# Squid Error



## d0ne (Feb 10, 2010)

```
2010/02/10 18:32:50| commBind: Cannot bind socket FD 27 to *:3128: (48) Address already in use
FATAL: Cannot open HTTP Port
```

I change to other por like 8080, 8081 or 8787 but same error

how to fix it ?

Thanks


----------



## VoViK (Feb 10, 2010)

Hi,
You can try this:

```
killall -9 squid
```
and try to restart  squid again.
If this don't fix the problem:

```
pkg_add -r lsof
lsof -i TCP:3128
```


----------



## DutchDaemon (Feb 10, 2010)

No need for lsof, just use sockstat(1), e.g. [cmd=]sockstat -l4p 3128[/cmd].


----------



## d0ne (Feb 10, 2010)

DutchDaemon said:
			
		

> No need for lsof, just use sockstat(1), e.g. [cmd=]sockstat -l4p 3128[/cmd].




```
2010/02/10 20:04:42| commBind: Cannot bind socket FD 27 to *:3128: (48) Address already in use
FATAL: Cannot open HTTP Port
Squid Cache (Version 2.7.STABLE7): Terminated abnormally.
CPU Usage: 0.018 seconds = 0.009 user + 0.009 sys
Maximum Resident Size: 5888 KB
Page faults with physical i/o: 0
```


```
proxy# sockstat -l4p 3128
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
squid    squid      1900  27 tcp4   *:3128
                *:*
```
in cache.log error


----------



## DutchDaemon (Feb 10, 2010)

Squid is already running. Either run `# /usr/local/etc/rc.d/squid stop` or `# squid -k shutdown`, and _wait at least one full minute before trying to start it up again_. Squid needs time to shut down its processes and file descriptors in the background. A [cmd=]tail -f /usr/local/squid/log/cache.log[/cmd] should give you enough insight to know what Squid does.

If shutting it down doesn't work, it's stuck. Use [cmd=]killall -9 squid[/cmd] as a last resort; do it twice to make sure it's really gone (you should get 'no processes found' when it's gone). If you're using *diskd* as well, run a `# killall -9 diskd` as well.


----------



## d0ne (Feb 10, 2010)

DutchDaemon said:
			
		

> Squid is already running. Either run `# /usr/local/etc/rc.d/squid stop` or `# squid -k shutdown`, and _wait at least one full minute before trying to start it up again_. Squid needs time to shut down its processes and file descriptors in the background. A [cmd=]tail -f /usr/local/squid/log/cache.log[/cmd] should give you enough insight to know what Squid does.
> 
> If shutting it down doesn't work, it's stuck. Use [cmd=]killall -9 squid[/cmd] as a last resort; do it twice to make sure it's really gone (you should get 'no processes found' when it's gone). If you're using *diskd* as well, run a `# killall -9 diskd` as well.


It's work! Thanks 

but i have more problem with cache manager (cachemgr) i can login to it but i can't check my squid coz every menu I click error like this :
ERROR
Cache Manager Access Denied

While trying to retrieve the URL: cache_object://localhost/config

The following error was encountered:

    * Cache Manager Access Denied. 

Sorry, you are not currently allowed to request:

    cache_object://localhost/config

from this cache manager until you have authenticated yourself.


----------



## DutchDaemon (Feb 10, 2010)

Well, there are plenty of examples for cachemgr in squid.conf.default or squid.conf.documented (depends on the Squid version). You need to allow access to it, e.g.

```
http_access allow manager localhost
http_access deny manager
```
is the default. You can also set a password for it:

```
cachemgr_passwd
```
.

The syntax is in those squid.conf.* files.


----------



## d0ne (Feb 10, 2010)

This my simple squid.conf :

```
cache_mgr admin
cachemgr_passwd 123456 all
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.d0ne.net
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localnet src 192.168.1.0/24
acl localcom src 11.1.1.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.1
acl SSL_ports port 443 563
acl Safe_ports port 80                # http
acl Safe_ports port 21                # ftp
acl Safe_ports port 443 563           # https, snews
acl Safe_ports port 70                # gopher
acl Safe_ports port 210               # wais
acl Safe_ports port 1025-65535        # unregistered ports
acl Safe_ports port 280               # http-mgmt
acl Safe_ports port 488               # gss-http
acl Safe_ports port 591               # filemaker
acl Safe_ports port 631               # cups
acl Safe_ports port 777               # multiling http
acl Safe_ports port 901               # SWAT
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost to_localhost
http_access deny manager
http_access deny CONNECT !SSL_ports

# my own rules
http_access allow localhost
http_access allow localnet
http_access allow localcom
# And finally deny all other access to this proxy
http_access deny all

# no X-Forwarded-For header
forwarded_for off
```

I can log in to http cache manager but I can't get any information from it coz Cache Manager Access Denied.

