CU 174 installed and working. Even with CU 173 Web Proxy had stopped. Restore BackUp. Have unchecked Clam & URL Filter & Accelerator still Web Proxy under Services is unstopped. Internet connections works. Feedback?
My web proxy was working fine with CU173 and is still working fine with CU174.
Are you saying that the web proxy stays stopped in the services list even after pressing the Save and Restart button at the bottom of the web proxy page.
You need to provide the web proxy logs from Logs - System Logs and then select Web proxy from the Section: drop down box. You can choose All for the days so that it shows the logs for the whole of April.
1 Like
The Port section of the proxy:
80 # http
# 21 # ftp
# 22 Secure shell
# 23 Tenet
# 1080 SOCKS Proxies
# 6660 - 6669 Relay chat
# 161 Small Network Messaging
43 #Whois
42 #Whois
67 #DHCP
68 #DHCP
443 # https
444 # BlockList
# 563 # news
# 70 # gopher
# 210 # wais
1025-1079 # unregistered ports
1081 - 6659 # unregistered ports
6670 - 65535 # unregistered ports
# 280 # http-mgmt
# 488 # gss-http
# 591 # filemaker
# 777 # multiling http
800 # Squids port (for icons)
3128 # SQUID
500 #Proton
631 #Parallel
Here is the ALL April month. Apparently the problem began after the 18th. The last BackUp is dated the 17th. The change made concerned Blocking Some ports. If a Port is not referenced it is automatically blacked?
| Time | Section | |
|---|---|---|
| 01/18:34:18 | squid[6393]: | Squid Parent: squid-1 process 6395 exited with status 0 |
| 01/18:34:19 | squid: | squid shutdown time: 6 seconds |
| 01/18:34:25 | squid[4256]: | Squid Parent: will start 1 kids |
| 01/18:34:25 | squid[4256]: | Squid Parent: (squid-1) process 4260 started |
| 01/18:34:25 | squid[4256]: | Squid Parent: squid-1 process 4260 exited with status 0 |
| 01/18:34:26 | squid[4455]: | Squid Parent: will start 1 kids |
| 01/18:34:26 | squid[4455]: | Squid Parent: (squid-1) process 4457 started |
| 02/16:37:30 | squid[4455]: | Squid Parent: squid-1 process 4457 exited with status 0 |
| 02/16:37:30 | squid: | squid shutdown time: 6 seconds |
| 02/16:37:35 | squid[3041]: | Squid Parent: will start 1 kids |
| 02/16:37:35 | squid[3041]: | Squid Parent: (squid-1) process 3044 started |
| 02/16:37:35 | squid[3041]: | Squid Parent: squid-1 process 3044 exited with status 0 |
| 02/16:37:36 | squid[3054]: | Squid Parent: will start 1 kids |
| 02/16:37:36 | squid[3054]: | Squid Parent: (squid-1) process 3056 started |
| 06/11:08:56 | squid[6403]: | Squid Parent: will start 1 kids |
| 06/11:08:56 | squid[6403]: | Squid Parent: (squid-1) process 6406 started |
| 06/11:08:56 | squid[6403]: | Squid Parent: squid-1 process 6406 exited with status 0 |
| 06/11:08:57 | squid[6415]: | Squid Parent: will start 1 kids |
| 06/11:08:57 | squid[6415]: | Squid Parent: (squid-1) process 6417 started |
| 16/11:21:58 | squid[6415]: | Squid Parent: squid-1 process 6417 exited with status 0 |
| 16/11:21:58 | squid: | squid shutdown time: 6 seconds |
| 16/11:22:04 | squid[19243]: | Squid Parent: will start 1 kids |
| 16/11:22:04 | squid[19243]: | Squid Parent: (squid-1) process 19246 started |
| 16/11:22:04 | squid[19243]: | Squid Parent: squid-1 process 19246 exited with status 0 |
| 16/11:22:05 | squid[19255]: | Squid Parent: will start 1 kids |
| 16/11:22:05 | squid[19255]: | Squid Parent: (squid-1) process 19257 started |
| 17/17:29:25 | squid[6410]: | Squid Parent: will start 1 kids |
| 17/17:29:25 | squid[6410]: | Squid Parent: (squid-1) process 6413 started |
| 17/17:29:25 | squid[6410]: | Squid Parent: squid-1 process 6413 exited with status 0 |
| 17/17:29:26 | squid[6422]: | Squid Parent: will start 1 kids |
| 17/17:29:26 | squid[6422]: | Squid Parent: (squid-1) process 6424 started |
| 17/18:58:49 | squid: | FATAL: Bungled /etc/squid/squid.conf line 53: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 17/18:58:55 | squid[6422]: | Squid Parent: squid-1 process 6424 exited with status 0 |
