Squid stop working!!
Paul Howarth
paul at city-fan.org
Mon Jul 17 17:31:21 UTC 2006
Tim wrote:
> Guillermo Garron:
>>>> on the /var/log/messages
>>>> it says that squid can not open the ICP port (UDP 3130)
>>>> on the
>>>> /var/log/cache.log
>>>> it says
>>>> commBind: cannot bind socket FD 13 to *:3130 (13) Permission denied
>
>
> Paul Howarth:
>>> This looks like an SELInux problem, like this one:
>>> http://www.redhat.com/archives/fedora-selinux-list/2006-July/msg00037.html
>
> On Sun, 2006-07-16 at 08:28 -0400, Guillermo Garron wrote:
>> that was easy!!!
>> thanks, i had never think about SELinux, as i configured it for
>> letting squid work :) in the squid option of the
>> systemc-config-security level -SELinux tab- so i thought that was all.
>>
>> ok, no i finally turn off SELinux :),
>
> I'd recommend configuring it properly, rather than disabling it. Squid
> usually works on port 3128, and the SELinux presets for allowing Squid
> to work would be configured for it, not 3130. That's probably why
> you're having problems. There's two fairly simple solutions: I think
> the easiest would be to run Squid on port 3128. Alternatively, you
> could customise the SELinux rule for port 3130.
Squid actually uses a number of ports and this is normal behaviour; it's
a policy bug.
> I can't offer advice on how to do the second one, I haven't studied the
> details.
I've put together a brief introduction to doing this here:
http://www.city-fan.org/tips/BuildSeLinuxPolicyModules
Comments welcome.
Note that this particular problem has already been pushed upstream and
should be fixed in the next policy update.
Paul.
More information about the fedora-list
mailing list