Thanks


----------



## DutchDaemon (Feb 10, 2010)

Well, I can't tell you more than what is in the following locations about this:

cachemgr.cgi(8)
squid(8)
The Squid Cache Manager FAQ


----------



## Myron (Feb 10, 2010)

d0ne said:
			
		

> ```
> 2010/02/10 18:32:50| commBind: Cannot bind socket FD 27 to *:3128: (48) Address already in use
> FATAL: Cannot open HTTP Port
> ```
> ...



hi done i have same problem as yours hehehe look 

```
2010/10/02 11:11:38| commBind: Cannot bind socket FD 13 to 127.0.0.1:3128: (48)                          Address already in use
2010/10/02 11:11:38| commBind: Cannot bind socket FD 13 to *:3128: (48) Address                          already in use
FATAL: Cannot open HTTP Port
Squid Cache (Version 2.7.STABLE6): Terminated abnormally.
CPU Usage: 0.017 seconds = 0.006 user + 0.011 sys
Maximum Resident Size: 4952 KB
Page faults with physical i/o: 0
Abort
```

in sockstat the result is 


```
kamote# sockstat -l4p 3128
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
squid    squid      774   13 tcp4   127.0.0.1:3128        *:*
squid    squid      774   14 tcp4   *:3128                *:*
```


----------



## d0ne (Feb 10, 2010)

Myron said:
			
		

> hi done i have same problem as yours hehehe look
> 
> ```
> 2010/10/02 11:11:38| commBind: Cannot bind socket FD 13 to 127.0.0.1:3128: (48)                          Address already in use
> ...



Hi Myron just follow this :


			
				DutchDaemon said:
			
		

> Squid is already running. Either run `# /usr/local/etc/rc.d/squid stop` or `# squid -k shutdown`, and _wait at least one full minute before trying to start it up again_. Squid needs time to shut down its processes and file descriptors in the background. A [cmd=]tail -f /usr/local/squid/log/cache.log[/cmd] should give you enough insight to know what Squid does.
> 
> If shutting it down doesn't work, it's stuck. Use [cmd=]killall -9 squid[/cmd] as a last resort; do it twice to make sure it's really gone (you should get 'no processes found' when it's gone). If you're using *diskd* as well, run a `# killall -9 diskd` as well.


----------



## d0ne (Feb 10, 2010)

DutchDaemon said:
			
		

> Well, I can't tell you more than what is in the following locations about this:
> 
> cachemgr.cgi(8)
> squid(8)
> The Squid Cache Manager FAQ



this my cache log for access cache manager :


```
proxy# tail -f /usr/local/squid/logs/cache.log
Page faults with physical i/o: 0
2010/02/10 21:57:24| CACHEMGR: <unknown>@127.0.0.1: password needed for 'menu'
2010/02/10 21:57:32| CACHEMGR: @127.0.0.1: incorrect password for 'menu'
2010/02/10 21:57:40| CACHEMGR: @127.0.0.1 requesting 'menu'
2010/02/10 21:57:42| CACHEMGR: <unknown>@127.0.0.1: password needed for 'via_headers'
2010/02/10 21:57:48| CACHEMGR: <unknown>@127.0.0.1: password needed for 'external_acl'
2010/02/10 21:57:56| CACHEMGR: <unknown>@127.0.0.1: password needed for 'counters'
```


----------



## Myron (Feb 10, 2010)

d0ne said:
			
		

> Hi Myron just follow this :



i try that it works but the problem if i reboot the box the the same problem (


----------



## DutchDaemon (Feb 10, 2010)

Myron, check you config again. You're starting two Squid sessions at the same time.


```
squid    squid      774   13 tcp4   127.0.0.1:3128        *:*
squid    squid      774   14 tcp4   *:3128                *:*
```

It is one single squid process (pid 774), but you appear to have instructed it to listen on localhost *and* all other  interfaces for some reason. You should have only one (valid) http_port statement in there.


