[squid-users] (no subject)

Amos Jeffries squid3 at treenet.co.nz
Fri Oct 18 20:05:48 UTC 2019


On 19/10/19 1:21 am, Vieri Di Paola wrote:
> On Fri, Oct 11, 2019 at 3:50 PM Amos Jeffries wrote:
>>
>> Note that this last entry is about a connection to port 443, whereas the
>> rest of the log is all about traffic to port 80.
>>>
>>> The Squid machine has no issues if I browse the web from command line,
>>> eg. 'links http://www.linuxheadquarters.com' works fine.
>>>
>>> What should I be looking for?
>>
>> TCP/IP level packet routing. Squid is trying to open a TCP connection to
>> that "remote=" server. TCP SYN is sent, and then ... ... ... nothing.
> 
> I noticed the ":80 to :443" flaw in the log, and I don't know why this
> shows up if it's not a redirection.

If you are able to share your config maybe we could help spot something,
both for that and for the timeout issue.


> So I did another test to another destination, and I tried to connect
> to host with IP addr. 104.113.250.104 on port 80.
> Now the log is consistent, but I'm still getting the same connection
> timeout even though I can connect without any issues with an HTTP
> client from the Squid machine itself. If it were a packet routing
> issue, wouldn't the connection time out also with this HTTP client on
> the server itself?

You said Squid used TPROXY. The spoofing of packets causes a different
set of routing tables and rules to be applied than normal server
outgoing traffic.

> 
> Do you see anything fishy in the squid log I've pasted below?
> 

Looks like Squid is doing everything right and the issues is somewhere
between the TCP SYN send and SYN ACK returning.


Amos


More information about the squid-users mailing list