| 17/18:59:01 | squid: | FATAL: Bungled /etc/squid/squid.conf line 53: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 17/18:59:01 | squid: | FATAL: Bungled /etc/squid/squid.conf line 53: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 18/07:02:49 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 18/07:02:49 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 18/07:05:48 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 18/07:05:48 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 18/07:06:57 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 18/07:06:57 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 20/09:47:55 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 20/09:49:07 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:53:34 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:55:27 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:56:08 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:56:44 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:56:44 | squid: | FATAL: Bungled /etc/squid/squid.conf line 54: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:57:13 | squid: | FATAL: Bungled /etc/squid/squid.conf line 55: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:57:13 | squid: | FATAL: Bungled /etc/squid/squid.conf line 55: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/17:59:51 | squid: | FATAL: Bungled /etc/squid/squid.conf line 46: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/18:06:57 | squid: | FATAL: Bungled /etc/squid/squid.conf line 46: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/18:06:57 | squid: | FATAL: Bungled /etc/squid/squid.conf line 46: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/18:14:59 | squid: | FATAL: Bungled /etc/squid/squid.conf line 46: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/18:14:59 | squid: | FATAL: Bungled /etc/squid/squid.conf line 46: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/18:16:04 | squid: | FATAL: Bungled /etc/squid/squid.conf line 45: acl Safe_ports port 1025 - 65535 |
| 21/18:40:32 | squid: | FATAL: Bungled /etc/squid/squid.conf line 45: acl Safe_ports port 1025 - 65535 |
| 21/18:40:32 | squid: | FATAL: Bungled /etc/squid/squid.conf line 45: acl Safe_ports port 1025 - 65535 |
| 21/18:44:06 | squid: | FATAL: Bungled /etc/squid/squid.conf line 45: acl Safe_ports port 1025 - 65535 |
| 21/18:44:06 | squid: | FATAL: Bungled /etc/squid/squid.conf line 45: acl Safe_ports port 1025 - 65535 |
| 21/18:44:14 | squid: | FATAL: Bungled /etc/squid/squid.conf line 45: acl Safe_ports port 1025 - 65535 |
| 21/18:44:14 | squid: | FATAL: Bungled /etc/squid/squid.conf line 45: acl Safe_ports port 1025 - 65535 |
| 21/18:44:31 | squid: | FATAL: Bungled /etc/squid/squid.conf line 43: acl Safe_ports port 1025 - 65535 |
| 21/18:48:31 | squid: | FATAL: Bungled /etc/squid/squid.conf line 43: acl Safe_ports port 1025 - 65535 |
| 21/18:48:31 | squid: | FATAL: Bungled /etc/squid/squid.conf line 43: acl Safe_ports port 1025 - 65535 |
| 21/18:50:18 | squid: | FATAL: Bungled /etc/squid/squid.conf line 38: acl Safe_ports port 1 - 65535 |
| 21/18:53:52 | squid: | FATAL: Bungled /etc/squid/squid.conf line 38: acl Safe_ports port 1 - 65535 |
| 21/20:13:07 | squid: | FATAL: Bungled /etc/squid/squid.conf line 53: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/20:13:07 | squid: | FATAL: Bungled /etc/squid/squid.conf line 53: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/20:20:34 | squid: | FATAL: Bungled /etc/squid/squid.conf line 53: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 21/20:20:34 | squid: | FATAL: Bungled /etc/squid/squid.conf line 53: acl Safe_ports port 1081 - 6659 # unregistered ports |
| 22/05:07:30 | squid: | FATAL: Bungled /etc/squid/squid.conf line 52: acl Safe_ports port 1025 - 1079 #u nregistered ports |
| 22/05:12:13 | squid: | FATAL: Bungled /etc/squid/squid.conf line 41: acl Safe_ports port 6660 - 6669 #R elay chat |
| 22/05:12:24 | squid: | FATAL: Bungled /etc/squid/squid.conf line 41: acl Safe_ports port 6660 - 6669 #R elay chat |
