BFW Firewall & Router

[JotaJunniors]

Pessoal, boa tarde.

Tenho 1 servidor bfw 3.0.262 para minha rede wifi que tem 3 rádios ubiquiti ap-lr e aproximadamente 140 usuários usando dhcp, proxy transparente, dans guardian. Ultimamente estava tudo normal, mas de ontem pra hoje meu squid esta reiniciando constantemente.

Primeiro ele travou e tive que resetar no botão, pois os usuários estavam sem internet e depois ao ver os logs do squid aparece assim abaixo:

File: 

Erro do log do Squid:

2017/02/23 11:28:03| Starting Squid Cache version 3.1.23 for x86_64-pc-linux-gnu...
2017/02/23 11:28:03| Process ID 2511
2017/02/23 11:28:03| With 65536 file descriptors available
2017/02/23 11:28:03| Initializing IP Cache...
2017/02/23 11:28:03| DNS Socket created at 0.0.0.0, FD 7
2017/02/23 11:28:03| Adding domain brazilfw.local from /etc/resolv.conf
2017/02/23 11:28:03| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2017/02/23 11:28:03| Unlinkd pipe opened on FD 12
2017/02/23 11:28:03| Store logging disabled
2017/02/23 11:28:03| Swap maxSize 8972288 + 2097152 KB, estimated 851495 objects
2017/02/23 11:28:03| Target number of buckets: 42574
2017/02/23 11:28:03| Using 65536 Store buckets
2017/02/23 11:28:03| Max Mem  size: 2097152 KB
2017/02/23 11:28:03| Max Swap size: 8972288 KB
2017/02/23 11:28:03| Version 1 of swap file with LFS support detected... 
2017/02/23 11:28:03| Rebuilding storage in /partition/squid/cache (DIRTY)
2017/02/23 11:28:03| Using Least Load store dir selection
2017/02/23 11:28:03| Set Current Directory to /partition/squid/cache
2017/02/23 11:28:03| Loaded Icons.
2017/02/23 11:28:03| Accepting  HTTP connections at 0.0.0.0:3128, FD 15.
2017/02/23 11:28:03| HTCP Disabled.
2017/02/23 11:28:03| Squid plugin modules loaded: 0
2017/02/23 11:28:03| Ready to serve requests.
2017/02/23 11:28:03| Store rebuilding is 56.61% complete
2017/02/23 11:28:03| Done reading /partition/squid/cache swaplog (7235 entries)
2017/02/23 11:28:03| Finished rebuilding storage from disk.
2017/02/23 11:28:03|      7235 Entries scanned
2017/02/23 11:28:03|         0 Invalid entries.
2017/02/23 11:28:03|         0 With invalid flags.
2017/02/23 11:28:03|      7235 Objects loaded.
2017/02/23 11:28:03|         0 Objects expired.
2017/02/23 11:28:03|         0 Objects cancelled.
2017/02/23 11:28:03|         0 Duplicate URLs purged.
2017/02/23 11:28:03|         0 Swapfile clashes avoided.
2017/02/23 11:28:03|   Took 0.03 seconds (247392.72 objects/sec).
2017/02/23 11:28:03| Beginning Validation Procedure
2017/02/23 11:28:03|   Completed Validation Procedure
2017/02/23 11:28:03|   Validated 14495 Entries
2017/02/23 11:28:03|   store_swap_size = 277760
2017/02/23 11:28:04| storeLateRelease: released 0 objects
2017/02/23 11:28:06| ipcacheParse: No Address records in response to 'ipv6.msftconnecttest.com'
2017/02/23 14:28:19| ipcacheParse: No Address records in response to 'ipv6.msftconnecttest.com'
2017/02/23 14:28:21| ipcacheParse: No Address records in response to 'ipv6.msftconnecttest.com'
2017/02/23 14:28:33| Reconfiguring Squid Cache (version 3.1.23)...
