[squid-users] tcp_outgoing_address and ICAP server
Marcus Kool
marcus.kool at urlfilterdb.com
Wed Jan 21 21:11:44 UTC 2015
I am using Squid 3.4.9 and have an issue with tcp_outgoing_address.
The Squid server is connceted to the internet with multiple NICs and uses
tcp_outgoing_address a.public.IP.address
and also want to use an ICAP server on the same host using
icap_service reqmod_urlfilterdb reqmod_precache icap://a.local.ip.address:1344/reqmod_icapd bypass=off routing=on on-overload=wait ipv6=off
It seems that Squid binds the connection to the ICAP server the same way it binds
connections to webservers using the rule with tcp_outgoing_address
and that it not desired nor workable.
I tried
acl myicaphost dst a.local.ip.address
tcp_outgoing_address a.public.IP.address !myicaphost
but Squid issues the following errors:
2015/01/21 21:58:32 kid1| WARNING: myicaphost ACL is used in context without an HTTP request. Assuming mismatch.
2015/01/21 21:58:32 kid1| commBind: Cannot bind socket FD 10 to XX.XX.XX.XX: (99) Cannot assign requested address
2015/01/21 21:58:32 kid1| essential ICAP service is down after an options fetch failure: icap://XX.XX.XX.XX:1344/reqmod_icapd [down,!opt]
So the question is how to send web traffic over a specific NIC and traffic to the ICAP server over an other (default?) NIC ?
From the comments in squid.conf.documented it seems that tcp_outgoing_address is used for traffix to websites so it seems that
the socket to the ICAP server should not be subject to the logic of tcp_outgoing_address. Is this correct ?
Marcus
More information about the squid-users
mailing list