| 22/05:12:24 | squid: | FATAL: Bungled /etc/squid/squid.conf line 41: acl Safe_ports port 6660 - 6669 #R elay chat |
| 22/05:12:47 | squid: | FATAL: Bungled /etc/squid/squid.conf line 41: acl Safe_ports port 6660 - 6669 #R elay chat |
| 22/05:18:37 | squid: | FATAL: Bungled /etc/squid/squid.conf line 41: acl Safe_ports port 6660 - 6669 #R elay chat |
| 22/05:20:54 | squid: | FATAL: Bungled /etc/squid/squid.conf line 48: acl Safe_ports port 6660 - 6669 #R elay chat |
| 22/05:25:18 | squid: | FATAL: Bungled /etc/squid/squid.conf line 57: acl Safe_ports port 1025 - 1079 #u nregistered ports |
| 22/05:27:04 | squid: | FATAL: Bungled /etc/squid/squid.conf line 57: acl Safe_ports port 1025 - 1079 #u nregistered ports |
| 22/05:46:49 | squid: | FATAL: Bungled /etc/squid/squid.conf line 57: acl Safe_ports port 1025 - 1079 #u nregistered ports |
| 22/05:46:50 | squid: | FATAL: Bungled /etc/squid/squid.conf line 57: acl Safe_ports port 1025 - 1079 #u nregistered ports |
| 22/05:48:38 | squid: | FATAL: Bungled /etc/squid/squid.conf line 58: acl Safe_ports port 1025 - 1079 #u nregistered ports |
Clearly squid thinks that there are errors in some of the ports definitions.
I think the problem may be that for some of your port ranges you have whitespace in the range.
I believe that the last two lines should be like the first port range, with no spaces in the range. At least worth a try.
It is how the overview of the default ports is shown in the wiki Destination ports page.
You also have
which would be covered by the 1081-6659 range.
Not sure how squid treats port acl entries that are covered by other entries.
EDIT:
Just tested it out and can confirm that if you have whitespace in the port range the web proxy stops and you get the FATAL: Bungled message
Removing the white space and restarting the web proxy resulted in it working again.
3 Likes
A+
Has anyone compiled a list of Ports to Block a Dangerous
Has anyone compiled a list of minimalistic Ports
The ports listed in the Destination ports boxes are the ones that have been allowed. The default list that IPFire has when first installed -
Allowed standard Ports (one per line) Allowed SSL Ports (one per line)
80 # http 443 # https
21 # ftp 563 # snews
443 # https
563 # snews
70 # gopher
210 # wais
1025-65535 # unregistered ports
280 # http-mgmt
488 # gss-http
591 # filemaker
777 # multiling http
800 # Squids port (for icons)
are the minimal set you need for the web proxy to work.
You should only allow more ports in those boxes when you discover you need them to be used for some traffic that you require.
For instance I needed to add a port number to the Allowed SSL Ports box for a connection to a Plex server at another location.
That addition is the only one on top of the default allowed ports that I have on my system. Everything else is Not Allowed in the Web Proxy.
2 Likes
Are the Ports of reference for Incoming or OutGoing or Both? In the present configuration I have rem-out ports which do not appear necessary for my daily use. Is there a harm in doing that:
80 # http
21 # ftp
563 # snews
70 # gopher
210 # wais
If you are not using those protocols then there is no harm in removing them.
So for example if you don’t use Usenet then you don’t need 563 # snews
The worst that will happen if you remove something you need is that the traffic will not be allowed out and if you identify a port you need to access for outgoing web browsing then you can always add it back in.
This is for outgoing traffic related to web browsing. Any outgoing traffic sets up a connection which allows the responses from the website back to you because it’s part of the communication you triggered.
Incoming traffic is by default blocked and if you want it to be opened you have to create a firewall rule / port forward rule to do that. Generally this would only be needed if you had a web server or a mail server or something similar in your network that required to be accessed from the internet.