iptables+squid WEB加速..总是出现用一会儿用不起的情况..

Oumulong

iptables+squid WEB加速..总是出现用一会儿用不起的情况..

重启之后又可了...

一直没有找到什么原因????

chenyx

负载大吗?
信息太少,没法判断

guoli0813

请贴日志

Oumulong

负载不大...最近没有出现..所有暂时提供不了日志............

谢谢楼上两位........

platinum

iptables+squid WEB加速..总是出现用一会儿用不起的情况..

重启之后又可了...

一直没有找到什么原因? ...
Oumulong 发表于 2010-07-12 20:41

http://linux.chinaunix.net/bbs/thread-750796-1-1.html

vermouth

看到底是 iptables，还是 squid

Oumulong

可以确定是SQUID..因为把IPTABLES转向SQUID的语句取消了。就一切正常。。
最近没有出现问题。。看不到日志。。。

Oumulong

这个问题又出现了。。现在把LOG。贴出来。。大家帮我看下

# cat cache.log
2010/07/22 22:41:51| Starting Squid Cache version 2.7.STABLE7 for i686-pc-linux-gnu...
2010/07/22 22:41:51| Process ID 1444
2010/07/22 22:41:51| With 1024 file descriptors available
2010/07/22 22:41:51| Using epoll for the IO loop
2010/07/22 22:41:51| DNS Socket created at 0.0.0.0, port 52946, FD 6
2010/07/22 22:41:51| Adding domain lhwy from /etc/resolv.conf
2010/07/22 22:41:51| Warning: Could not find any nameservers. Trying to use localhost
2010/07/22 22:41:51| Please check your /etc/resolv.conf file
2010/07/22 22:41:51| or use the 'dns_nameservers' option in squid.conf.
2010/07/22 22:41:51| helperOpenServers: Starting 5 'rewriter' processes
2010/07/22 22:41:51| logfileOpen: opening log /tmp1/squid/var/logs/access.log
2010/07/22 22:41:51| Unlinkd pipe opened on FD 16
2010/07/22 22:41:51| Swap maxSize 40960000 + 6144 KB, estimated 3151241 objects
2010/07/22 22:41:51| Target number of buckets: 157562
2010/07/22 22:41:51| Using 262144 Store buckets
2010/07/22 22:41:51| Max Mem  size: 6144 KB
2010/07/22 22:41:51| Max Swap size: 40960000 KB
2010/07/22 22:41:51| logfileOpen: opening log /tmp1/squid/var/logs/store.log
2010/07/22 22:41:51| Rebuilding storage in /tmp1/squid/var/cache (DIRTY)
2010/07/22 22:41:51| Using Least Load store dir selection
2010/07/22 22:41:51| Current Directory is /
2010/07/22 22:41:51| Loaded Icons.
2010/07/22 22:41:53| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 20.
2010/07/22 22:41:53| Accepting ICP messages at 0.0.0.0, port 3130, FD 21.
2010/07/22 22:41:53| WCCP Disabled.
2010/07/22 22:41:53| Ready to serve requests.
2010/07/22 22:41:53| Store rebuilding is 20.0% complete
2010/07/22 22:41:54| Done reading /tmp1/squid/var/cache swaplog (20733 entries)
2010/07/22 22:41:54| Finished rebuilding storage from disk.
2010/07/22 22:41:54|     18559 Entries scanned
2010/07/22 22:41:54|         0 Invalid entries.
2010/07/22 22:41:54|         0 With invalid flags.
2010/07/22 22:41:54|     18559 Objects loaded.
2010/07/22 22:41:54|         0 Objects expired.
2010/07/22 22:41:54|      2139 Objects cancelled.
2010/07/22 22:41:54|         0 Duplicate URLs purged.
2010/07/22 22:41:54|         0 Swapfile clashes avoided.
2010/07/22 22:41:54|   Took 2.4 seconds (7857.3 objects/sec).
2010/07/22 22:41:54| Beginning Validation Procedure
2010/07/22 22:41:54|   Completed Validation Procedure
2010/07/22 22:41:54|   Validated 16420 Entries
2010/07/22 22:41:54|   store_swap_size = 597708k
2010/07/22 22:41:55| storeLateRelease: released 0 objects

我是指定部分目标IP到SQUID ，，当然没有被指定的。。访问一切正常

platinum

没有错误日志，没有配置文件，没有拓扑描述，没有配置方法
你想让别人怎么回答你？猜吗？

Oumulong

先说一下结构...内网---路由(兼SQUID)-外网
其中我只把QQ空间的IP(是IP不是域名,SQUID还需要解释吗?)作为SQUID的目标..

