<div dir="ltr"><div><div><div>Windows Client - 10.0.0.23 MAC (9d:3a:96)<br><br>root@ISN-PHC-CACHE:/home/support # arp -a<br> (10.0.0.9) at 00:00:0c:07:ac:01 on bge0 THIS IS THE PHYSICAL INTERFACE ON THE ROUTER<br> (10.0.0.10) at 88:5a:92:63:77:81 on bge0 THIS IS THE GATEWAY IP ON THE DESKTOP AND SQUID SERVER<br> (10.0.0.24) at a0:d3:c1:06:a5:c4 on bge0 THIS IS THE SQUID SERVER<br><br><br></div><div>User was trying to access <a href="http://www.espn.com">www.espn.com</a><br><br></div><div>Frame 8 and 9 is where I get my access denied.<br></div></div></div><br>No. Time Source Destination Protocol Length Info<br>
7 0.508041 68.71.212.158 10.0.0.23 TCP
3902 80→42794 [PSH, ACK] Seq=412 Ack=401 Win=65664 Len=1460<br><br>Frame 7: 3902 bytes on wire (31216 bits), 1500 bytes captured (12000 bits)<br> Encapsulation type: Ethernet (1)<br> Arrival Time: Mar 6, 2015 09:41:41.453922000 Eastern Standard Time<br> [Time shift for this packet: 0.000000000 seconds]<br> Epoch Time: 1425652901.453922000 seconds<br> [Time delta from previous captured frame: 0.000118000 seconds]<br> [Time delta from previous displayed frame: 0.000118000 seconds]<br> [Time since reference or first frame: 0.508041000 seconds]<br> Frame Number: 7<br> Frame Length: 3902 bytes (31216 bits)<br> Capture Length: 1500 bytes (12000 bits)<br> [Frame is marked: False]<br> [Frame is ignored: False]<br> [Protocols in frame: eth:ethertype:ip:tcp:http]<br> [Coloring Rule Name: HTTP]<br> [Coloring Rule String: http || tcp.port == 80 || http2]<br>Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)<br> Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)<br> Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)<br> Type: IP (0x0800)<br>Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)<br> Version: 4<br> Header Length: 20 bytes<br> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))<br> Total Length: 1500<br> Identification: 0x2222 (8738)<br> Flags: 0x02 (Don't Fragment)<br> Fragment offset: 0<br> Time to live: 64<br> Protocol: TCP (6)<br> Header checksum: 0x0000 [validation disabled]<br> Source: 68.71.212.158 (68.71.212.158)<br> Destination: 10.0.0.23 (10.0.0.23)<br> [Source GeoIP: Unknown]<br> [Destination GeoIP: Unknown]<br>Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 412, Ack: 401, Len: 1460<br><br>No. Time Source Destination Protocol Length Info<br>
8 0.508073 68.71.212.158 10.0.0.23 TCP
170 [TCP Previous segment not captured] [TCP segment of a reassembled
PDU]<br><br>Frame 8: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)<br> Encapsulation type: Ethernet (1)<br> Arrival Time: Mar 6, 2015 09:41:41.453954000 Eastern Standard Time<br> [Time shift for this packet: 0.000000000 seconds]<br> Epoch Time: 1425652901.453954000 seconds<br> [Time delta from previous captured frame: 0.000032000 seconds]<br> [Time delta from previous displayed frame: 0.000032000 seconds]<br> [Time since reference or first frame: 0.508073000 seconds]<br> Frame Number: 8<br> Frame Length: 170 bytes (1360 bits)<br> Capture Length: 170 bytes (1360 bits)<br> [Frame is marked: False]<br> [Frame is ignored: False]<br> [Protocols in frame: eth:ethertype:ip:tcp]<br> [Coloring Rule Name: Bad TCP]<br> [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]<br>Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)<br> Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)<br> Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)<br> Type: IP (0x0800)<br>Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)<br> Version: 4<br> Header Length: 20 bytes<br> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))<br> Total Length: 156<br> Identification: 0x2223 (8739)<br> Flags: 0x02 (Don't Fragment)<br> Fragment offset: 0<br> Time to live: 64<br> Protocol: TCP (6)<br> Header checksum: 0x0000 [validation disabled]<br> Source: 68.71.212.158 (68.71.212.158)<br> Destination: 10.0.0.23 (10.0.0.23)<br> [Source GeoIP: Unknown]<br> [Destination GeoIP: Unknown]<br>Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 4260, Ack: 401, Len: 116<br><br>No. Time Source Destination Protocol Length Info<br>
9 0.508835 10.0.0.23 68.71.212.158 TCP
60 [TCP ACKed unseen segment] 42794→80 [ACK] Seq=401 Ack=3332
Win=65536 Len=0<br><br>Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)<br> Encapsulation type: Ethernet (1)<br> Arrival Time: Mar 6, 2015 09:41:41.454716000 Eastern Standard Time<br> [Time shift for this packet: 0.000000000 seconds]<br> Epoch Time: 1425652901.454716000 seconds<br> [Time delta from previous captured frame: 0.000762000 seconds]<br> [Time delta from previous displayed frame: 0.000762000 seconds]<br> [Time since reference or first frame: 0.508835000 seconds]<br> Frame Number: 9<br> Frame Length: 60 bytes (480 bits)<br> Capture Length: 60 bytes (480 bits)<br> [Frame is marked: False]<br> [Frame is ignored: False]<br> [Protocols in frame: eth:ethertype:ip:tcp]<br> [Coloring Rule Name: Bad TCP]<br> [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]<br>Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)<br> Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)<br> Source: Cisco_63:77:81 (88:5a:92:63:77:81)<br> Type: IP (0x0800)<br> Padding: aaaa0000aaaa<br>Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)<br> Version: 4<br> Header Length: 20 bytes<br> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))<br> Total Length: 40<br> Identification: 0x572a (22314)<br> Flags: 0x02 (Don't Fragment)<br> Fragment offset: 0<br> Time to live: 127<br> Protocol: TCP (6)<br> Header checksum: 0x81a9 [validation disabled]<br> Source: 10.0.0.23 (10.0.0.23)<br> Destination: 68.71.212.158 (68.71.212.158)<br> [Source GeoIP: Unknown]<br> [Destination GeoIP: Unknown]<br>Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 401, Ack: 3332, Len: 0</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 6, 2015 at 8:57 AM, Antony Stone <span dir="ltr"><<a href="mailto:Antony.Stone@squid.open.source.it" target="_blank">Antony.Stone@squid.open.source.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Friday 06 March 2015 at 14:50:50 (EU time), Monah Baki wrote:<br>
<br>
> <a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf" target="_blank">http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf</a><br>
><br>
> So something else is missing?<br>
<br>
</span>Can you run a packet sniffer on the proxy, to see what packets come in (noting<br>
the MAC address of the previous hop), what packets go out (to what<br>
address/es), and whether they then seem to come back in again (and if so, from<br>
which MAC address)?<br>
<br>
That might give you a clue as to where the forwarding loop is being created.<br>
<br>
<br>
Regards,<br>
<br>
<br>
Antony.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
How I want a drink, alcoholic of course, after the heavy chapters involving<br>
quantum mechanics.<br>
<br>
- mnemonic for 3.14159265358979<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
Please reply to the list;<br>
please *don't* CC me.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div>