[squid-users] (no subject)

Amos Jeffries squid3 at treenet.co.nz
Fri Oct 18 20:05:48 UTC 2019

On 19/10/19 1:21 am, Vieri Di Paola wrote:
> On Fri, Oct 11, 2019 at 3:50 PM Amos Jeffries wrote:
>> Note that this last entry is about a connection to port 443, whereas the
>> rest of the log is all about traffic to port 80.
>>> The Squid machine has no issues if I browse the web from command line,
>>> eg. 'links http://www.linuxheadquarters.com' works fine.
>>> What should I be looking for?
>> TCP/IP level packet routing. Squid is trying to open a TCP connection to
>> that "remote=" server. TCP SYN is sent, and then ... ... ... nothing.
> I noticed the ":80 to :443" flaw in the log, and I don't know why this
> shows up if it's not a redirection.

If you are able to share your config maybe we could help spot something,
both for that and for the timeout issue.

> So I did another test to another destination, and I tried to connect
> to host with IP addr. on port 80.
> Now the log is consistent, but I'm still getting the same connection
> timeout even though I can connect without any issues with an HTTP
> client from the Squid machine itself. If it were a packet routing
> issue, wouldn't the connection time out also with this HTTP client on
> the server itself?

You said Squid used TPROXY. The spoofing of packets causes a different
set of routing tables and rules to be applied than normal server
outgoing traffic.

> Do you see anything fishy in the squid log I've pasted below?

Looks like Squid is doing everything right and the issues is somewhere
between the TCP SYN send and SYN ACK returning.


More information about the squid-users mailing list