配置文件
acl all src all
dns_nameservers 202.98.96.68 61.139.2.69
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
dns_nameservers 202.98.96.68 61.139.2.69
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow all
icp_access allow localnet
icp_access deny all
http_port 3128  transparent
hierarchy_stoplist cgi-bin ?
cache_mem 128 MB
maximum_object_size_in_memory 32 KB
cache_dir aufs /tmp1/squid/var/cache 80000 16 256
maximum_object_size 300 MB
minimum_object_size 512 bytes
cache_swap_low 78
cache_swap_high 89
access_log /tmp1/squid/var/logs/access.log squid
cache_log /tmp1/squid/var/logs/cache.log
cache_store_log /tmp1/squid/var/logs/store.log
log_fqdn off

#reply_body_max_size 1073741824 allow all
#client_persistent_connections off
#server_persistent_connections on
#half_closed_clients off


#acl getmethod method GET
acl store_rewrite_list2 url_regex ^http://(.*?)/wwwFlv/flv/(.*?)
#acl store_rewrite_list2 url_regex ^http://(.*?)/flv/fileid/(.*?)

acl store_rewrite_list urlpath_regex \.flv\?
acl store_rewrite_list urlpath_regex \.mp4\?
acl store_rewrite_list urlpath_regex \.flv
acl store_rewrite_list urlpath_regex \.swf
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id) \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|htm|css|js|swf|xml)\? \/ads\?
acl store_rewrite_list_web url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|swf)$

acl store_rewrite_list_web_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.com doubleclick\.net
acl QUERY2 urlpath_regex get_video\? videoplayback\? \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|htm|css|js|swf|xml)\?
cache allow QUERY2
cache allow store_rewrite_list_web_CDN

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache allow all

#storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list2
storeurl_access allow store_rewrite_list_web_CDN
storeurl_access allow store_rewrite_list_web store_rewrite_list_path
storeurl_access deny  all

storeurl_rewrite_concurrency 200
storeurl_rewrite_program /usr/bin/rewriter


refresh_pattern ^http://(.*?)/get_video\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videoplayback\? 10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?).flv\?(.*?)  10080 90% 999999 override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?).swf\?(.*?)  10080 90% 999999 override-expire ignore-no-cache ignore-private

refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id) 161280 50000% 525948 override-expire ignore-reload
refresh_pattern -i \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|mp4|flv|htm|css|js|swf|xml)(\?|$) 161280 3000% 525948 override-expire reload-into-ims

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)                                          43200 999999% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern (avgate|avira).*(idx|gz)$                               43200 999999% 43200  override-expire ignore-no-cache ignore-private
refresh_pattern kaspersky.*\.avc$                                       43200 999999% 43200  override-expire ignore-no-cache ignore-private
refresh_pattern kaspersky                                               43200 999999% 43200  override-expire ignore-no-cache ignore-private
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                        43200 999999% 43200  override-expire ignore-no-cache ignore-private
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)         43200 999999% 43200  override-expire ignore-no-cache ignore-private
refresh_pattern windowsupdate.com/.*\.(cab|exe)                         43200  999999%  129600  override-expire ignore-no-cache ignore-private
refresh_pattern update.microsoft.com/.*\.(cab|exe)                         43200  999999%  129600  override-expire ignore-no-cache ignore-private
refresh_pattern download.microsoft.com/.*\.(cab|exe)                         43200  999999%  129600  override-expire ignore-no-cache ignore-private

refresh_pattern ^ftp:                1440        20%        10080
refresh_pattern ^gopher:        1440        0%        1440
refresh_pattern -i (/cgi-bin/|\?) 0        0%        0
refresh_pattern .                0        20%        4320
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
vary_ignore_expire on
log_icp_queries off
ipcache_size 2048
ipcache_low 78
ipcache_high 89
memory_pools off
reload_into_ims on
pipeline_prefetch on

acl lanuser dst 192.168.1.0/24
delay_pools 1
delay_class 1 2
delay_access 1 allow lanuser
delay_access 1 deny all
delay_parameters 1 -1/-1 400000/640000
      

今天的情况是这样的..

QQ空间不能访问...提示.DNS不能解释....

配置文件加上DNS后..重启SQUID..可以访问QQ空间..

然后我又在配置文件中取消DNS.重启SQUID还是可以正常访问QQ空间..没有找到问题所在.....