<div dir="ltr"><div>Sure thing. <br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 14, 2020 at 8:32 AM Antony Stone <<a href="mailto:Antony.Stone@squid.open.source.it" target="_blank">Antony.Stone@squid.open.source.it</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tuesday 14 April 2020 at 16:03:19, Chris Bidwell - NOAA Federal wrote:<br>
<br>
> Okay, so I think I'm starting to get somewhere but the connection isn't<br>
> completing. I can see the connection come through my firewall, but the<br>
> handshake doesn't appear to be happening.<br>
<br>
Tell us more about your network setup. Is the firewall between the clients and <br>
Squid, between Squid and the Internet, or do you have both?<br></blockquote><div><br></div><div>There is a firewall between my internal clients and squid. There is a firewall rule allowing tcp/8080 from my clients to the squid server. And from the squid server, it is allowed to the internet. <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Can you do a simple Ping test from a client machine to the Squid server (and <br>
get replies)?<br>
<br>
Can you do the same from the Squid server to some Internet-based web server <br>
(making sure it's one which replies to pings - some machines are badly <br>
configured and don't do this).<br>
<br>
> My squid access log is saying: TCP_MISS/503.<br>
<br>
I'm sure it says a lot more than that, but at least it's an indication that <br>
your client is getting the request through to Squid okay.<br></blockquote><div><br></div><div>Here is the full output of my access.log:</div><div>1586873819.383 0 192.168.226.241 TAG_NONE/409 4108 CONNECT <a href="http://www.nginx.com:443" target="_blank">www.nginx.com:443</a> - HIER_NONE/- text/html </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Assuming the Ping test from Squid to an Internet web server works, what <br>
happens if you try wget, lynx, curl or even telnet to port 80, from the Squid <br>
server to some external web server? Does it indicate that the Squid server <br>
has "Internet access"?<br>
<br>
<br>
Antony.<br></blockquote><div><br></div><div>So after looking further. It looks like when I'm trying to wget from my squid server, which has the two nics (internal and public), it's trying to send it through the internal</div><div>connection. It doesn't seem to want to route through the external nic. <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
-- <br>
Programming is a Dark Art, and it will always be. The programmer is<br>
fighting against the two most destructive forces in the universe:<br>
entropy and human stupidity. They're not things you can always<br>
overcome with a "methodology" or on a schedule.<br>
<br>
- Damian Conway, Perl God<br>
<br>
Please reply to the list;<br>
please *don't* CC me.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div><br style="font-size:12.8px"></div>