email]> wrote:

> tor 2007-06-07 klockan 20:37 +0500 skrev Suhaib Ahmad:
> > Thanks Henrik, but without mentioning
> >
> > http_port 80 accel defaultsite=your.main.website
> >
> > it was working with paras
> > http_port 80 transparent
>
> transparent is almost equal to accel vhost, but not entirely. The
> differences are
>  - transparent supports transparent interception
>  - accel requires the use of a cache_peer to forward the request.
>  - transparent knows it's supposed to act as a proxy and not authorized
> by the web server, therefore HTTP authentication to Squid is not allowed
> to make sure the proxy admin don't unintentionally crash the HTTP
> protocol.
>
>
> If you are a reverse proxy you SHOULD NOT use transparent, instead use
> the accelerator options (vhost, defaultsite etc..).
>
> If you are a intercepting forward Internet proxy then you SHOULD use
> transparent.
>
> > And any idea why the WARNING: Forwarding loop detected for:. Is this
> > anything todo with dns settings.
>
> It's because your Squid thinks it is an Internet proxy and not a reverse
> proxy, and therefore tries to go direct when it doesn't look like there
> would be any benefit of forwarding the request via other cache peers..
> and when going direct DNS tells it to talk to itself..
>
> Regards
> Henrik
>
>
Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Suhaib Ahmad
In reply to this post by Henrik Nordström
Hi Henrik,

Just need a nod from you :). I've this setup for website accel.. Can
you confirm that it would hold on and that no security lapse in it?

my apache-webserver is running on 192.168.7.1 port 80. I have squid running on
192.168.7.3 port 80. All the image urls are pointing to 7.3.

------ squid.conf --------
http_port 80 accel defaultsite=192.168.7.1
cache_peer 192.168.7.1 parent 80 0 no-query originserver weight=1
http_access allow all
acl all src 0.0.0.0/0.0.0.0
icp_access allow all

Regards,
Suhaib.

On 6/7/07, Henrik Nordstrom <[hidden email]> wrote:

> tor 2007-06-07 klockan 20:37 +0500 skrev Suhaib Ahmad:
> > Thanks Henrik, but without mentioning
> >
> > http_port 80 accel defaultsite=your.main.website
> >
> > it was working with paras
> > http_port 80 transparent
>
> transparent is almost equal to accel vhost, but not entirely. The
> differences are
>  - transparent supports transparent interception
>  - accel requires the use of a cache_peer to forward the request.
>  - transparent knows it's supposed to act as a proxy and not authorized
> by the web server, therefore HTTP authentication to Squid is not allowed
> to make sure the proxy admin don't unintentionally crash the HTTP
> protocol.
>
>
> If you are a reverse proxy you SHOULD NOT use transparent, instead use
> the accelerator options (vhost, defaultsite etc..).
>
> If you are a intercepting forward Internet proxy then you SHOULD use
> transparent.
>
> > And any idea why the WARNING: Forwarding loop detected for:. Is this
> > anything todo with dns settings.
>
> It's because your Squid thinks it is an Internet proxy and not a reverse
> proxy, and therefore tries to go direct when it doesn't look like there
> would be any benefit of forwarding the request via other cache peers..
> and when going direct DNS tells it to talk to itself..
>
> Regards
> Henrik
>
>
Reply | Threaded
Open this post in threaded view
|

Re: No nameserver and Forward loop detected.

Henrik Nordström
fre 2007-06-08 klockan 16:41 +0500 skrev Suhaib Ahmad:

> Hi Henrik,
>
> Just need a nod from you :). I've this setup for website accel.. Can
> you confirm that it would hold on and that no security lapse in it?
>
> my apache-webserver is running on 192.168.7.1 port 80. I have squid running on
> 192.168.7.3 port 80. All the image urls are pointing to 7.3.
>
> ------ squid.conf --------
> http_port 80 accel defaultsite=192.168.7.1
> cache_peer 192.168.7.1 parent 80 0 no-query originserver weight=1
> http_access allow all
> acl all src 0.0.0.0/0.0.0.0
> icp_access allow all

defaultsite should be the site name the users should put in their
browsers, not the origin server name/address. The origin server is
specified in cache_peer.

Not strictly needed unless you have other http_port lines, but for
improved security I would recommend an acl limiting which sites may be
requested instead of the "allow all".

acl mysites dstdomain list.of.accelerated.sites

http_access allow mysites
http_access deny all

If you just have a single site then the list consists of just that
single site name, same as you have in defaultsite.

REgards
Henrik

signature.asc (316 bytes) Download Attachment