[squid-users] ERR_CONNECT_FAIL 110

Alfredo Rezinovsky alfrenovsky at gmail.com
Sat Dec 20 21:12:03 UTC 2014 

El 19/12/14 a las 12:53, Amos Jeffries escibiĆ³:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 20/12/2014 4:21 a.m., Alfredo Rezinovsky wrote:
>> I have a few TPROXY implementations with squid. In only one of
>> them recently I'm getting lots of: "x-squid-error: ERR_CONNECT_FAIL
>> 110" and some 504 timeouts.
>>
>> Squid Cache: Version 3.4.10-20141218-r13197 configure options:
>> '--prefix=/opt/sepia/squid' '--sysconfdir=/var/lib/sepia/'
>> '--disable-auth' '--disable-auto-locale' '--disable-cache-digests'
>> '--disable-cpu-profiling' '--disable-debug-cbdata'
>> '--disable-delay-pools' '--disable-devpoll' '--disable-ecap'
>> '--disable-esi' '--disable-eui' '--disable-external-acl-helpers'
>> '--disable-follow-x-forwarded-for' '--disable-forw-via-db'
>> '--enable-gnuregex' '--disable-htcp' '--disable-icap-client'
>> '--disable-ident-lookups' '--enable-internal-dns'
>> '--disable-ipf-transparent' '--disable-ipfw-transparent'
>> '--disable-ipv6' '--disable-leakfinder' '--disable-pf-transparent'
>> '--disable-poll' '--disable-select' '--disable-snmp' '--enable-ssl'
>> '--disable-stacktraces' '--disable-translation'
>> '--disable-url-rewrite-helpers' '--disable-wccp' '--disable-wccpv2'
>> '--disable-win32-service' '--disable-x-accelerator-vary'
>> '--disable-icmp' '--disable-storeid-rewrite-helpers'
>> '--enable-async-io' '--enable-disk-io' '--enable-epoll'
>> '--enable-http-violations' '--enable-inline'
>> '--enable-kill-parent-hack' '--enable-linux-netfilter'
>> '--enable-log-daemon-helpers' '--enable-removal-policies'
>> '--enable-storeio' '--enable-unlinkd'
>> '--enable-x-accelerator-vary' '--enable-zph-qos'
>> '--with-default-user=nobody' '--with-logdir=/var/log/sepia'
>> '--with-pthreads' '--with-included-ltdl'
>> '--with-pidfile=/var/lib/sepia/squid.pid'
>> '--with-netfilter-conntrack' --enable-ltdl-convenience
>>
>> Is a custom compiled squid with everything I don't need disabled.
>>
>> Running in Ubuntu with kernel 3.13.0
>>
>> PMTU from the proxy to both the servers and the clients seems to be
>> 1500.
>>
>> Any clue?
> Nope you omitted the best clues. :-)
>
> The access.log entries matching those errors would be a good start if
> you can identify them.
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUlEnxAAoJELJo5wb/XPRjZ0IIAIw6hUQdmnVtXEF7UU0o5Zp6
> Q3zhRdXfNVuqc7xHgmyakD8UIsLM8lmKb/43qiHqvbU9ZVvg0WslloSS05eDjG6m
> FcTzgeVaQJImiSvkZ2Ei6MGlLgiuxDR4BIUxRWxhhuD7UFvsG8Ese45yM55ivq6C
> ocEThNWHZYbwTsCbKOIZz5Be6pEHVh8EkNAIAl7+/+cnXG6fc7qUPnG471piOu4a
> LNnhJdDqlYhe3vwKcVSN0aIjz+lrtB6tMs4DDT2GpX+LZ6tOIihsCZOHij31M4Z2
> qpVWs4i4r7aKmideSYMsr2SSd9s8zzLGel3ReXuPhKvFZsZOiP8uZtBJEm47n/4=
> =tGQM
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
Shame on me

1419108172.470  29936 172.16.1.2 TCP_MISS_ABORTED/000 0 GET http://www.ibm.com/ - ORIGINAL_DST/172.233.13.247 -
1419108202.446  29971 172.16.1.2 TCP_MISS_ABORTED/000 0 GET http://www.ibm.com/ - ORIGINAL_DST/172.233.13.247 -
1419108212.325  30029 172.16.1.2 TCP_MISS_ABORTED/000 0 GET http://www.ibm.com/ - ORIGINAL_DST/172.233.13.247 -
1419108232.487  30029 172.16.1.2 TCP_MISS_ABORTED/000 0 GET http://www.ibm.com/ - ORIGINAL_DST/172.233.13.247 -
1419108262.453  29814 172.16.1.2 TCP_MISS_ABORTED/000 0 GET http://www.ibm.com/ - ORIGINAL_DST/172.233.13.247 -
1419108294.101  59408 172.16.1.2 TCP_MISS/503 469 GET http://xml.weather.yahoo.com/forecastrss? - ORIGINAL_DST/206.190.43.214 text/html
1419108295.670  60800 172.16.1.2 TCP_MISS/503 469 GET http://download.finance.yahoo.com/d/333.txt? - ORIGINAL_DST/209.191.96.200 text/html

All 503 errors are around 60 seconds.
The same requests works whe the tproxy is not enabled.

More information about the squid-users mailing list