[squid-users] Squid Proxy with simple iptable rule ...

Arsalan Hussain arsalan at preston.edu.pk
Thu Apr 13 12:39:47 UTC 2017 

Dear All,

Two things i want to share what i observed but didn't understand.

1-  it happens to HTTPS 443 websites like facebook, youtube, google mail
2-  it is squid configuration problem, because when i stop iptables the
same problem arise.

as given below access.log entries.  website give Error:
1492086861.068  33508 192.168.5.178 TAG_NONE/503 0 CONNECT
plus.google.com:443 - HIER_NONE/- -
1492086861.068  33506 192.168.5.178 TAG_NONE/503 0 CONNECT
connect.facebook.net:443 - HIER_NONE/- -
1492086861.068  32960 192.168.5.178 TAG_NONE/503 0 CONNECT
www.youtube.com:443 - HIER_NONE/- -
1492086861.068  30685 192.168.5.178 TAG_NONE/503 0 CONNECT
www.centos.org:443 - HIER_NONE/- -
1492086861.068  30659 192.168.5.178 TAG_NONE/503 0 CONNECT m.addthis.com:443
- HIER_NONE/- -
1492086861.068  30658 192.168.5.178 TAG_NONE/503 0 CONNECT
www.spinics.net:443 - HIER_NONE/- -


Interesting fact is that, after next refresh or open in new tab
(Mozila/Chrome) , The same website gets open fine after a while.

Really confusing one because sometime working and some time problem.

On Thu, Apr 13, 2017 at 4:46 PM, Arsalan Hussain <arsalan at preston.edu.pk>
wrote:

> Dear All,
>
> I am facing problem with iptable rules for squid 3.5.23. my simple squid
> configuration is attached and also iptable rules.
>
> It works fine when i restart squid, iptables, network services but after a
> while it give problem of slow speed or even rejecting packets in squid
> access.log
>
>  0 192.168.6.129 TAG_NONE/503 0 CONNECT s.youtube.com:443 -HIER_NONE/- -
>  0 192.168.6.129 TAG_NONE/503 0 CONNECT s.youtube.com:443 - HIER_NONE/- -
>
> when these kind entries shows in access.log websites do not open to user
> and they received message refused by proxy. (a routine access.log entries
> attached).
>
> If somebody assists me in this problem to solve it.
>
> With Regards,
>
>
> *Arsalan Hussain*
> *If you are too lazy to plow now, don't expect a harvest, later*
>



-- 
With Regards,


*Arsalan Hussain*
*Assistant Director, Networks & Information System*

*PRESTON UNIVERSITY*
Add: Plot: 85, Street No: 3, Sector H-8/1, Islamabad, Pakistan
Cell: +92-322-5018611
UAN: (51) 111-707-808 (Ext: 443)
*If you are too lazy to plow now, don't expect a harvest, later*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170413/88cca156/attachment.html>

More information about the squid-users mailing list