----------



## d0ne (Feb 10, 2010)

my problem solved!

Thanks


----------



## Myron (Feb 10, 2010)

DutchDaemon said:
			
		

> Myron, check you config again. You're starting two Squid sessions at the same time.
> 
> 
> ```
> ...




dutch my suspect is i create cache directory /squidcache/squid/cache and the other one is the default /usr/local/squid/cache maybe this is the cause why is running 2 squid at the same time but my squid.conf the path directory = cache_dir diskd /squidcache/squid/cache 124000 291 256 please help


----------



## DutchDaemon (Feb 10, 2010)

d0ne said:
			
		

> my problem solved!
> 
> Thanks



Would you be so kind to share your solution? That's what forums are for: sharing solutions.


----------



## DutchDaemon (Feb 10, 2010)

Myron, post `grep -vE "(^$|^#)" /usr/local/etc/squid/squid.conf`


----------



## d0ne (Feb 10, 2010)

DutchDaemon said:
			
		

> Would you be so kind to share your solution? That's what forums are for: sharing solutions.



for cache manager I  can login only with pasword only without username but I can't access squid from it anda I relogin with username and password and.... all ok 

I hope this can help someone .... don't forget username 

Thanks for ALL


----------



## Myron (Feb 10, 2010)

DutchDaemon said:
			
		

> Myron, post `grep -vE "(^$|^#)" /usr/local/etc/squid/squid.conf`



hey dutch sori for late reply i fall asleep in my keyboard it 12 midnight  heres my simple squid.conf


```
#acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.0.0.0/24   # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
#squid config
http_port 127.0.0.1:3128 transparent
cache_dir diskd /squidcache/squid/cache 124000 291 256
cache_access_log /var/log/squid/access.log
cache_store_log none
pid_filename /var/run/squid.pid
hosts_file /etc/hosts
http_access allow localhost
acl manager proto cache_object
cache_mgr kamote.net
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
```

my rc.conf


```
defaultrouter="192.168.1.1"
hostname="kamote.net"
ifconfig_age0="inet 192.168.1.2  netmask 255.255.255.0"
linux_enable="YES"
sshd_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm age0 addm rl0 up"
ifconfig_age0="up"
ifconfig_rl0="up"
ifconfig_bridge0_alias0="inet 192.168.1.3 netmask 255.255.255.0"
squid_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
```

my pf.conf


```
web="{80:83 1080 8080:8081 8088 11523}"
set skip on lo0
rdr on $age0 inet proto tcp from any to any port $web -> 127.0.0.1 port 3128
pass in quick on $age0 route-to lo0 inet proto tcp from any to 127.0.0.1 port 31
```



my freebsd box running bridge setup


----------



## DutchDaemon (Feb 11, 2010)

Myron, please put 
	
	



```
tags around system output.
```


----------



## DutchDaemon (Feb 11, 2010)

I see no reason why Squid would listen twice.

Do note that this is rather strange:

```
ifconfig_age0="inet 192.168.1.2  netmask 255.255.255.0"
ifconfig_bridge0_alias0="inet 192.168.1.3 netmask 255.255.255.0"
```

You shouldn't have the same network on two different interfaces. Drop one of these and try again. I don't think you need an IP on the bridge, unless you're running a service on it. The IP on the age0 interface is enough to get access to the server for e.g. ssh.


----------



## Myron (Feb 12, 2010)

dutch i test again an no error but it shows 


```
Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 13.
Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 14.
```

is this normal?


----------



## DutchDaemon (Feb 12, 2010)

No, that is not normal. You only need to get this one:


```
Accepting transparently proxied HTTP connections at 127.0.0.1, port 3128, FD 13.
```


----------



## Myron (Feb 14, 2010)

damn this really strange why my box have running two squid at same time ( im gonna try this tomorrow, dont give up myron hehehe


----------



## dennylin93 (Feb 14, 2010)

DutchDaemon said:
			
		

> I see no reason why Squid would listen twice.
> 
> Do note that this is rather strange:
> 
> ...



Might be a bit of use (from the Handbook):


> If the bridge host needs an IP address then the correct place to set this is on the bridge interface itself rather than one of the member interfaces.


----------

