[squid-users] tcp_outgoing_address and ICAP server
Amos Jeffries
squid3 at treenet.co.nz
Sun Jan 25 16:33:07 UTC 2015
On 26/01/2015 4:59 a.m., Marcus Kool wrote:
>
>
> The debug trace starts with:
> Xaction.cc(133) openConnection: *Adaptation::Icap::OptXact* opens
> connection to 10.10.0.6:1344
> and then
> comm.cc(549) comm_openex: comm_openex: Attempt open socket for:
> *a.public.IP.address*
> comm.cc(590) comm_openex: comm_openex:Opened socket
> local=*a.public.IP.address* remote=[::] FD 10 flags=1 : family=2,
> type=1, protocol=6
>
> so I think it is clear that the socket to the ICAP server on 10.10.0.6
> is bound to the NIC with an external IP address (not obeying the ACL).
>
Okay you need to expand that with debug level 28,3 to see what Squid is
doing with the ACLs.
> I do not understand your statement "I dont know why it was binding".
>
>> Squid only uses
>> bind() if there is an explicit outgoing address required to be used.
>
> Have you considered the possibility of a bug ?
Yes, a bug in the binding would report bind errors opening a socket for
local=[::]. A bug in the ICAP will depend on what the ACL behaviour is.
Amos
More information about the squid-users
mailing list