Home Bugsology PCLinuxOS and Squid netmask warnings…

PCLinuxOS and Squid netmask warnings…

, , ,

Hi all.

I have downloaded and configured Squid using PCLinuxOS Control Center…

PCLinuxOS Control Center aka Configure Your Computer

All was well and everything was working just fine however I was receiving silly netmask warnings and some security notifications…

[root@icsserver andrzejl]# service squid restart
Stopping squid: 2012/01/14 19:31:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/01/14 19:31:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/01/14 19:31:49| WARNING: For now we will assume you meant to write /24
2012/01/14 19:31:49| aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in ‘192.168.0.1/255.255.255.0’
2012/01/14 19:31:49| ERROR: ‘0.0.0.0/0.0.0.0’ needs to be replaced by the term ‘all’.
2012/01/14 19:31:49| SECURITY NOTICE: Overriding config setting. Using ‘all’ instead.
2012/01/14 19:31:49| WARNING: (B) ‘::/0’ is a subnetwork of (A) ‘::/0’
2012/01/14 19:31:49| WARNING: because of this ‘::/0’ is ignored to keep splay tree searching predictable
2012/01/14 19:31:49| WARNING: You should probably remove ‘::/0’ from the ACL named ‘all’
2012/01/14 19:31:49| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/01/14 19:31:49| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/01/14 19:31:49| WARNING: For now we will assume you meant to write /32
…. [ OK ]
init_cache_dir … Starting squid: . [ OK ]
[root@icsserver andrzejl]#

Squid worked as expected but the annoying warnings would not let me forget about the whole thing… So I have decided to investigate.

As it turns out those are the errors that occur when You are using squd 3 with a squid 2 config file…

PCLinuxOS has squid 3 in the repos…

[andrzejl@icsserver ~]$ rpm -qa | grep squid
squid-3.1.16-1pclos2011
[andrzejl@icsserver ~]$

BUT the beginning of it’s config file says…

# WELCOME TO SQUID 2

this calls for few changes in the squid config file which in PCLinuxOS can be found here:

/etc/squid/squid.conf

First we have to find out what CIDR is…

With this knowledge we can start editing squid config file as root.

This line:

acl mynetwork src 192.168.0.1/255.255.255.0

was changed to

acl mynetwork src 192.168.0.0/24

and the amount of warnings was reduced significantly:

[root@icsserver andrzejl]# service squid restart
Stopping squid: 2012/01/14 19:36:11| ERROR: ‘0.0.0.0/0.0.0.0’ needs to be replaced by the term ‘all’.
2012/01/14 19:36:11| SECURITY NOTICE: Overriding config setting. Using ‘all’ instead.
2012/01/14 19:36:11| WARNING: (B) ‘::/0’ is a subnetwork of (A) ‘::/0’
2012/01/14 19:36:11| WARNING: because of this ‘::/0’ is ignored to keep splay tree searching predictable
2012/01/14 19:36:11| WARNING: You should probably remove ‘::/0’ from the ACL named ‘all’
2012/01/14 19:36:11| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/01/14 19:36:11| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/01/14 19:36:11| WARNING: For now we will assume you meant to write /32
…. [ OK ]
init_cache_dir … Starting squid: . [ OK ]
[root@icsserver andrzejl]#

Next I removed this line

acl all src 0.0.0.0/0.0.0.0

which is built in the Squid anyway…

This reduces the warning messages even more:

[root@icsserver andrzejl]# service squid restart
Stopping squid: 2012/01/14 19:39:14| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2012/01/14 19:39:14| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2012/01/14 19:39:14| WARNING: For now we will assume you meant to write /32
…. [ OK ]
init_cache_dir … Starting squid: . [ OK ]
[root@icsserver andrzejl]#

Final step is to edit this line:

acl localhost src 127.0.0.1/255.255.255.255

to read

acl localhost src 127.0.0.1/32

After editing the config file squid is restarting without any warning and everything is “peachy”…

[root@icsserver andrzejl]# service squid restart
Stopping squid: …. [ OK ]
init_cache_dir … Starting squid: . [ OK ]
[root@icsserver andrzejl]#

My config file contains few extra modifications. Please use it if You feel like it after editing it to reflect Your network settings.

Hope this helps somebody someday.

Regards.

Andy

AndrzejL

"Never meet Your heroes. Most of the time you'll only end up disappointed." White Polak Male Husband Employee Hetero Carnivorous Fugly Geek @$$hole with ADD Catholic “Some men just want to watch the world burn.”

Comments are closed.