[squid-users] squid 3.5.19, wccp2, pf and forwarding loop
Mark Davies
mark at ecs.vuw.ac.nz
Mon May 23 04:41:13 UTC 2016
I know this comes up repeatedly but I'm now hitting this and can't see why.
I have a traditional squid setup that works fine for clients that
explicitly point at it but I also want to allow transparent access for some
destinations for only port 80. So I have wccp2 set up between a cisco
switch and the squid to direct the traffic to the box (and that seems to be
happening fine). I have the below pf.conf (This is on NetBSD using PF) on
the box to direct the traffic to the intercept port:
ext_if="wm0"
int_if="bnx0"
set skip on lo0
rdr pass on $int_if inet proto tcp from 130.195.0.0/20 to any port 80 ->
127.0.0.1 port 8081
pass out
pass in
relevant bits of the squid.conf are:
http_port www-cache2:8080
http_port 8081 intercept
wccp2_router 130.195.5.1
wccp2_forwarding_method l2
wccp2_return_method l2
wccp2_assignment_method mask
wccp2_service standard 0
If I try to access a site transparently I get the following in the
access.log:
1463977560.985 3 130.195.5.88 TCP_MISS/403 3945 GET
http://www.easychair.org/easychair.cgi - ORIGINAL_DST/127.0.0.1 text/html
and this in cache.log:
2016/05/23 16:26:00 kid1| WARNING: Forwarding loop detected for:
GET /easychair.cgi HTTP/1.1
Accept: */*
User-Agent: tnftp/20151004
Via: 1.1 www-cache2.ecs.vuw.ac.nz (squid/3.5.19)
X-Forwarded-For: 130.195.5.88
Cache-Control: max-age=259200
Connection: keep-alive
Host: www.easychair.org
so presumably squid is sending out the request in such a way that its
getting fed back into itself (rather than going to www.easychair.org in
this case) but I can't see why that is happening. Any suggestions?
cheers
mark
More information about the squid-users
mailing list