2017/02/23 14:28:33| FD 15 Closing HTTP connection
2017/02/23 14:28:33| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2017/02/23 14:28:33| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2017/02/23 14:28:33| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2017/02/23 14:28:33| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP
2017/02/23 14:28:33| Initializing https proxy context
2017/02/23 14:28:33| Squid plugin modules loaded: 0
2017/02/23 14:28:33| Store logging disabled
2017/02/23 14:28:33| DNS Socket created at 0.0.0.0, FD 8
2017/02/23 14:28:33| Adding domain brazilfw.local from /etc/resolv.conf
2017/02/23 14:28:33| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2017/02/23 14:28:33| Accepting  HTTP connections at 0.0.0.0:3128, FD 10.
2017/02/23 14:28:33| HTCP Disabled.
2017/02/23 14:28:33| Loaded Icons.
2017/02/23 14:28:33| Ready to serve requests.
2017/02/23 14:33:45| ipcacheParse: No Address records in response to 'ipv6.msftconnecttest.com'
2017/02/23 14:35:34| Reconfiguring Squid Cache (version 3.1.23)...
2017/02/23 14:35:34| FD 10 Closing HTTP connection
2017/02/23 14:35:34| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2017/02/23 14:35:34| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2017/02/23 14:35:34| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2017/02/23 14:35:34| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP
2017/02/23 14:35:34| Initializing https proxy context
2017/02/23 14:35:34| Squid plugin modules loaded: 0
2017/02/23 14:35:34| Store logging disabled
2017/02/23 14:35:34| DNS Socket created at 0.0.0.0, FD 7
2017/02/23 14:35:34| Adding domain brazilfw.local from /etc/resolv.conf
2017/02/23 14:35:34| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2017/02/23 14:35:34| Accepting  HTTP connections at 127.0.0.1:3129, FD 8.
2017/02/23 14:35:34| HTCP Disabled.
2017/02/23 14:35:34| Loaded Icons.
2017/02/23 14:35:34| Ready to serve requests.
2017/02/23 14:35:39| Reconfiguring Squid Cache (version 3.1.23)...
2017/02/23 14:35:39| FD 8 Closing HTTP connection
2017/02/23 14:35:39| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2017/02/23 14:35:39| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
2017/02/23 14:35:39| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP
2017/02/23 14:35:39| WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP
2017/02/23 14:35:39| Initializing https proxy context
2017/02/23 14:35:39| Squid plugin modules loaded: 0
2017/02/23 14:35:39| Store logging disabled
2017/02/23 14:35:39| DNS Socket created at 0.0.0.0, FD 7
2017/02/23 14:35:39| Adding domain brazilfw.local from /etc/resolv.conf
2017/02/23 14:35:39| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2017/02/23 14:35:39| Accepting  HTTP connections at 127.0.0.1:3129, FD 8.
2017/02/23 14:35:39| HTCP Disabled.
2017/02/23 14:35:39| Loaded Icons.
2017/02/23 14:35:39| Ready to serve requests.
2017/02/23 14:45:46| ipcacheParse: No Address records in response to 'ipv6.msftncsi.com'
2017/02/23 14:46:46| ipcacheParse: No Address records in response to 'ipv6.msftncsi.com'

