[squid-users] tcp_outgoing_address and ICAP server

Marcus Kool marcus.kool at urlfilterdb.com
Wed Jan 21 21:11:44 UTC 2015


I am using Squid 3.4.9 and have an issue with tcp_outgoing_address.

The Squid server is connceted to the internet with multiple NICs and uses
    tcp_outgoing_address a.public.IP.address

and also want to use an ICAP server on the same host using

icap_service  reqmod_urlfilterdb   reqmod_precache   icap://a.local.ip.address:1344/reqmod_icapd  bypass=off  routing=on  on-overload=wait ipv6=off

It seems that Squid binds the connection to the ICAP server the same way it binds
connections to webservers using the rule with tcp_outgoing_address
and that it not desired nor workable.

I tried

acl myicaphost dst a.local.ip.address
tcp_outgoing_address a.public.IP.address !myicaphost

but Squid issues the following errors:
2015/01/21 21:58:32 kid1| WARNING: myicaphost ACL is used in context without an HTTP request. Assuming mismatch.
2015/01/21 21:58:32 kid1| commBind: Cannot bind socket FD 10 to XX.XX.XX.XX: (99) Cannot assign requested address
2015/01/21 21:58:32 kid1| essential ICAP service is down after an options fetch failure: icap://XX.XX.XX.XX:1344/reqmod_icapd [down,!opt]

So the question is how to send web traffic over a specific NIC and traffic to the ICAP server over an other (default?) NIC ?

 From the comments in squid.conf.documented it seems that tcp_outgoing_address is used for traffix to websites so it seems that
the socket to the ICAP server should not be subject to the logic of tcp_outgoing_address.  Is this correct ?

Marcus



More information about the squid-users mailing list