[squid-users] Squid and ICMP

Alex K rightkicktech at gmail.com
Tue Aug 7 18:34:52 UTC 2018 

Thanx Amos,

It is clear.

Alex

On Tue, Aug 7, 2018 at 9:20 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 08/08/18 04:56, Alex K wrote:
> > Hi all,
> >
> > I have a box with fairly restrictive firewall.
> > I see that the box blocks connections of squid to the requested sites
> > when squid tries to reach/send ICMP to them:
> >
> > 2018/08/07 16:51:57| Error sending to ICMP packet to 213.133.127.247.
> > ERR: (1) Operation not permitted
> > 2018/08/07 16:51:59| Error sending to ICMP packet to 194.55.30.166. ERR:
> > (1) Operation not permitted
> > 2018/08/07 16:52:00| Error sending to ICMP packet to 93.184.220.29. ERR:
> > (1) Operation not permitted
> > 2018/08/07 16:52:00| Error sending to ICMP packet to 72.21.202.25. ERR:
> > (1) Operation not permitted
> > 2018/08/07 16:52:02| Error sending to ICMP packet to 54.182.206.90. ERR:
> > (1) Operation not permitted
> > 2018/08/07 16:52:18| Error sending to ICMP packet to 54.239.220.40. ERR:
> > (1) Operation not permitted
> > 2018/08/07 16:52:18| Error sending to ICMP packet to 62.38.6.83. ERR:
> > (1) Operation not permitted
> > 2018/08/07 16:52:20| Error sending to ICMP packet to 13.32.16.243. ERR:
> > (1) Operation not permitted
> >
> > Anyone knows why squid is sending ICMP?
>
> To find the fastest route for its outbound HTTP messages when cache_peer
> are used, and to bootstrap the ARP and MTU discovery processes before
> server TCP connections have to use the information they provide.
>
> > Is this needed?
>
> Maybe. You can safely configure "pinger_enable off" if you don't care
> about a small (few milli- or micro-seconds) latency increase on TCP
> connection setup.
>
> Please note however that ICMP is not an optional protocol. It is
> mandatory for correct working of TCP. Only a few things like these echo
> packets are safely blocked.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180807/631deb3e/attachment-0001.html>

More information about the squid-users mailing list