[squid-users] Two connections per client
Amos Jeffries
squid3 at treenet.co.nz
Wed Mar 16 13:07:55 UTC 2016
On 17/03/2016 1:57 a.m., Amos Jeffries wrote:
> On 17/03/2016 1:25 a.m., Chris Nighswonger wrote:
>> On Wed, Mar 16, 2016 at 1:03 AM, Amos Jeffries wrote:
>>
>>> On 16/03/2016 12:38 p.m., Chris Nighswonger wrote:
>>>> Why does netstat show two connections per client connection to Squid:
>>>>
>>>> tcp 0 0 127.0.0.1:3128 127.0.0.1:34167
>>>> ESTABLISHED
>>>> tcp 0 0 127.0.0.1:34167 127.0.0.1:3128
>>>> ESTABLISHED
>>>>
>>>> In this case, there is a content filter running in front of Squid on the
>>>> same box. The same netstat command filtered on the content filter port
>>>> shows only one connection per client:
>>>>
>>>> tcp 0 0 192.168.x.x:8080 192.168.x.y:1310
>>> ESTABLISHED
>>>>
>>>
>>> Details of your Squid configuration are needed to answer that.
>>>
>>
>>
>> Here it is. I've stripped out all of the acl lines to reduce the length:
>>
>> tcp_outgoing_address 184.x.x.x
>> http_port 127.0.0.1:3128
>
> It would seem that it is not Squid making those connections outbound
> from 127.0.0.1:3128. Squid uses that 184.x.x.x address with random
> source ports for *all* its outbound connections.
Ah, just had an idea. Do you have IDENT protocol in those ACLs you elided?
IDENT makes a reverse connection back to the client to find the identity.
Amos
More information about the squid-users
mailing list