Koozali.org: home of the SME Server

server grinds to a halt

seabro

server grinds to a halt
« on: March 06, 2006, 12:13:59 PM »
hi

if i reboot my server, after about 5 mins uptine it grinds to a halt.

the only way i can bring it back to life is by typing /etc/rc.d/init.d squid stop

i dont know much about linux but i decided on the above course of action after a netstat showed pages and pages of connections to port 'squid'

i dont mind switching off squid each time i boot.. one day i will learn how to stop squid starting but i was wondering in what way is my system infected/compromised that is allowing the whole of the internet to use my squid?

thanks

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: server grinds to a halt
« Reply #1 on: March 06, 2006, 09:08:55 PM »
Quote from: "seabro"

i dont mind switching off squid each time i boot.. one day i will learn how to stop squid starting but i was wondering in what way is my system infected/compromised that is allowing the whole of the internet to use my squid?


That would only happen if you declared the whole Internet to be a local network. Did you do that?

seabro

server grinds to a halt
« Reply #2 on: March 06, 2006, 09:37:13 PM »
thanks charlie.

i had 65000 hosts on a 62.something network which i have now deleted but apart from that I am clean.

the squid connections where coming from other networks than 62. though..

any other ideas?

Offline treyh

  • ***
  • 116
  • +0/-0
    • http://www.wilnet1.com
hmm
« Reply #3 on: March 07, 2006, 10:52:55 PM »
do you have a list of ip's that were connecting to it?
Trey - Network Specialist......

seabro

server grinds to a halt
« Reply #4 on: March 07, 2006, 11:27:19 PM »
Here are some Trey

tcp 0 0 www.blablabla.co:squid 66.72.47.162:2249 SYN_RECV
tcp 0 0 www.blablabla.co:squid 59.56.122.232:3284 SYN_RECV
tcp 0 0 www.blablabla.co:squid 58.49.185.178:18436 SYN_RECV
tcp 0 0 www.blablabla.co:squid 66.36.231.31:3826 SYN_RECV
tcp 0 0 www.blablabla.co:squid 58.49.185.178:31750 SYN_RECV
tcp 0 0 www.blablabla.co:squid 66.36.231.31:2816 SYN_RECV
tcp 0 0 www.blablabla.co:squid 58.49.185.178:52740 SYN_RECV
tcp 0 0 www.blablabla.co:squid 216.91.59.230:54874 SYN_RECV
tcp 0 0 www.blablabla.co:squid 61.244.133.248:3665 SYN_RECV
tcp 0 0 www.blablabla.co:squid 61.244.133.248:3665 SYN_RECV
tcp 0 0 www.blablabla.co:squid 221.226.124.109:4146 SYN_RECV
tcp 0 0 www.blablabla.co:squid cm222-167-19-37.hk:4002 SYN_RECV
tcp 0 0 www.blablabla.co:squid ppp-71-129-207-107:3968 SYN_RECV
tcp 0 0 www.blablabla.co:squid 66.36.231.31:2669 SYN_RECV
tcp 0 0 www.blablabla.co:squid 216.91.59.238:52291
ESTABLISHED
tcp 0 1 www.blablabla.co:51546 172.183.141.228:4662 SYN_SENT
tcp 0 1 www.blablabla.co:squid 221.235.78.62:3497 FIN_WAIT1
tcp 0 0 www.blablabla.co:48350 oasn01b.247realmedi:www
ESTABLISHED
tcp 0 1024 www.blablabla.co:squid 58.Red-213-98-44.:61958
ESTABLISHED
tcp 0 1 www.blablabla.co:squid 61.243.176.38:58583 LAST_ACK
tcp 0 0 www.blablabla.co:51567 e1.member.vip.ukl.y:www
ESTABLISHED
tcp 0 1877 www.blablabla.co:squid 222.129.219.19:4346
ESTABLISHED
tcp 0 1085 www.blablabla.co:squid mo-71-50-31-134.dh:3428 LAST_ACK
tcp 0 1 www.blablabla.co:squid 61.243.176.38:61077 LAST_ACK
tcp 0 1 www.blablabla.co:squid 61.243.176.38:62132 LAST_ACK
tcp 0 0 www.blablabla.co:squid host178-230.pool8:21841
CLOSE_WAIT
tcp 0 630 www.blablabla.co:squid 61.243.176.38:63732 LAST_ACK
tcp 0 0 www.blablabla.co:squid host178-230.pool8:22801
CLOSE_WAIT
tcp 0 0 www.blablabla.co:squid 80.25.64.182:1985
CLOSE_WAIT
tcp 1 1505 www.blablabla.co:squid 61.243.176.38:62676 CLOSING
tcp 0 0 www.blablabla.co:squid host178-230.pool8:23345
CLOSE_WAIT

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
server grinds to a halt
« Reply #5 on: March 08, 2006, 04:37:08 AM »
Quote from: "seabro"

the squid connections where coming from other networks than 62. though..

any other ideas?


Please show us the output of:

/sbin/e-smith/config show squid
/sbin/e-smith/config show masq
/sbin/e-smith/config show SystemMode

seabro

server grinds to a halt
« Reply #6 on: March 08, 2006, 05:51:12 PM »
Thanks for any help you can offer.  Here is requested info.

[root@www root]# /sbin/e-smith/config show squid
squid=service
InitscriptOrder=90
status=enabled

[root@www root]# /sbin/e-smith/config show masq
masq=service
InitscriptOrder=06
Logging=none
Stealth=no
status=disabled

[root@www root]# /sbin/e-smith/config show SystemMode
SystemMode=serveronly

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
server grinds to a halt
« Reply #7 on: March 08, 2006, 06:02:18 PM »
Quote from: "seabro"

[root@www root]# /sbin/e-smith/config show SystemMode
SystemMode=serveronly


Systems in serveronly mode must be protected from direct Internet access by an external firewall. It seems that your system does not have an adequate firewall protecting it.

What does this show:

grep localsrc /etc/squid/squid.conf
grep localdst /etc/squid/squid.conf

?

seabro

server grinds to a halt
« Reply #8 on: March 08, 2006, 06:31:53 PM »
Here you go...

[root@www root]# grep localsrc /etc/squid/squid.conf
acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0 217.45.201.121 81.151.220.4 82.12.116.70 82.6.25.190 86.134.133.211
http_access allow manager localsrc
#http_access allow rule_1 localsrc

[root@www root]# grep localdst /etc/squid/squid.conf
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0 217.45.201.121 81.151.220.4 82.12.116.70 82.6.25.190 86.134.133.211