[squid-users] TCP-MISS 503 for wrong destination ip

Antony Stone Antony.Stone at squid.open.source.it
Tue Nov 24 12:41:34 UTC 2015

On Tuesday 24 November 2015 at 13:34:51, Ahmad Alzaeem wrote:

> Well , what I have done is :
> I configured squid http_port xx and http_port xxy intercept
> And uses iptables to redirect http & https to squid ports

1. Have you fixed DNS so that clients are now resolving the correct addresses 
for destination servers?

2. Are you performing NAT *only* on the machine where Squid is running?

> But it don’t work and I have logs :
> 1448121527.423 TCP_MISS/503 4183 GET http://cnn.com/ -
> ORIGINAL_DST/ text/html 1448121554.217
> TCP_MISS/503 4771 GET http://cnn.com/ - ORIGINAL_DST/
> text/html 1448121555.574 TCP_MISS/503 4685 GET
> http://cnn.com/favicon.ico - ORIGINAL_DST/ text/html
> As u see the ds tip is wrong and its spoofed with

Do you know where that IP address comes from?  Is your DNS still broken, is 
this the IP address of the Squid server, does it mean anythign at all in your 

> So how to let squid bypass checking it ?

It's not a matter of bypassing Squid checking it - it's a matter of making it 
correct so that the checks do not fail.

> Is my way above wrong ?

I think so, but please answer the questions above so we can be more sure.

> U say we need proxy mode ??
> How should I implement proxy mode since user will not put ip:port in his
> browser

Use DHCP options and/or WPAD.

> Thanks a lot for helping

Please do not reply to (or CC) me - please just reply to the list.



"Black holes are where God divided by zero."

 - Steven Wright

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list