Por favor, podem me ajudar? Já pesquisei em todo lugar e não achei solução.

Estou colocando as configurações abaixo do server abaixo:

File: 

Nome da Máquina: brazilfw
CPU: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Memória: 7.78 GiB
Versão do Firewall: 3.0.262
Kernel: 4.1.5-64
Iptables: 1.4.21
PHP: 5.6.2
Compilado em: 2016-09-19 12:59:57
Data / Hora: 2017-02-23 14:22:34
Tempo de Atividade: 0 Dia(s) 04:14:07
Disco Virtual: 3% -- Total: 3.89 GiB Usado: 131.89 MiB Livre: 3.76 GiB
Unidade /partition: 12% -- Total: 14.26 GiB Usado: 1.76 GiB Livre: 12.48 GiB

Server:

WEBADMIN_PORT='8181'
SSH_PORT='22'
ADMIN_AUTH='$1$bmCcMLgr$t9OYtcfeF/n4kYk6SjSZu1'
DNSSERVER='yes'
HOSTNAME='brazilfw'
DNS1='187.18.187.4'
DNS2='187.18.187.2'
PERSIST_LOG='no'
TIME_ZONE='America/Sao_Paulo'
CACHE_DISK='yes'
USE_QOS='no'
DHCP_SERVER='yes'
DHCP_DEFAULT_LEASE='3600'
DHCP_DNS1=''
DHCP_DNS2=''
IPUPDATE='no'
IPUPDATE_REFRESH='600'
USE_MAC_CONTROL='no'
CERTIFICATE_ISSUED_TO=''
EXTERNAL_PING='yes'
ENABLE_MYSQL='yes'
ARP_SCAN_RETRY='1'
ARP_SCAN_TIMEOUT='250'
KEYBOARD='us'
DNSFREECHOICE='no'
USE_RESTRICTION_FILE='no'
SHOW_LINK_USAGE='yes'
DMZ=''
ADDON_EXPERIMENTAL='no'
DISTRO_EXPERIMENTAL='no'
WPAD='yes'
MYSQL_SERVER_PORT='3306'
CLAMAV='yes'

Squid.conf

File: 

http_port 127.0.0.1:3129

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320 override-lastmod ignore-reload ignore-no-cache
acl browser_detect req_header Accept-Language [a-zA-Z;]
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl_uses_indirect_client on
follow_x_forwarded_for allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
visible_hostname brazilfw
cache_dir aufs /partition/squid/cache 8762 20 256
coredump_dir /partition/squid/cache
access_log none
cache_store_log none
cache_log /partition/squid/logs/cache.log
pid_filename /var/run/squid.pid
cache_mem 2048 MB
maximum_object_size 50000 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
cache_replacement_policy heap LFUDA
half_closed_clients on
server_persistent_connections off
qos_flows local-hit=0x30

Por favor, podem me ajudar?

Abcs.

Jota

[expertinfo]

Boa Tarde!
Faz um teste colocando esta acl no seu squid:
Em Configurações > Cache em disco > Regras Personalizadas.

Código: Selecionar todos

dns_v4_first on

Recarregue o Squid.

[JotaJunniors]

Obrigado Expert e boa noite.

O que faz esse regra?

Vou testar aqui e aviso.

Abcs.

Jota

[expertinfo]

Obrigado Expert e boa noite.

O que faz esse regra?

Todo dns ipv4, vem primeiro.

[JotaJunniors]

Todo dns ipv4, vem primeiro.

Muito obrigado, não esta mais travando e ficou até mais rápido, mas só apareceu um problema.

Após reiniciar o squid estava capturando os sites acessados em https e depois não ficou mais. Algo influenciou?

Grande abraço

Jota

[expertinfo]

Obrigado, não esta mais travando e ficou até mais rápido, mas só apareceu um problema.

Após reiniciar o squid estava capturando os sites acessados em https e depois não ficou mais. Algo influenciou?

Pela wiki do Squid é que dá preferencia para o IPv4 em detrimento do IPv6.
Fonte:
http://www.squid-cache.org/Doc/config/dns_v4_first/

File: 

With the IPv6 Internet being as fast or faster than IPv4 Internet
	for most networks Squid prefers to contact websites over IPv6.

	This option reverses the order of preference to make Squid contact
	dual-stack websites over IPv4 first. Squid will still perform both
	IPv6 and IPv4 DNS lookups before connecting.

	WARNING:
	  This option will restrict the situations under which IPv6
	  connectivity is used (and tested). Hiding network problems
	  which would otherwise be detected and warned about.

[JotaJunniors]

Expertinfo, bom dia.

Obrigado desde já.

Mas e com relação ao squid não exibir mais os sites https no relatório isso influencia?

Por favor, pode me ajudar?

Abcs.

Jota

[expertinfo]

Mas e com relação ao squid não exibir mais os sites https no relatório isso influencia?

Bom Dia!
No momento não estou podendo ajudar, não estou utilizando tal cenário para testes.

[JotaJunniors]

Bom Dia!
No momento não estou podendo ajudar, não estou utilizando tal cenário para testes.

Tudo bem. Obrigado pela ajuda. Mais alguém pode me ajudar?

[JotaJunniors]

Caros, bom dia.

Problema resolvido.

Refiz as configurações e reiniciei o squid e voltou a capturar o tráfego normalmente, inclusive https.

Obrigado desde já.

Abcs.

Jota